Skip to content
Sign in

Console

Download View as plain text
17:50:23 Started by GitHub push by andreapoli
17:50:23 Running as SYSTEM
17:50:23 Building in workspace /var/lib/jenkins/workspace/GovWay
17:50:23 [WS-CLEANUP] Clean-up disabled, skipping workspace deletion.
17:50:23 The recommended git tool is: NONE
17:50:23 No credentials specified
17:50:23  > /usr/bin/git rev-parse --resolve-git-dir /var/lib/jenkins/workspace/GovWay/.git # timeout=10
17:50:23 Fetching changes from the remote Git repository
17:50:23  > /usr/bin/git config remote.origin.url https://github.com/link-it/govway.git # timeout=10
17:50:24 Fetching upstream changes from https://github.com/link-it/govway.git
17:50:24  > /usr/bin/git --version # timeout=10
17:50:24  > git --version # 'git version 2.47.1'
17:50:24  > /usr/bin/git fetch --tags --force --progress -- https://github.com/link-it/govway.git +refs/heads/*:refs/remotes/origin/* # timeout=10
17:50:24  > /usr/bin/git rev-parse origin/3.4.x^{commit} # timeout=10
17:50:24 Checking out Revision c36f947d03f549045d98a999d3aca36e818ac36a (origin/3.4.x)
17:50:24  > /usr/bin/git config core.sparsecheckout # timeout=10
17:50:24  > /usr/bin/git checkout -f c36f947d03f549045d98a999d3aca36e818ac36a # timeout=10
17:50:25 Commit message: "Predisposto rilascio 3.4.2"
17:50:25  > /usr/bin/git rev-list --no-walk c36f947d03f549045d98a999d3aca36e818ac36a # timeout=10
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 Run condition [Boolean condition] enabling prebuild for step [BuilderChain]
17:50:25 [GovWay] $ /bin/bash /tmp/jenkins9830135180196313588.sh
17:50:25 =============================
17:50:25 General Info
17:50:25 Workspace: /var/lib/jenkins/workspace/GovWay
17:50:25 Build: true
17:50:25 Deploy: true
17:50:25 Test: true
17:50:25 Test Integrazione: true
17:50:25 =============================
17:50:25 
17:50:25 =============================
17:50:25 Environment Info
17:50:25 HOME: /var/lib/jenkins
17:50:25 ANT_OPTS: -Xmx1024m -XX:MaxMetaspaceSize=700m -XX:+UseG1GC
17:50:25 MAVEN_OPTS: 
17:50:25 SOFTHSM2_CONF: /home/ec2-user/lib/softhsm/softhsm2.conf
17:50:25 SONAR_SCANNER_OPTS: 
17:50:25 =============================
17:50:25 
17:50:25 =============================
17:50:25 Java
17:50:25 openjdk version "21.0.7" 2025-04-15 LTS
17:50:25 OpenJDK Runtime Environment Temurin-21.0.7+6 (build 21.0.7+6-LTS)
17:50:25 OpenJDK 64-Bit Server VM Temurin-21.0.7+6 (build 21.0.7+6-LTS, mixed mode, sharing)
17:50:25 =============================
17:50:25 
17:50:25 =============================
17:50:25 Maven
17:50:26 Apache Maven 3.0.5 (Red Hat 3.0.5-17)
17:50:26 Maven home: /usr/share/maven
17:50:26 Java version: 21.0.7, vendor: Eclipse Adoptium
17:50:26 Java home: /opt/openjdk-21.0.7+6
17:50:26 Default locale: en_US, platform encoding: UTF-8
17:50:26 OS name: "linux", version: "4.14.94-89.73.amzn2.x86_64", arch: "amd64", family: "unix"
17:50:26 =============================
17:50:26 
17:50:26 =============================
17:50:26 ANT
17:50:26 Apache Ant(TM) version 1.10.15 compiled on August 25 2024
17:50:26 =============================
17:50:26 
17:50:26 =============================
17:50:26 Git Info
17:50:26 Url: https://github.com/link-it/govway.git
17:50:26 branch: origin/3.4.x
17:50:26 commit: c36f947d03f549045d98a999d3aca36e818ac36a
17:50:26 previuos commit: c36f947d03f549045d98a999d3aca36e818ac36a
17:50:26 previuos successful commit: c36f947d03f549045d98a999d3aca36e818ac36a
17:50:26 commit message: Predisposto rilascio 3.4.2
17:50:26 =============================
17:50:26 
17:50:26 =============================
17:50:26 NODEjs Info
17:50:26 v22.14.0
17:50:27 {
17:50:27   npm: '10.9.2',
17:50:27   node: '22.14.0',
17:50:27   acorn: '8.14.0',
17:50:27   ada: '2.9.2',
17:50:27   amaro: '0.3.0',
17:50:27   ares: '1.34.4',
17:50:27   brotli: '1.1.0',
17:50:27   cjs_module_lexer: '1.4.1',
17:50:27   cldr: '46.0',
17:50:27   icu: '76.1',
17:50:27   llhttp: '9.2.1',
17:50:27   modules: '127',
17:50:27   napi: '10',
17:50:27   nbytes: '0.1.1',
17:50:27   ncrypto: '0.0.1',
17:50:27   nghttp2: '1.64.0',
17:50:27   nghttp3: '1.6.0',
17:50:27   ngtcp2: '1.10.0',
17:50:27   openssl: '3.0.15+quic',
17:50:27   simdjson: '3.10.1',
17:50:27   simdutf: '6.0.3',
17:50:27   sqlite: '3.47.2',
17:50:27   tz: '2024b',
17:50:27   undici: '6.21.1',
17:50:27   unicode: '16.0',
17:50:27   uv: '1.49.2',
17:50:27   uvwasi: '0.0.21',
17:50:27   v8: '12.4.254.21-node.22',
17:50:27   zlib: '1.3.0.1-motley-82a5fec'
17:50:27 }
17:50:27 =============================
17:50:27 
17:50:27 =============================
17:50:27 OWASP ZAP Info 'ZAP_2.17.0'
17:50:27 Associo diritti di esecuzione agli script zap ...
17:50:27 Associati diritti di esecuzione agli script zap
17:50:27 Update ...
17:50:27 Execute: /opt/openjdk-21.0.7+6/bin/java -classpath /opt/zaproxy/ZAP_2.17.0/*:/opt/zaproxy/ZAP_2.17.0/lib/* org.zaproxy.zap.ZAP -cmd -addonupdate -port 8280 -host 127.0.0.1
17:50:28 Defaulting ZAP install dir to /opt/zaproxy/ZAP_2.17.0
17:50:44 Add-on update check complete
17:50:52 Update effettuato
17:50:52 =============================
17:50:52 
17:50:52 
17:50:52 
17:50:52 Fermo application server ...
17:50:52 Stoping Tomcat
17:50:52 WARNING: package java.net.HttpURLConnection not in java.base
17:50:53 Pid Tomcat: 8584 
17:50:53 
17:50:54 waiting for processes to gracefully shutdown (0/20)
17:50:55 waiting for processes to gracefully shutdown (1/20)
17:50:56 waiting for processes to gracefully shutdown (2/20)
17:50:57 waiting for processes to gracefully shutdown (3/20)
17:50:58 waiting for processes to gracefully shutdown (4/20)
17:50:59 waiting for processes to gracefully shutdown (5/20)
17:51:00 waiting for processes to gracefully shutdown (6/20)
17:51:01 waiting for processes to gracefully shutdown (7/20)
17:51:02 waiting for processes to gracefully shutdown (8/20)
17:51:03 waiting for processes to gracefully shutdown (9/20)
17:51:04 waiting for processes to gracefully shutdown (10/20)
17:51:05 waiting for processes to gracefully shutdown (11/20)
17:51:06 waiting for processes to gracefully shutdown (12/20)
17:51:07 waiting for processes to gracefully shutdown (13/20)
17:51:08 waiting for processes to gracefully shutdown (14/20)
17:51:09 waiting for processes to gracefully shutdown (15/20)
17:51:10 waiting for processes to gracefully shutdown (16/20)
17:51:11 waiting for processes to gracefully shutdown (17/20)
17:51:12 waiting for processes to gracefully shutdown (18/20)
17:51:13 waiting for processes to gracefully shutdown (19/20)
17:51:14 waiting for processes to gracefully shutdown (20/20)
17:51:14 Gracefully shutdown didn't stop tomcat after 20 seconds
17:51:14 Terminating Tomcat
17:51:14 Pid Tomcat: 8584 
17:51:14 
17:51:15 waiting for processes to terminate (0/10)Fermo application server effettuato
17:51:15 Ripulisco log application server ...
17:51:15 Ripulisco log application server effettuato
17:51:15 Predispongo dir testsuite ...
17:51:16 Predispongo dir testsuite ok
17:51:16 Ripulisco output jacoco ...
17:51:16 Ripulisco output jacoco effettuato
17:51:16 Fermo sonarqube ...
17:51:16 
17:51:16 Gracefully stopping SonarQube...
17:51:18 Stopped SonarQube.
17:51:18 Fermo sonarqube effettuato
17:51:18 Verifico che il workspace non esista ...
17:51:18 Non e' stata rilevata una corretta re-inizializzazione del Workspace
17:51:18 [Boolean condition] checking [true] against [^(1|y|yes|t|true|on|run)$] (origin token: ${GOVWAY_BUILD})
17:51:18 Run condition [Boolean condition] enabling perform for step [BuilderChain]
17:51:18 [GovWay] $ /bin/sh -xe /tmp/jenkins51945876094845136.sh
17:51:18 + perl -pi -e s/log4bash.appender=ColorConsoleAppender/log4bash.appender=ConsoleAppender/g /var/lib/jenkins/workspace/GovWay/distrib/log4bash.properties
17:51:18 + sed -i -e 's#<module>swagger-codegen</module>#<!-- <module>swagger-codegen</module> -->#g' /var/lib/jenkins/workspace/GovWay/mvn/dependencies/pom.xml
17:51:18 + sed -i -e s#UPDATE_DOC=true#UPDATE_DOC=false#g /var/lib/jenkins/workspace/GovWay/distrib/distrib.sh
17:51:18 + sed -i -e s#DB_VERSION=postgresql,mysql,oracle,hsql,sqlserver,db2#DB_VERSION=postgresql,mysql,oracle,hsql,sqlserver#g /var/lib/jenkins/workspace/GovWay/ant/setup/prepare-build.properties
17:51:18 [GovWay] $ /opt/apache-maven-3.9.10/bin/mvn initialize
17:51:22 [INFO] Scanning for projects...
17:51:22 [INFO] ------------------------------------------------------------------------
17:51:22 [INFO] Reactor Build Order:
17:51:22 [INFO] 
17:51:22 [INFO] govway                                                             [pom]
17:51:22 [INFO] dependencies                                                       [pom]
17:51:22 [INFO] dependencies.ant                                                   [pom]
17:51:22 [INFO] dependencies.antinstaller                                          [pom]
17:51:22 [INFO] dependencies.angus                                                 [pom]
17:51:22 [INFO] dependencies.bean-validation                                       [pom]
17:51:22 [INFO] dependencies.cxf                                                   [pom]
17:51:22 [INFO] dependencies.commons                                               [pom]
17:51:22 [INFO] dependencies.console                                               [pom]
17:51:22 [INFO] dependencies.git                                                   [pom]
17:51:22 [INFO] dependencies.httpcore                                              [pom]
17:51:22 [INFO] dependencies.jackson                                               [pom]
17:51:22 [INFO] dependencies.jakarta                                               [pom]
17:51:22 [INFO] dependencies.jaxb                                                  [pom]
17:51:22 [INFO] dependencies.jetty                                                 [pom]
17:51:22 [INFO] dependencies.jmx                                                   [pom]
17:51:22 [INFO] dependencies.json                                                  [pom]
17:51:22 [INFO] dependencies.log                                                   [pom]
17:51:22 [INFO] dependencies.lucene                                                [pom]
17:51:22 [INFO] dependencies.openapi4j                                             [pom]
17:51:22 [INFO] dependencies.opensaml                                              [pom]
17:51:22 [INFO] dependencies.pdf                                                   [pom]
17:51:22 [INFO] dependencies.redis                                                 [pom]
17:51:22 [INFO] dependencies.reports                                               [pom]
17:51:22 [INFO] dependencies.saaj                                                  [pom]
17:51:22 [INFO] dependencies.security                                              [pom]
17:51:22 [INFO] dependencies.shared                                                [pom]
17:51:22 [INFO] dependencies.spring                                                [pom]
17:51:22 [INFO] dependencies.spring-ldap                                           [pom]
17:51:22 [INFO] dependencies.spring-security                                       [pom]
17:51:22 [INFO] dependencies.swagger                                               [pom]
17:51:22 [INFO] dependencies.wss4j                                                 [pom]
17:51:22 [INFO] dependencies.testsuite                                             [pom]
17:51:22 [INFO] dependencies.testsuite.axis14                                      [pom]
17:51:22 [INFO] dependencies.testsuite.as                                          [pom]
17:51:22 [INFO] dependencies.testsuite.as.wildfly27                                [pom]
17:51:22 [INFO] dependencies.testsuite.as.wildfly28                                [pom]
17:51:22 [INFO] dependencies.testsuite.as.wildfly35                                [pom]
17:51:22 [INFO] dependencies.testsuite.as.wildfly36                                [pom]
17:51:22 [INFO] dependencies.testsuite.as.wildfly37                                [pom]
17:51:22 [INFO] dependencies.testsuite.as.wildfly38                                [pom]
17:51:22 [INFO] dependencies.testsuite.as.wildfly39                                [pom]
17:51:22 [INFO] dependencies.testsuite.as.tomcat10                                 [pom]
17:51:22 [INFO] dependencies.testsuite.as.tomcat11                                 [pom]
17:51:22 [INFO] dependencies.testsuite.test                                        [pom]
17:51:22 [INFO] dependencies.testsuite.test.testng                                 [pom]
17:51:22 [INFO] dependencies.testsuite.test.junit4                                 [pom]
17:51:22 [INFO] dependencies.testsuite.test.karate09                               [pom]
17:51:22 [INFO] dependencies.testsuite.test.logback                                [pom]
17:51:22 [INFO] dependencies.testsuite.test.httpcore4                              [pom]
17:51:22 [INFO] dependencies.testsuite.test.spring5                                [pom]
17:51:22 [INFO] dependencies.testsuite.test.spring-ldap2                           [pom]
17:51:22 [INFO] dependencies.testsuite.test.apacheds                               [pom]
17:51:22 [INFO] dependencies.testsuite.test.cxf3                                   [pom]
17:51:22 [INFO] dependencies.testsuite.staticAnalysis                              [pom]
17:51:22 [INFO] dependencies.testsuite.dynamicAnalysis                             [pom]
17:51:22 [INFO] dependencies.testsuite.coverage                                    [pom]
17:51:22 [INFO] compile                                                            [pom]
17:51:22 [INFO] package                                                            [pom]
17:51:22 [INFO] testsuite.utils                                                    [pom]
17:51:22 [INFO] testsuite.utils.sql                                                [pom]
17:51:22 [INFO] testsuite.pdd.core                                                 [pom]
17:51:22 [INFO] testsuite.pdd.core.sql                                             [pom]
17:51:22 [INFO] static_analysis.spotbugs                                           [pom]
17:51:22 [INFO] static_analysis.sonarqube                                          [pom]
17:51:22 [INFO] dynamic_analysis.zap                                               [pom]
17:51:22 [INFO] coverage.jacoco                                                    [pom]
17:51:22 [INFO] 
17:51:22 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >-------------------
17:51:22 [INFO] Building govway 1.0                                               [1/67]
17:51:22 [INFO]   from pom.xml
17:51:22 [INFO] --------------------------------[ pom ]---------------------------------
17:51:22 [INFO] 
17:51:22 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------
17:51:22 [INFO] Building dependencies 1.0                                         [2/67]
17:51:22 [INFO]   from mvn/dependencies/pom.xml
17:51:22 [INFO] --------------------------------[ pom ]---------------------------------
17:51:22 [INFO] 
17:51:22 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >-----------------
17:51:22 [INFO] Building dependencies.ant 1.0                                     [3/67]
17:51:22 [INFO]   from mvn/dependencies/ant/pom.xml
17:51:22 [INFO] --------------------------------[ pom ]---------------------------------
17:51:23 [INFO] 
17:51:23 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.ant ---
17:51:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = [])
17:51:23 [INFO] 
17:51:23 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant ---
17:51:25 [INFO] 
17:51:25 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------
17:51:25 [INFO] Building dependencies.antinstaller 1.0                            [4/67]
17:51:25 [INFO]   from mvn/dependencies/antinstaller/pom.xml
17:51:25 [INFO] --------------------------------[ pom ]---------------------------------
17:51:25 [INFO] 
17:51:25 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.antinstaller ---
17:51:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = [])
17:51:25 [INFO] 
17:51:25 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller ---
17:51:25 [INFO] 
17:51:25 [INFO] ---------------< org.openspcoop2:org.openspcoop2.angus >----------------
17:51:25 [INFO] Building dependencies.angus 1.0                                   [5/67]
17:51:25 [INFO]   from mvn/dependencies/angus/pom.xml
17:51:25 [INFO] --------------------------------[ pom ]---------------------------------
17:51:25 [INFO] 
17:51:25 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.angus ---
17:51:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/angus (includes = [*.jar], excludes = [])
17:51:25 [INFO] 
17:51:25 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.angus ---
17:51:25 [INFO] 
17:51:25 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >-----------
17:51:25 [INFO] Building dependencies.bean-validation 1.0                         [6/67]
17:51:25 [INFO]   from mvn/dependencies/bean-validation/pom.xml
17:51:25 [INFO] --------------------------------[ pom ]---------------------------------
17:51:25 [INFO] 
17:51:25 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.bean-validation ---
17:51:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = [])
17:51:25 [INFO] 
17:51:25 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation ---
17:51:25 [INFO] 
17:51:25 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >-----------------
17:51:25 [INFO] Building dependencies.cxf 1.0                                     [7/67]
17:51:25 [INFO]   from mvn/dependencies/cxf/pom.xml
17:51:25 [INFO] --------------------------------[ pom ]---------------------------------
17:51:26 [INFO] 
17:51:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.cxf ---
17:51:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = [])
17:51:26 [INFO] 
17:51:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf ---
17:51:26 [INFO] 
17:51:26 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.cxf ---
17:51:26 [INFO] Executing tasks
17:51:26 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-4.1.3.jar
17:51:26 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-4.1.3.jar
17:51:26 [INFO] Executed tasks
17:51:26 [INFO] 
17:51:26 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >---------------
17:51:26 [INFO] Building dependencies.commons 1.0                                 [8/67]
17:51:26 [INFO]   from mvn/dependencies/commons/pom.xml
17:51:26 [INFO] --------------------------------[ pom ]---------------------------------
17:51:27 [INFO] 
17:51:27 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.commons ---
17:51:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = [])
17:51:27 [INFO] 
17:51:27 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons ---
17:51:27 [INFO] 
17:51:27 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.commons ---
17:51:27 [INFO] Executing tasks
17:51:27 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/commons/commons-jcs3-core-3.2.1.jar
17:51:27 [INFO] Executed tasks
17:51:27 [INFO] 
17:51:27 [INFO] --------------< org.openspcoop2:org.openspcoop2.console >---------------
17:51:27 [INFO] Building dependencies.console 1.0                                 [9/67]
17:51:27 [INFO]   from mvn/dependencies/console/pom.xml
17:51:27 [INFO] --------------------------------[ pom ]---------------------------------
17:51:27 [INFO] 
17:51:27 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.console ---
17:51:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/console (includes = [*.jar], excludes = [])
17:51:27 [INFO] 
17:51:27 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.console ---
17:51:27 [INFO] 
17:51:27 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >-----------------
17:51:27 [INFO] Building dependencies.git 1.0                                    [10/67]
17:51:27 [INFO]   from mvn/dependencies/git/pom.xml
17:51:27 [INFO] --------------------------------[ pom ]---------------------------------
17:51:27 [INFO] 
17:51:27 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.git ---
17:51:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = [])
17:51:27 [INFO] 
17:51:27 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git ---
17:51:27 [INFO] 
17:51:27 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >--------------
17:51:27 [INFO] Building dependencies.httpcore 1.0                               [11/67]
17:51:27 [INFO]   from mvn/dependencies/httpcore/pom.xml
17:51:27 [INFO] --------------------------------[ pom ]---------------------------------
17:51:27 [INFO] 
17:51:27 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.httpcore ---
17:51:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = [])
17:51:27 [INFO] 
17:51:27 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore ---
17:51:27 [INFO] 
17:51:27 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >---------------
17:51:27 [INFO] Building dependencies.jackson 1.0                                [12/67]
17:51:27 [INFO]   from mvn/dependencies/jackson/pom.xml
17:51:27 [INFO] --------------------------------[ pom ]---------------------------------
17:51:27 [INFO] 
17:51:27 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jackson ---
17:51:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = [])
17:51:27 [INFO] 
17:51:27 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson ---
17:51:27 [INFO] 
17:51:27 [INFO] --------------< org.openspcoop2:org.openspcoop2.jakarta >---------------
17:51:27 [INFO] Building dependencies.jakarta 1.0                                [13/67]
17:51:27 [INFO]   from mvn/dependencies/jakarta/pom.xml
17:51:27 [INFO] --------------------------------[ pom ]---------------------------------
17:51:28 [INFO] 
17:51:28 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jakarta ---
17:51:28 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jakarta (includes = [*.jar], excludes = [])
17:51:28 [INFO] 
17:51:28 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jakarta ---
17:51:28 [INFO] 
17:51:28 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jaxb >----------------
17:51:28 [INFO] Building dependencies.jaxb 1.0                                   [14/67]
17:51:28 [INFO]   from mvn/dependencies/jaxb/pom.xml
17:51:28 [INFO] --------------------------------[ pom ]---------------------------------
17:51:28 [INFO] 
17:51:28 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jaxb ---
17:51:28 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jaxb (includes = [*.jar], excludes = [])
17:51:28 [INFO] 
17:51:28 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jaxb ---
17:51:28 [INFO] 
17:51:28 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >----------------
17:51:28 [INFO] Building dependencies.jetty 1.0                                  [15/67]
17:51:28 [INFO]   from mvn/dependencies/jetty/pom.xml
17:51:28 [INFO] --------------------------------[ pom ]---------------------------------
17:51:28 [INFO] 
17:51:28 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jetty ---
17:51:28 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = [])
17:51:28 [INFO] 
17:51:28 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty ---
17:51:28 [INFO] 
17:51:28 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jmx >-----------------
17:51:28 [INFO] Building dependencies.jmx 1.0                                    [16/67]
17:51:28 [INFO]   from mvn/dependencies/jmx/pom.xml
17:51:28 [INFO] --------------------------------[ pom ]---------------------------------
17:51:28 [INFO] 
17:51:28 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jmx ---
17:51:28 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jmx (includes = [*.jar], excludes = [])
17:51:28 [INFO] 
17:51:28 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jmx ---
17:51:28 [INFO] 
17:51:28 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >----------------
17:51:28 [INFO] Building dependencies.json 1.0                                   [17/67]
17:51:28 [INFO]   from mvn/dependencies/json/pom.xml
17:51:28 [INFO] --------------------------------[ pom ]---------------------------------
17:51:28 [INFO] 
17:51:28 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.json ---
17:51:28 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = [])
17:51:28 [INFO] 
17:51:28 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json ---
17:51:29 [INFO] 
17:51:29 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.json ---
17:51:29 [INFO] Executing tasks
17:51:29 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0.jar
17:51:29 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14.jar
17:51:29 [INFO] Executed tasks
17:51:29 [INFO] 
17:51:29 [INFO] --- copy-rename:1.0:rename (rename-file-networknt) @ org.openspcoop2.json ---
17:51:29 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.5.7.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.5.7.jar
17:51:29 [INFO] 
17:51:29 [INFO] --- copy-rename:1.0:rename (rename-file-github-validator) @ org.openspcoop2.json ---
17:51:29 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-validator-2.2.14-gov4j-1.jar
17:51:29 [INFO] 
17:51:29 [INFO] --- copy-rename:1.0:rename (rename-file-github-core) @ org.openspcoop2.json ---
17:51:29 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-core-1.2.14.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-core-1.2.14.jar
17:51:29 [INFO] 
17:51:29 [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson) @ org.openspcoop2.json ---
17:51:29 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-2.0.jar
17:51:29 [INFO] 
17:51:29 [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson-equivalence) @ org.openspcoop2.json ---
17:51:29 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-equivalence-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-equivalence-1.0.jar
17:51:29 [INFO] 
17:51:29 [INFO] --- copy-rename:1.0:rename (rename-file-github-uri-template) @ org.openspcoop2.json ---
17:51:29 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/uri-template-0.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_uri-template-0.10.jar
17:51:29 [INFO] 
17:51:29 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >-----------------
17:51:29 [INFO] Building dependencies.log 1.0                                    [18/67]
17:51:29 [INFO]   from mvn/dependencies/log/pom.xml
17:51:29 [INFO] --------------------------------[ pom ]---------------------------------
17:51:29 [INFO] 
17:51:29 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.log ---
17:51:29 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = [])
17:51:29 [INFO] 
17:51:29 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log ---
17:51:29 [INFO] 
17:51:29 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.log ---
17:51:29 [INFO] Executing tasks
17:51:29 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.17.jar
17:51:29 [INFO] Executed tasks
17:51:29 [INFO] 
17:51:29 [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >---------------
17:51:29 [INFO] Building dependencies.lucene 1.0                                 [19/67]
17:51:29 [INFO]   from mvn/dependencies/lucene/pom.xml
17:51:29 [INFO] --------------------------------[ pom ]---------------------------------
17:51:30 [INFO] 
17:51:30 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.lucene ---
17:51:30 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = [])
17:51:30 [INFO] 
17:51:30 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene ---
17:51:30 [INFO] 
17:51:30 [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >--------------
17:51:30 [INFO] Building dependencies.openapi4j 1.0                              [20/67]
17:51:30 [INFO]   from mvn/dependencies/openapi4j/pom.xml
17:51:30 [INFO] --------------------------------[ pom ]---------------------------------
17:51:30 [INFO] 
17:51:30 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.openapi4j ---
17:51:30 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = [])
17:51:30 [INFO] 
17:51:30 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j ---
17:51:30 [INFO] 
17:51:30 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.openapi4j ---
17:51:30 [INFO] Executing tasks
17:51:30 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7.jar
17:51:30 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7.jar
17:51:30 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7.jar
17:51:30 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7.jar
17:51:30 [INFO] Executed tasks
17:51:30 [INFO] 
17:51:30 [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >--------------
17:51:30 [INFO] Building dependencies.opensaml 1.0                               [21/67]
17:51:30 [INFO]   from mvn/dependencies/opensaml/pom.xml
17:51:30 [INFO] --------------------------------[ pom ]---------------------------------
17:51:30 [INFO] 
17:51:30 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.opensaml ---
17:51:30 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = [])
17:51:30 [INFO] 
17:51:30 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml ---
17:51:30 [INFO] 
17:51:30 [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >-----------------
17:51:30 [INFO] Building dependencies.pdf 1.0                                    [22/67]
17:51:30 [INFO]   from mvn/dependencies/pdf/pom.xml
17:51:30 [INFO] --------------------------------[ pom ]---------------------------------
17:51:30 [INFO] 
17:51:30 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.pdf ---
17:51:30 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = [])
17:51:30 [INFO] 
17:51:30 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf ---
17:51:30 [INFO] 
17:51:30 [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >----------------
17:51:30 [INFO] Building dependencies.redis 1.0                                  [23/67]
17:51:30 [INFO]   from mvn/dependencies/redis/pom.xml
17:51:30 [INFO] --------------------------------[ pom ]---------------------------------
17:51:30 [INFO] 
17:51:30 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.redis ---
17:51:30 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = [])
17:51:30 [INFO] 
17:51:30 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis ---
17:51:31 [INFO] 
17:51:31 [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >---------------
17:51:31 [INFO] Building dependencies.reports 1.0                                [24/67]
17:51:31 [INFO]   from mvn/dependencies/reports/pom.xml
17:51:31 [INFO] --------------------------------[ pom ]---------------------------------
17:51:31 [INFO] 
17:51:31 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.reports ---
17:51:31 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = [])
17:51:31 [INFO] 
17:51:31 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports ---
17:51:31 [INFO] 
17:51:31 [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >----------------
17:51:31 [INFO] Building dependencies.saaj 1.0                                   [25/67]
17:51:31 [INFO]   from mvn/dependencies/saaj/pom.xml
17:51:31 [INFO] --------------------------------[ pom ]---------------------------------
17:51:31 [INFO] 
17:51:31 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.saaj ---
17:51:31 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = [])
17:51:31 [INFO] 
17:51:31 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj ---
17:51:31 [INFO] 
17:51:31 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.saaj ---
17:51:31 [INFO] Executing tasks
17:51:31 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-3.0.4.jar
17:51:31 [INFO] Executed tasks
17:51:31 [INFO] 
17:51:31 [INFO] --------------< org.openspcoop2:org.openspcoop2.security >--------------
17:51:31 [INFO] Building dependencies.security 1.0                               [26/67]
17:51:31 [INFO]   from mvn/dependencies/security/pom.xml
17:51:31 [INFO] --------------------------------[ pom ]---------------------------------
17:51:31 [INFO] 
17:51:31 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.security ---
17:51:31 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = [])
17:51:31 [INFO] 
17:51:31 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security ---
17:51:31 [INFO] 
17:51:31 [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >---------------
17:51:31 [INFO] Building dependencies.shared 1.0                                 [27/67]
17:51:31 [INFO]   from mvn/dependencies/shared/pom.xml
17:51:31 [INFO] --------------------------------[ pom ]---------------------------------
17:51:32 [INFO] 
17:51:32 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.shared ---
17:51:32 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = [])
17:51:32 [INFO] 
17:51:32 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared ---
17:51:32 [INFO] 
17:51:32 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.shared ---
17:51:32 [INFO] Executing tasks
17:51:32 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-12.7.jar
17:51:32 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-2.4.jar
17:51:32 [INFO] Executed tasks
17:51:32 [INFO] 
17:51:32 [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >---------------
17:51:32 [INFO] Building dependencies.spring 1.0                                 [28/67]
17:51:32 [INFO]   from mvn/dependencies/spring/pom.xml
17:51:32 [INFO] --------------------------------[ pom ]---------------------------------
17:51:32 [INFO] 
17:51:32 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring ---
17:51:32 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = [])
17:51:32 [INFO] 
17:51:32 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring ---
17:51:32 [INFO] 
17:51:32 [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >-------------
17:51:32 [INFO] Building dependencies.spring-ldap 1.0                            [29/67]
17:51:32 [INFO]   from mvn/dependencies/spring-ldap/pom.xml
17:51:32 [INFO] --------------------------------[ pom ]---------------------------------
17:51:32 [INFO] 
17:51:32 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-ldap ---
17:51:32 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = [])
17:51:32 [INFO] 
17:51:32 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap ---
17:51:32 [INFO] 
17:51:32 [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >-----------
17:51:32 [INFO] Building dependencies.spring-security 1.0                        [30/67]
17:51:32 [INFO]   from mvn/dependencies/spring-security/pom.xml
17:51:32 [INFO] --------------------------------[ pom ]---------------------------------
17:51:32 [INFO] 
17:51:32 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-security ---
17:51:32 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = [])
17:51:32 [INFO] 
17:51:32 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security ---
17:51:32 [INFO] 
17:51:32 [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >---------------
17:51:32 [INFO] Building dependencies.swagger 1.0                                [31/67]
17:51:32 [INFO]   from mvn/dependencies/swagger/pom.xml
17:51:32 [INFO] --------------------------------[ pom ]---------------------------------
17:51:33 [INFO] 
17:51:33 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.swagger ---
17:51:33 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = [])
17:51:33 [INFO] 
17:51:33 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger ---
17:51:33 [INFO] 
17:51:33 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.swagger ---
17:51:33 [INFO] Executing tasks
17:51:33 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.29.jar
17:51:33 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.44.9.jar
17:51:33 [INFO] Executed tasks
17:51:33 [INFO] 
17:51:33 [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >----------------
17:51:33 [INFO] Building dependencies.wss4j 1.0                                  [32/67]
17:51:33 [INFO]   from mvn/dependencies/wss4j/pom.xml
17:51:33 [INFO] --------------------------------[ pom ]---------------------------------
17:51:33 [INFO] 
17:51:33 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.wss4j ---
17:51:33 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = [])
17:51:33 [INFO] 
17:51:33 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j ---
17:51:33 [INFO] 
17:51:33 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.wss4j ---
17:51:33 [INFO] Executing tasks
17:51:33 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-4.0.0.jar
17:51:33 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-4.0.0.jar
17:51:33 [INFO] Executed tasks
17:51:33 [INFO] 
17:51:33 [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >--------------
17:51:33 [INFO] Building dependencies.testsuite 1.0                              [33/67]
17:51:33 [INFO]   from mvn/dependencies/testsuite/pom.xml
17:51:33 [INFO] --------------------------------[ pom ]---------------------------------
17:51:33 [INFO] 
17:51:33 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >----------
17:51:33 [INFO] Building dependencies.testsuite.axis14 1.0                       [34/67]
17:51:33 [INFO]   from mvn/dependencies/testsuite/axis14/pom.xml
17:51:33 [INFO] --------------------------------[ pom ]---------------------------------
17:51:33 [INFO] 
17:51:33 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.axis14 ---
17:51:33 [INFO] 
17:51:33 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 ---
17:51:33 [INFO] 
17:51:33 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.axis14 ---
17:51:33 [INFO] Executing tasks
17:51:33 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4.jar
17:51:33 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4.jar
17:51:33 [INFO] Executed tasks
17:51:33 [INFO] 
17:51:33 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >-----
17:51:33 [INFO] Building dependencies.testsuite.as 1.0                           [35/67]
17:51:33 [INFO]   from mvn/dependencies/testsuite/applicationServer/pom.xml
17:51:33 [INFO] --------------------------------[ pom ]---------------------------------
17:51:33 [INFO] 
17:51:33 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly27 >--
17:51:33 [INFO] Building dependencies.testsuite.as.wildfly27 1.0                 [36/67]
17:51:33 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly27/pom.xml
17:51:33 [INFO] --------------------------------[ pom ]---------------------------------
17:51:34 [INFO] 
17:51:34 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly27 ---
17:51:34 [INFO] 
17:51:34 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly27 ---
17:51:34 [INFO] 
17:51:34 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly28 >--
17:51:34 [INFO] Building dependencies.testsuite.as.wildfly28 1.0                 [37/67]
17:51:34 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly28/pom.xml
17:51:34 [INFO] --------------------------------[ pom ]---------------------------------
17:51:34 [INFO] 
17:51:34 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly28 ---
17:51:34 [INFO] 
17:51:34 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly28 ---
17:51:34 [INFO] 
17:51:34 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly35 >--
17:51:34 [INFO] Building dependencies.testsuite.as.wildfly35 1.0                 [38/67]
17:51:34 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly35/pom.xml
17:51:34 [INFO] --------------------------------[ pom ]---------------------------------
17:51:34 [INFO] 
17:51:34 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly35 ---
17:51:34 [INFO] 
17:51:34 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly35 ---
17:51:34 [INFO] 
17:51:34 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly36 >--
17:51:34 [INFO] Building dependencies.testsuite.as.wildfly36 1.0                 [39/67]
17:51:34 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly36/pom.xml
17:51:34 [INFO] --------------------------------[ pom ]---------------------------------
17:51:34 [INFO] 
17:51:34 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly36 ---
17:51:34 [INFO] 
17:51:34 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly36 ---
17:51:34 [INFO] 
17:51:34 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly37 >--
17:51:34 [INFO] Building dependencies.testsuite.as.wildfly37 1.0                 [40/67]
17:51:34 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly37/pom.xml
17:51:34 [INFO] --------------------------------[ pom ]---------------------------------
17:51:35 [INFO] 
17:51:35 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly37 ---
17:51:35 [INFO] 
17:51:35 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly37 ---
17:51:35 [INFO] 
17:51:35 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly38 >--
17:51:35 [INFO] Building dependencies.testsuite.as.wildfly38 1.0                 [41/67]
17:51:35 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly38/pom.xml
17:51:35 [INFO] --------------------------------[ pom ]---------------------------------
17:51:35 [INFO] 
17:51:35 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly38 ---
17:51:35 [INFO] 
17:51:35 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly38 ---
17:51:35 [INFO] 
17:51:35 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly39 >--
17:51:35 [INFO] Building dependencies.testsuite.as.wildfly39 1.0                 [42/67]
17:51:35 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly39/pom.xml
17:51:35 [INFO] --------------------------------[ pom ]---------------------------------
17:51:35 [INFO] 
17:51:35 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly39 ---
17:51:35 [INFO] 
17:51:35 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly39 ---
17:51:35 [INFO] 
17:51:35 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat10 >--
17:51:35 [INFO] Building dependencies.testsuite.as.tomcat10 1.0                  [43/67]
17:51:35 [INFO]   from mvn/dependencies/testsuite/applicationServer/tomcat10/pom.xml
17:51:35 [INFO] --------------------------------[ pom ]---------------------------------
17:51:35 [INFO] 
17:51:35 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat10 ---
17:51:35 [INFO] 
17:51:35 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat10 ---
17:51:35 [INFO] 
17:51:35 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat11 >--
17:51:35 [INFO] Building dependencies.testsuite.as.tomcat11 1.0                  [44/67]
17:51:35 [INFO]   from mvn/dependencies/testsuite/applicationServer/tomcat11/pom.xml
17:51:35 [INFO] --------------------------------[ pom ]---------------------------------
17:51:35 [INFO] 
17:51:35 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat11 ---
17:51:35 [INFO] 
17:51:35 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat11 ---
17:51:35 [INFO] 
17:51:35 [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >-----------
17:51:35 [INFO] Building dependencies.testsuite.test 1.0                         [45/67]
17:51:35 [INFO]   from mvn/dependencies/testsuite/test/pom.xml
17:51:35 [INFO] --------------------------------[ pom ]---------------------------------
17:51:35 [INFO] 
17:51:35 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.testng >--------
17:51:35 [INFO] Building dependencies.testsuite.test.testng 1.0                  [46/67]
17:51:35 [INFO]   from mvn/dependencies/testsuite/test/testng/pom.xml
17:51:35 [INFO] --------------------------------[ pom ]---------------------------------
17:51:35 [INFO] 
17:51:35 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.testng ---
17:51:35 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/testng (includes = [*.jar], excludes = [])
17:51:35 [INFO] 
17:51:35 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.testng ---
17:51:35 [INFO] 
17:51:35 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.junit4 >--------
17:51:35 [INFO] Building dependencies.testsuite.test.junit4 1.0                  [47/67]
17:51:35 [INFO]   from mvn/dependencies/testsuite/test/junit4/pom.xml
17:51:35 [INFO] --------------------------------[ pom ]---------------------------------
17:51:35 [INFO] 
17:51:35 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.junit4 ---
17:51:35 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/junit4 (includes = [*.jar], excludes = [])
17:51:35 [INFO] 
17:51:35 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.junit4 ---
17:51:35 [INFO] 
17:51:35 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.karate09 >-------
17:51:35 [INFO] Building dependencies.testsuite.test.karate09 1.0                [48/67]
17:51:35 [INFO]   from mvn/dependencies/testsuite/test/karate09/pom.xml
17:51:35 [INFO] --------------------------------[ pom ]---------------------------------
17:51:35 [INFO] 
17:51:35 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.karate09 ---
17:51:35 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate09 (includes = [*.jar], excludes = [])
17:51:36 [INFO] 
17:51:36 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.karate09 ---
17:51:36 [INFO] 
17:51:36 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.logback >-------
17:51:36 [INFO] Building dependencies.testsuite.test.logback 1.0                 [49/67]
17:51:36 [INFO]   from mvn/dependencies/testsuite/test/logback/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.logback ---
17:51:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/logback (includes = [*.jar], excludes = [])
17:51:36 [INFO] 
17:51:36 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.logback ---
17:51:36 [INFO] 
17:51:36 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.httpcore4 >------
17:51:36 [INFO] Building dependencies.testsuite.test.httpcore4 1.0               [50/67]
17:51:36 [INFO]   from mvn/dependencies/testsuite/test/httpcore4/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.httpcore4 ---
17:51:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/httpcore4 (includes = [*.jar], excludes = [])
17:51:36 [INFO] 
17:51:36 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.httpcore4 ---
17:51:36 [INFO] 
17:51:36 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.spring5 >-------
17:51:36 [INFO] Building dependencies.testsuite.test.spring5 1.0                 [51/67]
17:51:36 [INFO]   from mvn/dependencies/testsuite/test/spring5/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring5 ---
17:51:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring5 (includes = [*.jar], excludes = [])
17:51:36 [INFO] 
17:51:36 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring5 ---
17:51:36 [INFO] 
17:51:36 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.test.spring-ldap2 >-----
17:51:36 [INFO] Building dependencies.testsuite.test.spring-ldap2 1.0            [52/67]
17:51:36 [INFO]   from mvn/dependencies/testsuite/test/spring-ldap2/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring-ldap2 ---
17:51:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring-ldap2 (includes = [*.jar], excludes = [])
17:51:36 [INFO] 
17:51:36 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring-ldap2 ---
17:51:36 [INFO] 
17:51:36 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.apacheds >-------
17:51:36 [INFO] Building dependencies.testsuite.test.apacheds 1.0                [53/67]
17:51:36 [INFO]   from mvn/dependencies/testsuite/test/apacheds/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.apacheds ---
17:51:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds (includes = [*.jar], excludes = [])
17:51:36 [INFO] 
17:51:36 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.apacheds ---
17:51:36 [INFO] 
17:51:36 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.test.apacheds ---
17:51:36 [INFO] Executing tasks
17:51:36 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds/apacheds-all-2.0.0.AM27.jar
17:51:36 [INFO] Executed tasks
17:51:36 [INFO] 
17:51:36 [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.test.cxf3 >---------
17:51:36 [INFO] Building dependencies.testsuite.test.cxf3 1.0                    [54/67]
17:51:36 [INFO]   from mvn/dependencies/testsuite/test/cxf3/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.cxf3 ---
17:51:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/cxf3 (includes = [*.jar], excludes = [])
17:51:36 [INFO] 
17:51:36 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.cxf3 ---
17:51:36 [INFO] 
17:51:36 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.staticAnalysis >------
17:51:36 [INFO] Building dependencies.testsuite.staticAnalysis 1.0               [55/67]
17:51:36 [INFO]   from mvn/dependencies/testsuite/staticAnalysis/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.staticAnalysis ---
17:51:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis (includes = [*.jar], excludes = [])
17:51:36 [INFO] 
17:51:36 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.staticAnalysis ---
17:51:36 [INFO] 
17:51:36 [INFO] -----< org.openspcoop2:org.openspcoop2.testsuite.dynamicAnalysis >------
17:51:36 [INFO] Building dependencies.testsuite.dynamicAnalysis 1.0              [56/67]
17:51:36 [INFO]   from mvn/dependencies/testsuite/dynamicAnalysis/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.dynamicAnalysis ---
17:51:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis (includes = [*.jar], excludes = [])
17:51:36 [INFO] 
17:51:36 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.dynamicAnalysis ---
17:51:36 [INFO] 
17:51:36 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.coverage >---------
17:51:36 [INFO] Building dependencies.testsuite.coverage 1.0                     [57/67]
17:51:36 [INFO]   from mvn/dependencies/testsuite/coverage/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.coverage ---
17:51:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/coverage (includes = [*.jar], excludes = [])
17:51:36 [INFO] 
17:51:36 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.coverage ---
17:51:36 [INFO] 
17:51:36 [INFO] --------------< org.openspcoop2:org.openspcoop2.compile >---------------
17:51:36 [INFO] Building compile 1.0                                             [58/67]
17:51:36 [INFO]   from mvn/compile/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] --------------< org.openspcoop2:org.openspcoop2.package >---------------
17:51:36 [INFO] Building package 1.0                                             [59/67]
17:51:36 [INFO]   from distrib/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.utils >-----------
17:51:36 [INFO] Building testsuite.utils 1.0                                     [60/67]
17:51:36 [INFO]   from tools/utils/mvn/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.utils.sql >---------
17:51:36 [INFO] Building testsuite.utils.sql 1.0                                 [61/67]
17:51:36 [INFO]   from tools/utils/mvn/sql/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core >---------
17:51:36 [INFO] Building testsuite.pdd.core 1.0                                  [62/67]
17:51:36 [INFO]   from core/mvn/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core.sql >-------
17:51:36 [INFO] Building testsuite.pdd.core.sql 1.0                              [63/67]
17:51:36 [INFO]   from core/mvn/sql/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] ------< org.openspcoop2:org.openspcoop2.static_analysis.spotbugs >------
17:51:36 [INFO] Building static_analysis.spotbugs 1.0                            [64/67]
17:51:36 [INFO]   from tools/spotbugs/mvn/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] -----< org.openspcoop2:org.openspcoop2.static_analysis.sonarqube >------
17:51:36 [INFO] Building static_analysis.sonarqube 1.0                           [65/67]
17:51:36 [INFO]   from tools/sonarqube/mvn/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] --------< org.openspcoop2:org.openspcoop2.dynamic_analysis.zap >--------
17:51:36 [INFO] Building dynamic_analysis.zap 1.0                                [66/67]
17:51:36 [INFO]   from tools/zap/mvn/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] 
17:51:36 [INFO] ----------< org.openspcoop2:org.openspcoop2.coverage.jacoco >-----------
17:51:36 [INFO] Building coverage.jacoco 1.0                                     [67/67]
17:51:36 [INFO]   from tools/jacoco/mvn/pom.xml
17:51:36 [INFO] --------------------------------[ pom ]---------------------------------
17:51:36 [INFO] ------------------------------------------------------------------------
17:51:36 [INFO] Reactor Summary for govway 1.0:
17:51:36 [INFO] 
17:51:36 [INFO] govway ............................................. SUCCESS [  0.005 s]
17:51:36 [INFO] dependencies ....................................... SUCCESS [  0.001 s]
17:51:36 [INFO] dependencies.ant ................................... SUCCESS [  2.455 s]
17:51:36 [INFO] dependencies.antinstaller .......................... SUCCESS [  0.087 s]
17:51:36 [INFO] dependencies.angus ................................. SUCCESS [  0.066 s]
17:51:36 [INFO] dependencies.bean-validation ....................... SUCCESS [  0.088 s]
17:51:36 [INFO] dependencies.cxf ................................... SUCCESS [  1.258 s]
17:51:36 [INFO] dependencies.commons ............................... SUCCESS [  0.486 s]
17:51:36 [INFO] dependencies.console ............................... SUCCESS [  0.139 s]
17:51:36 [INFO] dependencies.git ................................... SUCCESS [  0.056 s]
17:51:36 [INFO] dependencies.httpcore .............................. SUCCESS [  0.170 s]
17:51:36 [INFO] dependencies.jackson ............................... SUCCESS [  0.211 s]
17:51:36 [INFO] dependencies.jakarta ............................... SUCCESS [  0.173 s]
17:51:36 [INFO] dependencies.jaxb .................................. SUCCESS [  0.162 s]
17:51:36 [INFO] dependencies.jetty ................................. SUCCESS [  0.274 s]
17:51:36 [INFO] dependencies.jmx ................................... SUCCESS [  0.258 s]
17:51:36 [INFO] dependencies.json .................................. SUCCESS [  0.731 s]
17:51:36 [INFO] dependencies.log ................................... SUCCESS [  0.429 s]
17:51:36 [INFO] dependencies.lucene ................................ SUCCESS [  0.078 s]
17:51:36 [INFO] dependencies.openapi4j ............................. SUCCESS [  0.183 s]
17:51:36 [INFO] dependencies.opensaml .............................. SUCCESS [  0.274 s]
17:51:36 [INFO] dependencies.pdf ................................... SUCCESS [  0.105 s]
17:51:36 [INFO] dependencies.redis ................................. SUCCESS [  0.390 s]
17:51:36 [INFO] dependencies.reports ............................... SUCCESS [  0.158 s]
17:51:36 [INFO] dependencies.saaj .................................. SUCCESS [  0.295 s]
17:51:36 [INFO] dependencies.security .............................. SUCCESS [  0.192 s]
17:51:36 [INFO] dependencies.shared ................................ SUCCESS [  0.957 s]
17:51:36 [INFO] dependencies.spring ................................ SUCCESS [  0.119 s]
17:51:36 [INFO] dependencies.spring-ldap ........................... SUCCESS [  0.031 s]
17:51:36 [INFO] dependencies.spring-security ....................... SUCCESS [  0.085 s]
17:51:36 [INFO] dependencies.swagger ............................... SUCCESS [  0.438 s]
17:51:36 [INFO] dependencies.wss4j ................................. SUCCESS [  0.342 s]
17:51:36 [INFO] dependencies.testsuite ............................. SUCCESS [  0.001 s]
17:51:36 [INFO] dependencies.testsuite.axis14 ...................... SUCCESS [  0.335 s]
17:51:36 [INFO] dependencies.testsuite.as .......................... SUCCESS [  0.001 s]
17:51:36 [INFO] dependencies.testsuite.as.wildfly27 ................ SUCCESS [  0.208 s]
17:51:36 [INFO] dependencies.testsuite.as.wildfly28 ................ SUCCESS [  0.240 s]
17:51:36 [INFO] dependencies.testsuite.as.wildfly35 ................ SUCCESS [  0.255 s]
17:51:36 [INFO] dependencies.testsuite.as.wildfly36 ................ SUCCESS [  0.289 s]
17:51:36 [INFO] dependencies.testsuite.as.wildfly37 ................ SUCCESS [  0.241 s]
17:51:36 [INFO] dependencies.testsuite.as.wildfly38 ................ SUCCESS [  0.245 s]
17:51:36 [INFO] dependencies.testsuite.as.wildfly39 ................ SUCCESS [  0.249 s]
17:51:36 [INFO] dependencies.testsuite.as.tomcat10 ................. SUCCESS [  0.030 s]
17:51:36 [INFO] dependencies.testsuite.as.tomcat11 ................. SUCCESS [  0.056 s]
17:51:36 [INFO] dependencies.testsuite.test ........................ SUCCESS [  0.001 s]
17:51:36 [INFO] dependencies.testsuite.test.testng ................. SUCCESS [  0.132 s]
17:51:36 [INFO] dependencies.testsuite.test.junit4 ................. SUCCESS [  0.041 s]
17:51:36 [INFO] dependencies.testsuite.test.karate09 ............... SUCCESS [  0.077 s]
17:51:36 [INFO] dependencies.testsuite.test.logback ................ SUCCESS [  0.035 s]
17:51:36 [INFO] dependencies.testsuite.test.httpcore4 .............. SUCCESS [  0.100 s]
17:51:36 [INFO] dependencies.testsuite.test.spring5 ................ SUCCESS [  0.070 s]
17:51:36 [INFO] dependencies.testsuite.test.spring-ldap2 ........... SUCCESS [  0.021 s]
17:51:36 [INFO] dependencies.testsuite.test.apacheds ............... SUCCESS [  0.244 s]
17:51:36 [INFO] dependencies.testsuite.test.cxf3 ................... SUCCESS [  0.104 s]
17:51:36 [INFO] dependencies.testsuite.staticAnalysis .............. SUCCESS [  0.033 s]
17:51:36 [INFO] dependencies.testsuite.dynamicAnalysis ............. SUCCESS [  0.017 s]
17:51:36 [INFO] dependencies.testsuite.coverage .................... SUCCESS [  0.077 s]
17:51:36 [INFO] compile ............................................ SUCCESS [  0.001 s]
17:51:36 [INFO] package ............................................ SUCCESS [  0.001 s]
17:51:36 [INFO] testsuite.utils .................................... SUCCESS [  0.000 s]
17:51:36 [INFO] testsuite.utils.sql ................................ SUCCESS [  0.001 s]
17:51:36 [INFO] testsuite.pdd.core ................................. SUCCESS [  0.000 s]
17:51:36 [INFO] testsuite.pdd.core.sql ............................. SUCCESS [  0.001 s]
17:51:36 [INFO] static_analysis.spotbugs ........................... SUCCESS [  0.001 s]
17:51:36 [INFO] static_analysis.sonarqube .......................... SUCCESS [  0.000 s]
17:51:36 [INFO] dynamic_analysis.zap ............................... SUCCESS [  0.001 s]
17:51:36 [INFO] coverage.jacoco .................................... SUCCESS [  0.001 s]
17:51:36 [INFO] ------------------------------------------------------------------------
17:51:36 [INFO] BUILD SUCCESS
17:51:36 [INFO] ------------------------------------------------------------------------
17:51:36 [INFO] Total time:  14.568 s
17:51:36 [INFO] Finished at: 2026-02-19T17:51:36+01:00
17:51:36 [INFO] ------------------------------------------------------------------------
17:51:36 [GovWay] $ /opt/apache-maven-3.9.10/bin/mvn -Dowasp.plugin.autoUpdate=true -Dpackage=none -DossIndexUsername=andrea.poli@link.it -Dcompile=none -Dowasp=verify -Dtestsuite=none -DossIndexPassword=6b31d4937d57ec65ccb3aed4ff8461107c8eeb5a -DnvdApiKey=f8281fbf-3d81-4e4a-9f03-ab68856b336d -Dowasp.plugin.failBuildOnAnyVulnerability=false verify
17:51:39 [INFO] Scanning for projects...
17:51:40 [INFO] ------------------------------------------------------------------------
17:51:40 [INFO] Reactor Build Order:
17:51:40 [INFO] 
17:51:40 [INFO] govway                                                             [pom]
17:51:40 [INFO] dependencies                                                       [pom]
17:51:40 [INFO] dependencies.ant                                                   [pom]
17:51:40 [INFO] dependencies.antinstaller                                          [pom]
17:51:40 [INFO] dependencies.angus                                                 [pom]
17:51:40 [INFO] dependencies.bean-validation                                       [pom]
17:51:40 [INFO] dependencies.cxf                                                   [pom]
17:51:40 [INFO] dependencies.commons                                               [pom]
17:51:40 [INFO] dependencies.console                                               [pom]
17:51:40 [INFO] dependencies.git                                                   [pom]
17:51:40 [INFO] dependencies.httpcore                                              [pom]
17:51:40 [INFO] dependencies.jackson                                               [pom]
17:51:40 [INFO] dependencies.jakarta                                               [pom]
17:51:40 [INFO] dependencies.jaxb                                                  [pom]
17:51:40 [INFO] dependencies.jetty                                                 [pom]
17:51:40 [INFO] dependencies.jmx                                                   [pom]
17:51:40 [INFO] dependencies.json                                                  [pom]
17:51:40 [INFO] dependencies.log                                                   [pom]
17:51:40 [INFO] dependencies.lucene                                                [pom]
17:51:40 [INFO] dependencies.openapi4j                                             [pom]
17:51:40 [INFO] dependencies.opensaml                                              [pom]
17:51:40 [INFO] dependencies.pdf                                                   [pom]
17:51:40 [INFO] dependencies.redis                                                 [pom]
17:51:40 [INFO] dependencies.reports                                               [pom]
17:51:40 [INFO] dependencies.saaj                                                  [pom]
17:51:40 [INFO] dependencies.security                                              [pom]
17:51:40 [INFO] dependencies.shared                                                [pom]
17:51:40 [INFO] dependencies.spring                                                [pom]
17:51:40 [INFO] dependencies.spring-ldap                                           [pom]
17:51:40 [INFO] dependencies.spring-security                                       [pom]
17:51:40 [INFO] dependencies.swagger                                               [pom]
17:51:40 [INFO] dependencies.wss4j                                                 [pom]
17:51:40 [INFO] dependencies.testsuite                                             [pom]
17:51:40 [INFO] dependencies.testsuite.axis14                                      [pom]
17:51:40 [INFO] dependencies.testsuite.as                                          [pom]
17:51:40 [INFO] dependencies.testsuite.as.wildfly27                                [pom]
17:51:40 [INFO] dependencies.testsuite.as.wildfly28                                [pom]
17:51:40 [INFO] dependencies.testsuite.as.wildfly35                                [pom]
17:51:40 [INFO] dependencies.testsuite.as.wildfly36                                [pom]
17:51:40 [INFO] dependencies.testsuite.as.wildfly37                                [pom]
17:51:40 [INFO] dependencies.testsuite.as.wildfly38                                [pom]
17:51:40 [INFO] dependencies.testsuite.as.wildfly39                                [pom]
17:51:40 [INFO] dependencies.testsuite.as.tomcat10                                 [pom]
17:51:40 [INFO] dependencies.testsuite.as.tomcat11                                 [pom]
17:51:40 [INFO] dependencies.testsuite.test                                        [pom]
17:51:40 [INFO] dependencies.testsuite.test.testng                                 [pom]
17:51:40 [INFO] dependencies.testsuite.test.junit4                                 [pom]
17:51:40 [INFO] dependencies.testsuite.test.karate09                               [pom]
17:51:40 [INFO] dependencies.testsuite.test.logback                                [pom]
17:51:40 [INFO] dependencies.testsuite.test.httpcore4                              [pom]
17:51:40 [INFO] dependencies.testsuite.test.spring5                                [pom]
17:51:40 [INFO] dependencies.testsuite.test.spring-ldap2                           [pom]
17:51:40 [INFO] dependencies.testsuite.test.apacheds                               [pom]
17:51:40 [INFO] dependencies.testsuite.test.cxf3                                   [pom]
17:51:40 [INFO] dependencies.testsuite.staticAnalysis                              [pom]
17:51:40 [INFO] dependencies.testsuite.dynamicAnalysis                             [pom]
17:51:40 [INFO] dependencies.testsuite.coverage                                    [pom]
17:51:40 [INFO] compile                                                            [pom]
17:51:40 [INFO] package                                                            [pom]
17:51:40 [INFO] testsuite.utils                                                    [pom]
17:51:40 [INFO] testsuite.utils.sql                                                [pom]
17:51:40 [INFO] testsuite.pdd.core                                                 [pom]
17:51:40 [INFO] testsuite.pdd.core.sql                                             [pom]
17:51:40 [INFO] static_analysis.spotbugs                                           [pom]
17:51:40 [INFO] static_analysis.sonarqube                                          [pom]
17:51:40 [INFO] dynamic_analysis.zap                                               [pom]
17:51:40 [INFO] coverage.jacoco                                                    [pom]
17:51:40 [INFO] 
17:51:40 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >-------------------
17:51:40 [INFO] Building govway 1.0                                               [1/67]
17:51:40 [INFO]   from pom.xml
17:51:40 [INFO] --------------------------------[ pom ]---------------------------------
17:51:40 [INFO] 
17:51:40 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------
17:51:40 [INFO] Building dependencies 1.0                                         [2/67]
17:51:40 [INFO]   from mvn/dependencies/pom.xml
17:51:40 [INFO] --------------------------------[ pom ]---------------------------------
17:51:40 [INFO] 
17:51:40 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.dependencies ---
17:51:41 [INFO] Executing tasks
17:51:46 [INFO] Executed tasks
17:51:48 [INFO] 
17:51:48 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.dependencies ---
17:51:59 [INFO] Checking for updates
17:52:00 [WARNING] NVD API request failures are occurring; retrying request for the 1st time
17:52:06 [INFO] NVD API has 550 records in this update
17:52:06 [INFO] Downloaded 550/550 (100%)
17:52:08 [INFO] Completed processing batch 1/1 (100%) in 2,166ms
17:52:08 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:52:08 [INFO] Begin database defrag
17:52:20 [INFO] End database defrag (11706 ms)
17:52:20 [INFO] Check for updates complete (21385 ms)
17:52:20 [INFO] 
17:52:20 
17:52:20 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:52:20 
17:52:20 
17:52:20    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:52:20    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:52:20 
17:52:20 
17:52:20 [INFO] Analysis Started
17:52:23 [INFO] Finished Archive Analyzer (2 seconds)
17:52:23 [INFO] Finished File Name Analyzer (0 seconds)
17:52:26 [INFO] Finished Jar Analyzer (2 seconds)
17:52:26 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:52:26 [INFO] Finished Hint Analyzer (0 seconds)
17:52:26 [INFO] Finished Version Filter Analyzer (0 seconds)
17:52:27 [INFO] Using MemorySegmentIndexInput and native madvise support with Java 21 or later; to disable start with -Dorg.apache.lucene.store.MMapDirectory.enableMemorySegments=false
17:52:27 [WARNING] Java vector incubator module is not readable. For optimal vector performance, pass '--add-modules jdk.incubator.vector' to enable Vector API.
17:52:30 [INFO] Created CPE Index (3 seconds)
17:52:40 [INFO] Finished CPE Analyzer (13 seconds)
17:52:40 [INFO] Finished False Positive Analyzer (0 seconds)
17:52:40 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:53:02 [INFO] Finished RetireJS Analyzer (22 seconds)
17:53:03 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:53:03 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:53:03 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:53:04 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:53:04 
17:53:04 
17:53:04 ## Recommendation
17:53:04 
17:53:04 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:53:04 
17:53:04 The following template can be used to demonstrate the vulnerability:  
17:53:04 ```{{#with "constructor"}}
17:53:04 	{{#with split as |a|}}
17:53:04 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:53:04 		{{#with (concat (lookup join (slice 0 1)))}}
17:53:04 			{{#each (slice 2 3)}}
17:53:04 				{{#with (apply 0 a)}}
17:53:04 					{{.}}
17:53:04 				{{/with}}
17:53:04 			{{/each}}
17:53:04 		{{/with}}
17:53:04 	{{/with}}
17:53:04 {{/with}}```
17:53:04 
17:53:04 
17:53:04 ## Recommendation
17:53:04 
17:53:04 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:53:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:53:04 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:53:04 [INFO] Analysis Complete (43 seconds)
17:53:04 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.xml
17:53:05 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.html
17:53:06 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.json
17:53:06 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.csv
17:53:06 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.sarif
17:53:06 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-jenkins.html
17:53:06 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-junit.xml
17:53:06 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-gitlab.json
17:53:06 [INFO] 
17:53:06 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >-----------------
17:53:06 [INFO] Building dependencies.ant 1.0                                     [3/67]
17:53:06 [INFO]   from mvn/dependencies/ant/pom.xml
17:53:06 [INFO] --------------------------------[ pom ]---------------------------------
17:53:06 [INFO] 
17:53:06 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.ant ---
17:53:06 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = [])
17:53:06 [INFO] 
17:53:06 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant ---
17:53:07 [INFO] 
17:53:07 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.ant ---
17:53:07 [INFO] Executing tasks
17:53:12 [INFO] Executed tasks
17:53:12 [INFO] 
17:53:12 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.ant ---
17:53:12 [INFO] Checking for updates
17:53:12 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:53:12 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:53:12 [INFO] Check for updates complete (78 ms)
17:53:13 [INFO] 
17:53:13 
17:53:13 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:53:13 
17:53:13 
17:53:13    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:53:13    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:53:13 
17:53:13 
17:53:13 [INFO] Analysis Started
17:53:13 [INFO] Finished Archive Analyzer (0 seconds)
17:53:13 [INFO] Finished File Name Analyzer (0 seconds)
17:53:13 [INFO] Finished Jar Analyzer (0 seconds)
17:53:13 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:53:13 [INFO] Finished Hint Analyzer (0 seconds)
17:53:13 [INFO] Finished Version Filter Analyzer (0 seconds)
17:53:15 [INFO] Created CPE Index (2 seconds)
17:53:15 [INFO] Finished CPE Analyzer (2 seconds)
17:53:15 [INFO] Finished False Positive Analyzer (0 seconds)
17:53:15 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:53:15 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:53:15 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:53:15 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:53:15 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:53:15 
17:53:15 
17:53:15 ## Recommendation
17:53:15 
17:53:15 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:53:15 
17:53:15 The following template can be used to demonstrate the vulnerability:  
17:53:15 ```{{#with "constructor"}}
17:53:15 	{{#with split as |a|}}
17:53:15 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:53:15 		{{#with (concat (lookup join (slice 0 1)))}}
17:53:15 			{{#each (slice 2 3)}}
17:53:15 				{{#with (apply 0 a)}}
17:53:15 					{{.}}
17:53:15 				{{/with}}
17:53:15 			{{/each}}
17:53:15 		{{/with}}
17:53:15 	{{/with}}
17:53:15 {{/with}}```
17:53:15 
17:53:15 
17:53:15 ## Recommendation
17:53:15 
17:53:15 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:53:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:53:15 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:53:15 [INFO] Analysis Complete (2 seconds)
17:53:15 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:53:15 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:53:15 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:53:15 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:53:15 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:53:15 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:53:15 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:53:15 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:53:15 [INFO] 
17:53:15 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------
17:53:15 [INFO] Building dependencies.antinstaller 1.0                            [4/67]
17:53:15 [INFO]   from mvn/dependencies/antinstaller/pom.xml
17:53:15 [INFO] --------------------------------[ pom ]---------------------------------
17:53:15 [INFO] 
17:53:15 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.antinstaller ---
17:53:15 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = [])
17:53:15 [INFO] 
17:53:15 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller ---
17:53:15 [INFO] 
17:53:15 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.antinstaller ---
17:53:15 [INFO] Executing tasks
17:53:20 [INFO] Executed tasks
17:53:20 [INFO] 
17:53:20 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.antinstaller ---
17:53:20 [INFO] Checking for updates
17:53:20 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:53:21 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:53:21 [INFO] Check for updates complete (74 ms)
17:53:21 [INFO] 
17:53:21 
17:53:21 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:53:21 
17:53:21 
17:53:21    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:53:21    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:53:21 
17:53:21 
17:53:21 [INFO] Analysis Started
17:53:21 [INFO] Finished Archive Analyzer (0 seconds)
17:53:21 [INFO] Finished File Name Analyzer (0 seconds)
17:53:21 [INFO] Finished Jar Analyzer (0 seconds)
17:53:21 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:53:21 [INFO] Finished Hint Analyzer (0 seconds)
17:53:21 [INFO] Finished Version Filter Analyzer (0 seconds)
17:53:23 [INFO] Created CPE Index (1 seconds)
17:53:23 [INFO] Finished CPE Analyzer (1 seconds)
17:53:23 [INFO] Finished False Positive Analyzer (0 seconds)
17:53:23 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:53:23 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:53:23 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:53:23 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:53:23 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:53:23 
17:53:23 
17:53:23 ## Recommendation
17:53:23 
17:53:23 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:53:23 
17:53:23 The following template can be used to demonstrate the vulnerability:  
17:53:23 ```{{#with "constructor"}}
17:53:23 	{{#with split as |a|}}
17:53:23 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:53:23 		{{#with (concat (lookup join (slice 0 1)))}}
17:53:23 			{{#each (slice 2 3)}}
17:53:23 				{{#with (apply 0 a)}}
17:53:23 					{{.}}
17:53:23 				{{/with}}
17:53:23 			{{/each}}
17:53:23 		{{/with}}
17:53:23 	{{/with}}
17:53:23 {{/with}}```
17:53:23 
17:53:23 
17:53:23 ## Recommendation
17:53:23 
17:53:23 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:53:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:53:23 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:53:23 [INFO] Analysis Complete (2 seconds)
17:53:23 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:53:23 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:53:23 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:53:23 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:53:23 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:53:23 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:53:23 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:53:23 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:53:23 [INFO] 
17:53:23 [INFO] ---------------< org.openspcoop2:org.openspcoop2.angus >----------------
17:53:23 [INFO] Building dependencies.angus 1.0                                   [5/67]
17:53:23 [INFO]   from mvn/dependencies/angus/pom.xml
17:53:23 [INFO] --------------------------------[ pom ]---------------------------------
17:53:23 [INFO] 
17:53:23 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.angus ---
17:53:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/angus (includes = [*.jar], excludes = [])
17:53:23 [INFO] 
17:53:23 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.angus ---
17:53:23 [INFO] 
17:53:23 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.angus ---
17:53:23 [INFO] Executing tasks
17:53:28 [INFO] Executed tasks
17:53:28 [INFO] 
17:53:28 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.angus ---
17:53:28 [INFO] Checking for updates
17:53:28 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:53:28 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:53:28 [INFO] Check for updates complete (149 ms)
17:53:29 [INFO] 
17:53:29 
17:53:29 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:53:29 
17:53:29 
17:53:29    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:53:29    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:53:29 
17:53:29 
17:53:29 [INFO] Analysis Started
17:53:29 [INFO] Finished Archive Analyzer (0 seconds)
17:53:29 [INFO] Finished File Name Analyzer (0 seconds)
17:53:29 [INFO] Finished Jar Analyzer (0 seconds)
17:53:29 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:53:29 [INFO] Finished Hint Analyzer (0 seconds)
17:53:29 [INFO] Finished Version Filter Analyzer (0 seconds)
17:53:31 [INFO] Created CPE Index (1 seconds)
17:53:31 [INFO] Finished CPE Analyzer (2 seconds)
17:53:31 [INFO] Finished False Positive Analyzer (0 seconds)
17:53:31 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:53:31 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:53:31 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:53:31 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:53:31 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:53:31 
17:53:31 
17:53:31 ## Recommendation
17:53:31 
17:53:31 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:53:31 
17:53:31 The following template can be used to demonstrate the vulnerability:  
17:53:31 ```{{#with "constructor"}}
17:53:31 	{{#with split as |a|}}
17:53:31 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:53:31 		{{#with (concat (lookup join (slice 0 1)))}}
17:53:31 			{{#each (slice 2 3)}}
17:53:31 				{{#with (apply 0 a)}}
17:53:31 					{{.}}
17:53:31 				{{/with}}
17:53:31 			{{/each}}
17:53:31 		{{/with}}
17:53:31 	{{/with}}
17:53:31 {{/with}}```
17:53:31 
17:53:31 
17:53:31 ## Recommendation
17:53:31 
17:53:31 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:53:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:53:31 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:53:31 [INFO] Analysis Complete (2 seconds)
17:53:31 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:53:31 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:53:31 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:53:31 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:53:31 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:53:31 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:53:31 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:53:31 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:53:31 [INFO] 
17:53:31 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >-----------
17:53:31 [INFO] Building dependencies.bean-validation 1.0                         [6/67]
17:53:31 [INFO]   from mvn/dependencies/bean-validation/pom.xml
17:53:31 [INFO] --------------------------------[ pom ]---------------------------------
17:53:31 [INFO] 
17:53:31 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.bean-validation ---
17:53:31 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = [])
17:53:31 [INFO] 
17:53:31 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation ---
17:53:31 [INFO] 
17:53:31 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.bean-validation ---
17:53:31 [INFO] Executing tasks
17:53:36 [INFO] Executed tasks
17:53:36 [INFO] 
17:53:36 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.bean-validation ---
17:53:36 [INFO] Checking for updates
17:53:36 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:53:36 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:53:36 [INFO] Check for updates complete (102 ms)
17:53:37 [INFO] 
17:53:37 
17:53:37 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:53:37 
17:53:37 
17:53:37    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:53:37    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:53:37 
17:53:37 
17:53:37 [INFO] Analysis Started
17:53:37 [INFO] Finished Archive Analyzer (0 seconds)
17:53:37 [INFO] Finished File Name Analyzer (0 seconds)
17:53:37 [INFO] Finished Jar Analyzer (0 seconds)
17:53:37 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:53:37 [INFO] Finished Hint Analyzer (0 seconds)
17:53:37 [INFO] Finished Version Filter Analyzer (0 seconds)
17:53:38 [INFO] Created CPE Index (1 seconds)
17:53:38 [INFO] Finished CPE Analyzer (1 seconds)
17:53:38 [INFO] Finished False Positive Analyzer (0 seconds)
17:53:38 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:53:39 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:53:39 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:53:39 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:53:39 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:53:39 
17:53:39 
17:53:39 ## Recommendation
17:53:39 
17:53:39 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:53:39 
17:53:39 The following template can be used to demonstrate the vulnerability:  
17:53:39 ```{{#with "constructor"}}
17:53:39 	{{#with split as |a|}}
17:53:39 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:53:39 		{{#with (concat (lookup join (slice 0 1)))}}
17:53:39 			{{#each (slice 2 3)}}
17:53:39 				{{#with (apply 0 a)}}
17:53:39 					{{.}}
17:53:39 				{{/with}}
17:53:39 			{{/each}}
17:53:39 		{{/with}}
17:53:39 	{{/with}}
17:53:39 {{/with}}```
17:53:39 
17:53:39 
17:53:39 ## Recommendation
17:53:39 
17:53:39 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:53:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:53:39 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:53:39 [INFO] Analysis Complete (1 seconds)
17:53:39 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:53:39 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:53:39 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:53:39 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:53:39 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:53:39 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:53:39 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:53:39 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:53:39 [INFO] 
17:53:39 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >-----------------
17:53:39 [INFO] Building dependencies.cxf 1.0                                     [7/67]
17:53:39 [INFO]   from mvn/dependencies/cxf/pom.xml
17:53:39 [INFO] --------------------------------[ pom ]---------------------------------
17:53:39 [INFO] 
17:53:39 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.cxf ---
17:53:39 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = [])
17:53:39 [INFO] 
17:53:39 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf ---
17:53:39 [INFO] 
17:53:39 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.cxf ---
17:53:39 [INFO] Executing tasks
17:53:39 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-4.1.3.jar
17:53:39 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-4.1.3.jar
17:53:39 [INFO] Executed tasks
17:53:39 [INFO] 
17:53:39 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.cxf ---
17:53:39 [INFO] Executing tasks
17:53:44 [INFO] Executed tasks
17:53:44 [INFO] 
17:53:44 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.cxf ---
17:53:44 [INFO] Checking for updates
17:53:44 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:53:44 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:53:44 [INFO] Check for updates complete (70 ms)
17:53:45 [INFO] 
17:53:45 
17:53:45 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:53:45 
17:53:45 
17:53:45    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:53:45    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:53:45 
17:53:45 
17:53:45 [INFO] Analysis Started
17:53:45 [INFO] Finished Archive Analyzer (0 seconds)
17:53:45 [INFO] Finished File Name Analyzer (0 seconds)
17:53:45 [INFO] Finished Jar Analyzer (0 seconds)
17:53:45 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:53:45 [INFO] Finished Hint Analyzer (0 seconds)
17:53:45 [INFO] Finished Version Filter Analyzer (0 seconds)
17:53:46 [INFO] Created CPE Index (1 seconds)
17:53:47 [INFO] Finished CPE Analyzer (2 seconds)
17:53:47 [INFO] Finished False Positive Analyzer (0 seconds)
17:53:47 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:53:47 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:53:47 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:53:47 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:53:47 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:53:47 
17:53:47 
17:53:47 ## Recommendation
17:53:47 
17:53:47 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:53:47 
17:53:47 The following template can be used to demonstrate the vulnerability:  
17:53:47 ```{{#with "constructor"}}
17:53:47 	{{#with split as |a|}}
17:53:47 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:53:47 		{{#with (concat (lookup join (slice 0 1)))}}
17:53:47 			{{#each (slice 2 3)}}
17:53:47 				{{#with (apply 0 a)}}
17:53:47 					{{.}}
17:53:47 				{{/with}}
17:53:47 			{{/each}}
17:53:47 		{{/with}}
17:53:47 	{{/with}}
17:53:47 {{/with}}```
17:53:47 
17:53:47 
17:53:47 ## Recommendation
17:53:47 
17:53:47 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:53:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:53:47 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:53:47 [INFO] Analysis Complete (2 seconds)
17:53:47 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:53:47 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:53:48 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:53:48 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:53:48 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:53:48 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:53:48 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:53:48 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:53:48 [INFO] 
17:53:48 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >---------------
17:53:48 [INFO] Building dependencies.commons 1.0                                 [8/67]
17:53:48 [INFO]   from mvn/dependencies/commons/pom.xml
17:53:48 [INFO] --------------------------------[ pom ]---------------------------------
17:53:48 [INFO] 
17:53:48 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.commons ---
17:53:48 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = [])
17:53:48 [INFO] 
17:53:48 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons ---
17:53:48 [INFO] 
17:53:48 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.commons ---
17:53:48 [INFO] Executing tasks
17:53:48 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/commons/commons-jcs3-core-3.2.1.jar
17:53:48 [INFO] Executed tasks
17:53:48 [INFO] 
17:53:48 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.commons ---
17:53:48 [INFO] Executing tasks
17:53:53 [INFO] Executed tasks
17:53:53 [INFO] 
17:53:53 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.commons ---
17:53:53 [INFO] Checking for updates
17:53:53 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:53:53 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:53:53 [INFO] Check for updates complete (73 ms)
17:53:53 [INFO] 
17:53:53 
17:53:53 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:53:53 
17:53:53 
17:53:53    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:53:53    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:53:53 
17:53:53 
17:53:53 [INFO] Analysis Started
17:53:54 [INFO] Finished Archive Analyzer (0 seconds)
17:53:54 [INFO] Finished File Name Analyzer (0 seconds)
17:53:54 [INFO] Finished Jar Analyzer (0 seconds)
17:53:54 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:53:54 [INFO] Finished Hint Analyzer (0 seconds)
17:53:54 [INFO] Finished Version Filter Analyzer (0 seconds)
17:53:55 [INFO] Created CPE Index (1 seconds)
17:53:56 [INFO] Finished CPE Analyzer (2 seconds)
17:53:56 [INFO] Finished False Positive Analyzer (0 seconds)
17:53:56 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:53:56 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:53:56 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:53:56 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:53:56 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:53:56 
17:53:56 
17:53:56 ## Recommendation
17:53:56 
17:53:56 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:53:56 
17:53:56 The following template can be used to demonstrate the vulnerability:  
17:53:56 ```{{#with "constructor"}}
17:53:56 	{{#with split as |a|}}
17:53:56 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:53:56 		{{#with (concat (lookup join (slice 0 1)))}}
17:53:56 			{{#each (slice 2 3)}}
17:53:56 				{{#with (apply 0 a)}}
17:53:56 					{{.}}
17:53:56 				{{/with}}
17:53:56 			{{/each}}
17:53:56 		{{/with}}
17:53:56 	{{/with}}
17:53:56 {{/with}}```
17:53:56 
17:53:56 
17:53:56 ## Recommendation
17:53:56 
17:53:56 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:53:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:53:56 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:53:56 [INFO] Analysis Complete (2 seconds)
17:53:56 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:53:56 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:53:56 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:53:56 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:53:56 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:53:56 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:53:56 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:53:56 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:53:56 [INFO] 
17:53:56 [INFO] --------------< org.openspcoop2:org.openspcoop2.console >---------------
17:53:56 [INFO] Building dependencies.console 1.0                                 [9/67]
17:53:56 [INFO]   from mvn/dependencies/console/pom.xml
17:53:56 [INFO] --------------------------------[ pom ]---------------------------------
17:53:56 [INFO] 
17:53:56 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.console ---
17:53:56 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/console (includes = [*.jar], excludes = [])
17:53:56 [INFO] 
17:53:56 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.console ---
17:53:56 [INFO] 
17:53:56 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.console ---
17:53:56 [INFO] Executing tasks
17:54:01 [INFO] Executed tasks
17:54:01 [INFO] 
17:54:01 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.console ---
17:54:01 [INFO] Checking for updates
17:54:01 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:54:01 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:54:01 [INFO] Check for updates complete (70 ms)
17:54:01 [INFO] 
17:54:01 
17:54:01 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:54:01 
17:54:01 
17:54:01    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:54:01    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:54:01 
17:54:01 
17:54:01 [INFO] Analysis Started
17:54:02 [INFO] Finished Archive Analyzer (0 seconds)
17:54:02 [INFO] Finished File Name Analyzer (0 seconds)
17:54:02 [INFO] Finished Jar Analyzer (0 seconds)
17:54:02 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:54:02 [INFO] Finished Hint Analyzer (0 seconds)
17:54:02 [INFO] Finished Version Filter Analyzer (0 seconds)
17:54:03 [INFO] Created CPE Index (1 seconds)
17:54:04 [INFO] Finished CPE Analyzer (1 seconds)
17:54:04 [INFO] Finished False Positive Analyzer (0 seconds)
17:54:04 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:54:07 [INFO] Finished RetireJS Analyzer (3 seconds)
17:54:07 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:54:07 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:54:07 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:54:07 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:54:07 
17:54:07 
17:54:07 ## Recommendation
17:54:07 
17:54:07 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:54:07 
17:54:07 The following template can be used to demonstrate the vulnerability:  
17:54:07 ```{{#with "constructor"}}
17:54:07 	{{#with split as |a|}}
17:54:07 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:54:07 		{{#with (concat (lookup join (slice 0 1)))}}
17:54:07 			{{#each (slice 2 3)}}
17:54:07 				{{#with (apply 0 a)}}
17:54:07 					{{.}}
17:54:07 				{{/with}}
17:54:07 			{{/each}}
17:54:07 		{{/with}}
17:54:07 	{{/with}}
17:54:07 {{/with}}```
17:54:07 
17:54:07 
17:54:07 ## Recommendation
17:54:07 
17:54:07 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:54:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:54:07 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:54:07 [INFO] Analysis Complete (5 seconds)
17:54:07 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:54:07 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:54:07 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:54:07 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:54:07 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:54:07 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:54:07 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:54:07 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:54:07 [INFO] 
17:54:07 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >-----------------
17:54:07 [INFO] Building dependencies.git 1.0                                    [10/67]
17:54:07 [INFO]   from mvn/dependencies/git/pom.xml
17:54:07 [INFO] --------------------------------[ pom ]---------------------------------
17:54:07 [INFO] 
17:54:07 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.git ---
17:54:07 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = [])
17:54:07 [INFO] 
17:54:07 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git ---
17:54:07 [INFO] 
17:54:07 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.git ---
17:54:07 [INFO] Executing tasks
17:54:12 [INFO] Executed tasks
17:54:12 [INFO] 
17:54:12 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.git ---
17:54:13 [INFO] Checking for updates
17:54:13 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:54:13 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:54:13 [INFO] Check for updates complete (69 ms)
17:54:13 [INFO] 
17:54:13 
17:54:13 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:54:13 
17:54:13 
17:54:13    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:54:13    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:54:13 
17:54:13 
17:54:13 [INFO] Analysis Started
17:54:13 [INFO] Finished Archive Analyzer (0 seconds)
17:54:13 [INFO] Finished File Name Analyzer (0 seconds)
17:54:13 [INFO] Finished Jar Analyzer (0 seconds)
17:54:13 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:54:13 [INFO] Finished Hint Analyzer (0 seconds)
17:54:13 [INFO] Finished Version Filter Analyzer (0 seconds)
17:54:14 [INFO] Created CPE Index (1 seconds)
17:54:15 [INFO] Finished CPE Analyzer (1 seconds)
17:54:15 [INFO] Finished False Positive Analyzer (0 seconds)
17:54:15 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:54:15 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:54:15 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:54:15 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:54:15 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:54:15 
17:54:15 
17:54:15 ## Recommendation
17:54:15 
17:54:15 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:54:15 
17:54:15 The following template can be used to demonstrate the vulnerability:  
17:54:15 ```{{#with "constructor"}}
17:54:15 	{{#with split as |a|}}
17:54:15 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:54:15 		{{#with (concat (lookup join (slice 0 1)))}}
17:54:15 			{{#each (slice 2 3)}}
17:54:15 				{{#with (apply 0 a)}}
17:54:15 					{{.}}
17:54:15 				{{/with}}
17:54:15 			{{/each}}
17:54:15 		{{/with}}
17:54:15 	{{/with}}
17:54:15 {{/with}}```
17:54:15 
17:54:15 
17:54:15 ## Recommendation
17:54:15 
17:54:15 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:54:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:54:15 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:54:15 [INFO] Analysis Complete (1 seconds)
17:54:15 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:54:15 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:54:15 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:54:15 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:54:15 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:54:15 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:54:15 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:54:15 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:54:15 [INFO] 
17:54:15 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >--------------
17:54:15 [INFO] Building dependencies.httpcore 1.0                               [11/67]
17:54:15 [INFO]   from mvn/dependencies/httpcore/pom.xml
17:54:15 [INFO] --------------------------------[ pom ]---------------------------------
17:54:15 [INFO] 
17:54:15 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.httpcore ---
17:54:15 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = [])
17:54:15 [INFO] 
17:54:15 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore ---
17:54:15 [INFO] 
17:54:15 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.httpcore ---
17:54:15 [INFO] Executing tasks
17:54:20 [INFO] Executed tasks
17:54:20 [INFO] 
17:54:20 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.httpcore ---
17:54:20 [INFO] Checking for updates
17:54:20 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:54:20 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:54:20 [INFO] Check for updates complete (72 ms)
17:54:20 [INFO] 
17:54:20 
17:54:20 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:54:20 
17:54:20 
17:54:20    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:54:20    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:54:20 
17:54:20 
17:54:20 [INFO] Analysis Started
17:54:20 [INFO] Finished Archive Analyzer (0 seconds)
17:54:20 [INFO] Finished File Name Analyzer (0 seconds)
17:54:20 [INFO] Finished Jar Analyzer (0 seconds)
17:54:20 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:54:20 [INFO] Finished Hint Analyzer (0 seconds)
17:54:20 [INFO] Finished Version Filter Analyzer (0 seconds)
17:54:22 [INFO] Created CPE Index (1 seconds)
17:54:22 [INFO] Finished CPE Analyzer (1 seconds)
17:54:22 [INFO] Finished False Positive Analyzer (0 seconds)
17:54:22 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:54:22 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:54:22 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:54:22 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:54:22 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:54:22 
17:54:22 
17:54:22 ## Recommendation
17:54:22 
17:54:22 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:54:22 
17:54:22 The following template can be used to demonstrate the vulnerability:  
17:54:22 ```{{#with "constructor"}}
17:54:22 	{{#with split as |a|}}
17:54:22 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:54:22 		{{#with (concat (lookup join (slice 0 1)))}}
17:54:22 			{{#each (slice 2 3)}}
17:54:22 				{{#with (apply 0 a)}}
17:54:22 					{{.}}
17:54:22 				{{/with}}
17:54:22 			{{/each}}
17:54:22 		{{/with}}
17:54:22 	{{/with}}
17:54:22 {{/with}}```
17:54:22 
17:54:22 
17:54:22 ## Recommendation
17:54:22 
17:54:22 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:54:22 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:54:22 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:54:22 [INFO] Analysis Complete (2 seconds)
17:54:22 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:54:22 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:54:22 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:54:22 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:54:22 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:54:22 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:54:22 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:54:22 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:54:22 [INFO] 
17:54:22 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >---------------
17:54:22 [INFO] Building dependencies.jackson 1.0                                [12/67]
17:54:22 [INFO]   from mvn/dependencies/jackson/pom.xml
17:54:22 [INFO] --------------------------------[ pom ]---------------------------------
17:54:22 [INFO] 
17:54:22 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jackson ---
17:54:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = [])
17:54:22 [INFO] 
17:54:22 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson ---
17:54:22 [INFO] 
17:54:22 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jackson ---
17:54:23 [INFO] Executing tasks
17:54:28 [INFO] Executed tasks
17:54:28 [INFO] 
17:54:28 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jackson ---
17:54:28 [INFO] Checking for updates
17:54:28 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:54:28 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:54:28 [INFO] Check for updates complete (73 ms)
17:54:28 [INFO] 
17:54:28 
17:54:28 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:54:28 
17:54:28 
17:54:28    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:54:28    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:54:28 
17:54:28 
17:54:28 [INFO] Analysis Started
17:54:28 [INFO] Finished Archive Analyzer (0 seconds)
17:54:28 [INFO] Finished File Name Analyzer (0 seconds)
17:54:28 [INFO] Finished Jar Analyzer (0 seconds)
17:54:28 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:54:28 [INFO] Finished Hint Analyzer (0 seconds)
17:54:28 [INFO] Finished Version Filter Analyzer (0 seconds)
17:54:30 [INFO] Created CPE Index (2 seconds)
17:54:30 [INFO] Finished CPE Analyzer (2 seconds)
17:54:31 [INFO] Finished False Positive Analyzer (0 seconds)
17:54:31 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:54:31 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:54:31 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:54:31 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:54:31 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:54:31 
17:54:31 
17:54:31 ## Recommendation
17:54:31 
17:54:31 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:54:31 
17:54:31 The following template can be used to demonstrate the vulnerability:  
17:54:31 ```{{#with "constructor"}}
17:54:31 	{{#with split as |a|}}
17:54:31 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:54:31 		{{#with (concat (lookup join (slice 0 1)))}}
17:54:31 			{{#each (slice 2 3)}}
17:54:31 				{{#with (apply 0 a)}}
17:54:31 					{{.}}
17:54:31 				{{/with}}
17:54:31 			{{/each}}
17:54:31 		{{/with}}
17:54:31 	{{/with}}
17:54:31 {{/with}}```
17:54:31 
17:54:31 
17:54:31 ## Recommendation
17:54:31 
17:54:31 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:54:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:54:31 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:54:31 [INFO] Analysis Complete (2 seconds)
17:54:31 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:54:31 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:54:31 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:54:31 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:54:31 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:54:31 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:54:31 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:54:31 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:54:31 [INFO] 
17:54:31 [INFO] --------------< org.openspcoop2:org.openspcoop2.jakarta >---------------
17:54:31 [INFO] Building dependencies.jakarta 1.0                                [13/67]
17:54:31 [INFO]   from mvn/dependencies/jakarta/pom.xml
17:54:31 [INFO] --------------------------------[ pom ]---------------------------------
17:54:32 [INFO] 
17:54:32 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jakarta ---
17:54:32 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jakarta (includes = [*.jar], excludes = [])
17:54:32 [INFO] 
17:54:32 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jakarta ---
17:54:32 [INFO] 
17:54:32 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jakarta ---
17:54:32 [INFO] Executing tasks
17:54:37 [INFO] Executed tasks
17:54:37 [INFO] 
17:54:37 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jakarta ---
17:54:37 [INFO] Checking for updates
17:54:37 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:54:37 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:54:37 [INFO] Check for updates complete (96 ms)
17:54:37 [INFO] 
17:54:37 
17:54:37 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:54:37 
17:54:37 
17:54:37    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:54:37    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:54:37 
17:54:37 
17:54:37 [INFO] Analysis Started
17:54:38 [INFO] Finished Archive Analyzer (0 seconds)
17:54:38 [INFO] Finished File Name Analyzer (0 seconds)
17:54:38 [INFO] Finished Jar Analyzer (0 seconds)
17:54:38 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:54:38 [INFO] Finished Hint Analyzer (0 seconds)
17:54:38 [INFO] Finished Version Filter Analyzer (0 seconds)
17:54:40 [INFO] Created CPE Index (2 seconds)
17:54:40 [INFO] Finished CPE Analyzer (2 seconds)
17:54:40 [INFO] Finished False Positive Analyzer (0 seconds)
17:54:40 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:54:40 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:54:40 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:54:40 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:54:40 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:54:40 
17:54:40 
17:54:40 ## Recommendation
17:54:40 
17:54:40 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:54:40 
17:54:40 The following template can be used to demonstrate the vulnerability:  
17:54:40 ```{{#with "constructor"}}
17:54:40 	{{#with split as |a|}}
17:54:40 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:54:40 		{{#with (concat (lookup join (slice 0 1)))}}
17:54:40 			{{#each (slice 2 3)}}
17:54:40 				{{#with (apply 0 a)}}
17:54:40 					{{.}}
17:54:40 				{{/with}}
17:54:40 			{{/each}}
17:54:40 		{{/with}}
17:54:40 	{{/with}}
17:54:40 {{/with}}```
17:54:40 
17:54:40 
17:54:40 ## Recommendation
17:54:40 
17:54:40 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:54:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:54:40 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:54:40 [INFO] Analysis Complete (3 seconds)
17:54:40 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:54:41 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:54:41 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:54:41 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:54:41 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:54:41 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:54:41 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:54:41 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:54:41 [INFO] 
17:54:41 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jaxb >----------------
17:54:41 [INFO] Building dependencies.jaxb 1.0                                   [14/67]
17:54:41 [INFO]   from mvn/dependencies/jaxb/pom.xml
17:54:41 [INFO] --------------------------------[ pom ]---------------------------------
17:54:41 [INFO] 
17:54:41 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jaxb ---
17:54:41 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jaxb (includes = [*.jar], excludes = [])
17:54:41 [INFO] 
17:54:41 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jaxb ---
17:54:41 [INFO] 
17:54:41 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jaxb ---
17:54:41 [INFO] Executing tasks
17:54:46 [INFO] Executed tasks
17:54:46 [INFO] 
17:54:46 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jaxb ---
17:54:46 [INFO] Checking for updates
17:54:46 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:54:46 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:54:46 [INFO] Check for updates complete (70 ms)
17:54:46 [INFO] 
17:54:46 
17:54:46 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:54:46 
17:54:46 
17:54:46    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:54:46    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:54:46 
17:54:46 
17:54:46 [INFO] Analysis Started
17:54:46 [INFO] Finished Archive Analyzer (0 seconds)
17:54:46 [INFO] Finished File Name Analyzer (0 seconds)
17:54:46 [INFO] Finished Jar Analyzer (0 seconds)
17:54:46 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:54:46 [INFO] Finished Hint Analyzer (0 seconds)
17:54:46 [INFO] Finished Version Filter Analyzer (0 seconds)
17:54:48 [INFO] Created CPE Index (1 seconds)
17:54:48 [INFO] Finished CPE Analyzer (1 seconds)
17:54:48 [INFO] Finished False Positive Analyzer (0 seconds)
17:54:48 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:54:48 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:54:48 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:54:48 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:54:48 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:54:48 
17:54:48 
17:54:48 ## Recommendation
17:54:48 
17:54:48 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:54:48 
17:54:48 The following template can be used to demonstrate the vulnerability:  
17:54:48 ```{{#with "constructor"}}
17:54:48 	{{#with split as |a|}}
17:54:48 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:54:48 		{{#with (concat (lookup join (slice 0 1)))}}
17:54:48 			{{#each (slice 2 3)}}
17:54:48 				{{#with (apply 0 a)}}
17:54:48 					{{.}}
17:54:48 				{{/with}}
17:54:48 			{{/each}}
17:54:48 		{{/with}}
17:54:48 	{{/with}}
17:54:48 {{/with}}```
17:54:48 
17:54:48 
17:54:48 ## Recommendation
17:54:48 
17:54:48 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:54:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:54:48 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:54:48 [INFO] Analysis Complete (1 seconds)
17:54:48 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:54:48 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:54:48 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:54:48 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:54:48 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:54:48 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:54:48 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:54:48 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:54:48 [INFO] 
17:54:48 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >----------------
17:54:48 [INFO] Building dependencies.jetty 1.0                                  [15/67]
17:54:48 [INFO]   from mvn/dependencies/jetty/pom.xml
17:54:48 [INFO] --------------------------------[ pom ]---------------------------------
17:54:48 [INFO] 
17:54:48 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jetty ---
17:54:48 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = [])
17:54:48 [INFO] 
17:54:48 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty ---
17:54:48 [INFO] 
17:54:48 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jetty ---
17:54:48 [INFO] Executing tasks
17:54:53 [INFO] Executed tasks
17:54:53 [INFO] 
17:54:53 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jetty ---
17:54:53 [INFO] Checking for updates
17:54:53 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:54:53 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:54:53 [INFO] Check for updates complete (97 ms)
17:54:53 [INFO] 
17:54:53 
17:54:53 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:54:53 
17:54:53 
17:54:53    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:54:53    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:54:53 
17:54:53 
17:54:53 [INFO] Analysis Started
17:54:53 [INFO] Finished File Name Analyzer (0 seconds)
17:54:53 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:54:53 [INFO] Finished Hint Analyzer (0 seconds)
17:54:53 [INFO] Finished Version Filter Analyzer (0 seconds)
17:54:55 [INFO] Created CPE Index (1 seconds)
17:54:55 [INFO] Finished CPE Analyzer (1 seconds)
17:54:55 [INFO] Finished False Positive Analyzer (0 seconds)
17:54:55 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:54:55 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:54:55 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:54:55 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:54:55 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:54:55 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:54:55 [INFO] Analysis Complete (1 seconds)
17:54:55 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:54:55 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:54:55 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:54:55 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:54:55 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:54:55 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:54:55 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:54:55 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:54:55 [INFO] 
17:54:55 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jmx >-----------------
17:54:55 [INFO] Building dependencies.jmx 1.0                                    [16/67]
17:54:55 [INFO]   from mvn/dependencies/jmx/pom.xml
17:54:55 [INFO] --------------------------------[ pom ]---------------------------------
17:54:55 [INFO] 
17:54:55 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jmx ---
17:54:55 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jmx (includes = [*.jar], excludes = [])
17:54:55 [INFO] 
17:54:55 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jmx ---
17:54:55 [INFO] 
17:54:55 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jmx ---
17:54:55 [INFO] Executing tasks
17:55:00 [INFO] Executed tasks
17:55:00 [INFO] 
17:55:00 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jmx ---
17:55:00 [INFO] Checking for updates
17:55:00 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:55:00 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:55:00 [INFO] Check for updates complete (76 ms)
17:55:00 [INFO] 
17:55:00 
17:55:00 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:55:00 
17:55:00 
17:55:00    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:55:00    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:55:00 
17:55:00 
17:55:00 [INFO] Analysis Started
17:55:00 [INFO] Finished Archive Analyzer (0 seconds)
17:55:00 [INFO] Finished File Name Analyzer (0 seconds)
17:55:00 [INFO] Finished Jar Analyzer (0 seconds)
17:55:00 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:55:00 [INFO] Finished Hint Analyzer (0 seconds)
17:55:00 [INFO] Finished Version Filter Analyzer (0 seconds)
17:55:02 [INFO] Created CPE Index (1 seconds)
17:55:02 [INFO] Finished CPE Analyzer (1 seconds)
17:55:02 [INFO] Finished False Positive Analyzer (0 seconds)
17:55:02 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:55:02 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:55:02 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:55:02 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:55:02 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:55:02 
17:55:02 
17:55:02 ## Recommendation
17:55:02 
17:55:02 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:55:02 
17:55:02 The following template can be used to demonstrate the vulnerability:  
17:55:02 ```{{#with "constructor"}}
17:55:02 	{{#with split as |a|}}
17:55:02 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:55:02 		{{#with (concat (lookup join (slice 0 1)))}}
17:55:02 			{{#each (slice 2 3)}}
17:55:02 				{{#with (apply 0 a)}}
17:55:02 					{{.}}
17:55:02 				{{/with}}
17:55:02 			{{/each}}
17:55:02 		{{/with}}
17:55:02 	{{/with}}
17:55:02 {{/with}}```
17:55:02 
17:55:02 
17:55:02 ## Recommendation
17:55:02 
17:55:02 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:55:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:55:02 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:55:02 [INFO] Analysis Complete (1 seconds)
17:55:02 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:55:02 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:55:02 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:55:02 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:55:02 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:55:02 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:55:02 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:55:02 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:55:02 [INFO] 
17:55:02 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >----------------
17:55:02 [INFO] Building dependencies.json 1.0                                   [17/67]
17:55:02 [INFO]   from mvn/dependencies/json/pom.xml
17:55:02 [INFO] --------------------------------[ pom ]---------------------------------
17:55:02 [INFO] 
17:55:02 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.json ---
17:55:02 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = [])
17:55:02 [INFO] 
17:55:02 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json ---
17:55:02 [INFO] 
17:55:02 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.json ---
17:55:02 [INFO] Executing tasks
17:55:02 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0.jar
17:55:02 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14.jar
17:55:02 [INFO] Executed tasks
17:55:02 [INFO] 
17:55:02 [INFO] --- copy-rename:1.0:rename (rename-file-networknt) @ org.openspcoop2.json ---
17:55:02 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.5.7.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.5.7.jar
17:55:02 [INFO] 
17:55:02 [INFO] --- copy-rename:1.0:rename (rename-file-github-validator) @ org.openspcoop2.json ---
17:55:02 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-validator-2.2.14-gov4j-1.jar
17:55:02 [INFO] 
17:55:02 [INFO] --- copy-rename:1.0:rename (rename-file-github-core) @ org.openspcoop2.json ---
17:55:02 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-core-1.2.14.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-core-1.2.14.jar
17:55:02 [INFO] 
17:55:02 [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson) @ org.openspcoop2.json ---
17:55:02 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-2.0.jar
17:55:02 [INFO] 
17:55:02 [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson-equivalence) @ org.openspcoop2.json ---
17:55:02 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-equivalence-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-equivalence-1.0.jar
17:55:02 [INFO] 
17:55:02 [INFO] --- copy-rename:1.0:rename (rename-file-github-uri-template) @ org.openspcoop2.json ---
17:55:02 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/uri-template-0.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_uri-template-0.10.jar
17:55:02 [INFO] 
17:55:02 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.json ---
17:55:02 [INFO] Executing tasks
17:55:07 [INFO] Executed tasks
17:55:07 [INFO] 
17:55:07 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.json ---
17:55:07 [INFO] Checking for updates
17:55:07 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:55:07 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:55:07 [INFO] Check for updates complete (74 ms)
17:55:08 [INFO] 
17:55:08 
17:55:08 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:55:08 
17:55:08 
17:55:08    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:55:08    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:55:08 
17:55:08 
17:55:08 [INFO] Analysis Started
17:55:08 [INFO] Finished Archive Analyzer (0 seconds)
17:55:08 [INFO] Finished File Name Analyzer (0 seconds)
17:55:08 [INFO] Finished Jar Analyzer (0 seconds)
17:55:08 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:55:08 [INFO] Finished Hint Analyzer (0 seconds)
17:55:08 [INFO] Finished Version Filter Analyzer (0 seconds)
17:55:09 [INFO] Created CPE Index (1 seconds)
17:55:10 [INFO] Finished CPE Analyzer (1 seconds)
17:55:10 [INFO] Finished False Positive Analyzer (0 seconds)
17:55:10 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:55:10 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:55:10 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:55:10 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:55:10 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:55:10 
17:55:10 
17:55:10 ## Recommendation
17:55:10 
17:55:10 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:55:10 
17:55:10 The following template can be used to demonstrate the vulnerability:  
17:55:10 ```{{#with "constructor"}}
17:55:10 	{{#with split as |a|}}
17:55:10 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:55:10 		{{#with (concat (lookup join (slice 0 1)))}}
17:55:10 			{{#each (slice 2 3)}}
17:55:10 				{{#with (apply 0 a)}}
17:55:10 					{{.}}
17:55:10 				{{/with}}
17:55:10 			{{/each}}
17:55:10 		{{/with}}
17:55:10 	{{/with}}
17:55:10 {{/with}}```
17:55:10 
17:55:10 
17:55:10 ## Recommendation
17:55:10 
17:55:10 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:55:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:55:10 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:55:10 [INFO] Analysis Complete (2 seconds)
17:55:10 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:55:10 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:55:10 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:55:10 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:55:10 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:55:10 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:55:10 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:55:10 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:55:10 [INFO] 
17:55:10 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >-----------------
17:55:10 [INFO] Building dependencies.log 1.0                                    [18/67]
17:55:10 [INFO]   from mvn/dependencies/log/pom.xml
17:55:10 [INFO] --------------------------------[ pom ]---------------------------------
17:55:10 [INFO] 
17:55:10 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.log ---
17:55:10 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = [])
17:55:10 [INFO] 
17:55:10 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log ---
17:55:10 [INFO] 
17:55:10 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.log ---
17:55:10 [INFO] Executing tasks
17:55:10 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.17.jar
17:55:10 [INFO] Executed tasks
17:55:10 [INFO] 
17:55:10 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.log ---
17:55:10 [INFO] Executing tasks
17:55:15 [INFO] Executed tasks
17:55:15 [INFO] 
17:55:15 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.log ---
17:55:15 [INFO] Checking for updates
17:55:15 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:55:15 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:55:15 [INFO] Check for updates complete (68 ms)
17:55:15 [INFO] 
17:55:15 
17:55:15 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:55:15 
17:55:15 
17:55:15    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:55:15    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:55:15 
17:55:15 
17:55:15 [INFO] Analysis Started
17:55:15 [INFO] Finished Archive Analyzer (0 seconds)
17:55:15 [INFO] Finished File Name Analyzer (0 seconds)
17:55:15 [INFO] Finished Jar Analyzer (0 seconds)
17:55:15 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:55:15 [INFO] Finished Hint Analyzer (0 seconds)
17:55:15 [INFO] Finished Version Filter Analyzer (0 seconds)
17:55:17 [INFO] Created CPE Index (1 seconds)
17:55:17 [INFO] Finished CPE Analyzer (1 seconds)
17:55:17 [INFO] Finished False Positive Analyzer (0 seconds)
17:55:17 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:55:17 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:55:17 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:55:17 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:55:17 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:55:17 
17:55:17 
17:55:17 ## Recommendation
17:55:17 
17:55:17 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:55:17 
17:55:17 The following template can be used to demonstrate the vulnerability:  
17:55:17 ```{{#with "constructor"}}
17:55:17 	{{#with split as |a|}}
17:55:17 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:55:17 		{{#with (concat (lookup join (slice 0 1)))}}
17:55:17 			{{#each (slice 2 3)}}
17:55:17 				{{#with (apply 0 a)}}
17:55:17 					{{.}}
17:55:17 				{{/with}}
17:55:17 			{{/each}}
17:55:17 		{{/with}}
17:55:17 	{{/with}}
17:55:17 {{/with}}```
17:55:17 
17:55:17 
17:55:17 ## Recommendation
17:55:17 
17:55:17 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:55:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:55:17 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:55:17 [INFO] Analysis Complete (1 seconds)
17:55:17 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:55:17 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:55:17 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:55:17 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:55:17 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:55:17 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:55:17 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:55:17 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:55:17 [INFO] 
17:55:17 [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >---------------
17:55:17 [INFO] Building dependencies.lucene 1.0                                 [19/67]
17:55:17 [INFO]   from mvn/dependencies/lucene/pom.xml
17:55:17 [INFO] --------------------------------[ pom ]---------------------------------
17:55:17 [INFO] 
17:55:17 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.lucene ---
17:55:17 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = [])
17:55:17 [INFO] 
17:55:17 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene ---
17:55:17 [INFO] 
17:55:17 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.lucene ---
17:55:17 [INFO] Executing tasks
17:55:22 [INFO] Executed tasks
17:55:22 [INFO] 
17:55:22 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.lucene ---
17:55:22 [INFO] Checking for updates
17:55:22 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:55:22 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:55:22 [INFO] Check for updates complete (73 ms)
17:55:23 [INFO] 
17:55:23 
17:55:23 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:55:23 
17:55:23 
17:55:23    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:55:23    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:55:23 
17:55:23 
17:55:23 [INFO] Analysis Started
17:55:23 [INFO] Finished Archive Analyzer (0 seconds)
17:55:23 [INFO] Finished File Name Analyzer (0 seconds)
17:55:23 [INFO] Finished Jar Analyzer (0 seconds)
17:55:23 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:55:23 [INFO] Finished Hint Analyzer (0 seconds)
17:55:23 [INFO] Finished Version Filter Analyzer (0 seconds)
17:55:24 [INFO] Created CPE Index (1 seconds)
17:55:24 [INFO] Finished CPE Analyzer (1 seconds)
17:55:24 [INFO] Finished False Positive Analyzer (0 seconds)
17:55:24 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:55:24 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:55:24 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:55:24 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:55:24 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:55:24 
17:55:24 
17:55:24 ## Recommendation
17:55:24 
17:55:24 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:55:24 
17:55:24 The following template can be used to demonstrate the vulnerability:  
17:55:24 ```{{#with "constructor"}}
17:55:24 	{{#with split as |a|}}
17:55:24 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:55:24 		{{#with (concat (lookup join (slice 0 1)))}}
17:55:24 			{{#each (slice 2 3)}}
17:55:24 				{{#with (apply 0 a)}}
17:55:24 					{{.}}
17:55:24 				{{/with}}
17:55:24 			{{/each}}
17:55:24 		{{/with}}
17:55:24 	{{/with}}
17:55:24 {{/with}}```
17:55:24 
17:55:24 
17:55:24 ## Recommendation
17:55:24 
17:55:24 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:55:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:55:24 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:55:24 [INFO] Analysis Complete (1 seconds)
17:55:24 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:55:24 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:55:24 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:55:24 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:55:24 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:55:24 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:55:24 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:55:24 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:55:24 [INFO] 
17:55:24 [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >--------------
17:55:24 [INFO] Building dependencies.openapi4j 1.0                              [20/67]
17:55:24 [INFO]   from mvn/dependencies/openapi4j/pom.xml
17:55:24 [INFO] --------------------------------[ pom ]---------------------------------
17:55:24 [INFO] 
17:55:24 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.openapi4j ---
17:55:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = [])
17:55:24 [INFO] 
17:55:24 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j ---
17:55:24 [INFO] 
17:55:24 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.openapi4j ---
17:55:25 [INFO] Executing tasks
17:55:25 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7.jar
17:55:25 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7.jar
17:55:25 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7.jar
17:55:25 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7.jar
17:55:25 [INFO] Executed tasks
17:55:25 [INFO] 
17:55:25 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.openapi4j ---
17:55:25 [INFO] Executing tasks
17:55:30 [INFO] Executed tasks
17:55:30 [INFO] 
17:55:30 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.openapi4j ---
17:55:30 [INFO] Checking for updates
17:55:30 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:55:30 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:55:30 [INFO] Check for updates complete (165 ms)
17:55:30 [INFO] 
17:55:30 
17:55:30 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:55:30 
17:55:30 
17:55:30    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:55:30    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:55:30 
17:55:30 
17:55:30 [INFO] Analysis Started
17:55:30 [INFO] Finished Archive Analyzer (0 seconds)
17:55:30 [INFO] Finished File Name Analyzer (0 seconds)
17:55:30 [INFO] Finished Jar Analyzer (0 seconds)
17:55:30 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:55:30 [INFO] Finished Hint Analyzer (0 seconds)
17:55:30 [INFO] Finished Version Filter Analyzer (0 seconds)
17:55:32 [INFO] Created CPE Index (1 seconds)
17:55:32 [INFO] Finished CPE Analyzer (1 seconds)
17:55:32 [INFO] Finished False Positive Analyzer (0 seconds)
17:55:32 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:55:32 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:55:32 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:55:32 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:55:32 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:55:32 
17:55:32 
17:55:32 ## Recommendation
17:55:32 
17:55:32 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:55:32 
17:55:32 The following template can be used to demonstrate the vulnerability:  
17:55:32 ```{{#with "constructor"}}
17:55:32 	{{#with split as |a|}}
17:55:32 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:55:32 		{{#with (concat (lookup join (slice 0 1)))}}
17:55:32 			{{#each (slice 2 3)}}
17:55:32 				{{#with (apply 0 a)}}
17:55:32 					{{.}}
17:55:32 				{{/with}}
17:55:32 			{{/each}}
17:55:32 		{{/with}}
17:55:32 	{{/with}}
17:55:32 {{/with}}```
17:55:32 
17:55:32 
17:55:32 ## Recommendation
17:55:32 
17:55:32 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:55:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:55:32 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:55:32 [INFO] Analysis Complete (1 seconds)
17:55:32 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:55:32 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:55:32 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:55:32 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:55:32 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:55:32 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:55:32 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:55:32 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:55:32 [INFO] 
17:55:32 [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >--------------
17:55:32 [INFO] Building dependencies.opensaml 1.0                               [21/67]
17:55:32 [INFO]   from mvn/dependencies/opensaml/pom.xml
17:55:32 [INFO] --------------------------------[ pom ]---------------------------------
17:55:32 [INFO] 
17:55:32 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.opensaml ---
17:55:32 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = [])
17:55:32 [INFO] 
17:55:32 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml ---
17:55:32 [INFO] 
17:55:32 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.opensaml ---
17:55:32 [INFO] Executing tasks
17:55:37 [INFO] Executed tasks
17:55:37 [INFO] 
17:55:37 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.opensaml ---
17:55:37 [INFO] Checking for updates
17:55:37 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:55:37 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:55:37 [INFO] Check for updates complete (68 ms)
17:55:37 [INFO] 
17:55:37 
17:55:37 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:55:37 
17:55:37 
17:55:37    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:55:37    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:55:37 
17:55:37 
17:55:37 [INFO] Analysis Started
17:55:37 [INFO] Finished Archive Analyzer (0 seconds)
17:55:37 [INFO] Finished File Name Analyzer (0 seconds)
17:55:37 [INFO] Finished Jar Analyzer (0 seconds)
17:55:37 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:55:37 [INFO] Finished Hint Analyzer (0 seconds)
17:55:37 [INFO] Finished Version Filter Analyzer (0 seconds)
17:55:39 [INFO] Created CPE Index (1 seconds)
17:55:39 [INFO] Finished CPE Analyzer (1 seconds)
17:55:39 [INFO] Finished False Positive Analyzer (0 seconds)
17:55:39 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:55:39 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:55:39 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:55:39 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:55:39 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:55:39 
17:55:39 
17:55:39 ## Recommendation
17:55:39 
17:55:39 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:55:39 
17:55:39 The following template can be used to demonstrate the vulnerability:  
17:55:39 ```{{#with "constructor"}}
17:55:39 	{{#with split as |a|}}
17:55:39 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:55:39 		{{#with (concat (lookup join (slice 0 1)))}}
17:55:39 			{{#each (slice 2 3)}}
17:55:39 				{{#with (apply 0 a)}}
17:55:39 					{{.}}
17:55:39 				{{/with}}
17:55:39 			{{/each}}
17:55:39 		{{/with}}
17:55:39 	{{/with}}
17:55:39 {{/with}}```
17:55:39 
17:55:39 
17:55:39 ## Recommendation
17:55:39 
17:55:39 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:55:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:55:39 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:55:39 [INFO] Analysis Complete (1 seconds)
17:55:39 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:55:39 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:55:39 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:55:39 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:55:39 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:55:39 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:55:39 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:55:39 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:55:39 [INFO] 
17:55:39 [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >-----------------
17:55:39 [INFO] Building dependencies.pdf 1.0                                    [22/67]
17:55:39 [INFO]   from mvn/dependencies/pdf/pom.xml
17:55:39 [INFO] --------------------------------[ pom ]---------------------------------
17:55:39 [INFO] 
17:55:39 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.pdf ---
17:55:39 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = [])
17:55:39 [INFO] 
17:55:39 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf ---
17:55:39 [INFO] 
17:55:39 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.pdf ---
17:55:39 [INFO] Executing tasks
17:55:44 [INFO] Executed tasks
17:55:44 [INFO] 
17:55:44 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.pdf ---
17:55:44 [INFO] Checking for updates
17:55:44 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:55:44 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:55:44 [INFO] Check for updates complete (70 ms)
17:55:45 [INFO] 
17:55:45 
17:55:45 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:55:45 
17:55:45 
17:55:45    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:55:45    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:55:45 
17:55:45 
17:55:45 [INFO] Analysis Started
17:55:45 [INFO] Finished Archive Analyzer (0 seconds)
17:55:45 [INFO] Finished File Name Analyzer (0 seconds)
17:55:45 [INFO] Finished Jar Analyzer (0 seconds)
17:55:45 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:55:45 [INFO] Finished Hint Analyzer (0 seconds)
17:55:45 [INFO] Finished Version Filter Analyzer (0 seconds)
17:55:46 [INFO] Created CPE Index (1 seconds)
17:55:46 [INFO] Finished CPE Analyzer (1 seconds)
17:55:46 [INFO] Finished False Positive Analyzer (0 seconds)
17:55:46 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:55:46 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:55:46 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:55:46 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:55:46 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:55:46 
17:55:46 
17:55:46 ## Recommendation
17:55:46 
17:55:46 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:55:46 
17:55:46 The following template can be used to demonstrate the vulnerability:  
17:55:46 ```{{#with "constructor"}}
17:55:46 	{{#with split as |a|}}
17:55:46 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:55:46 		{{#with (concat (lookup join (slice 0 1)))}}
17:55:46 			{{#each (slice 2 3)}}
17:55:46 				{{#with (apply 0 a)}}
17:55:46 					{{.}}
17:55:46 				{{/with}}
17:55:46 			{{/each}}
17:55:46 		{{/with}}
17:55:46 	{{/with}}
17:55:46 {{/with}}```
17:55:46 
17:55:46 
17:55:46 ## Recommendation
17:55:46 
17:55:46 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:55:46 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:55:46 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:55:46 [INFO] Analysis Complete (1 seconds)
17:55:46 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:55:46 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:55:46 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:55:46 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:55:46 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:55:46 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:55:46 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:55:46 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:55:46 [INFO] 
17:55:46 [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >----------------
17:55:46 [INFO] Building dependencies.redis 1.0                                  [23/67]
17:55:46 [INFO]   from mvn/dependencies/redis/pom.xml
17:55:46 [INFO] --------------------------------[ pom ]---------------------------------
17:55:46 [INFO] 
17:55:46 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.redis ---
17:55:46 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = [])
17:55:46 [INFO] 
17:55:46 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis ---
17:55:46 [INFO] 
17:55:46 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.redis ---
17:55:46 [INFO] Executing tasks
17:55:51 [INFO] Executed tasks
17:55:51 [INFO] 
17:55:51 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.redis ---
17:55:52 [INFO] Checking for updates
17:55:52 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:55:52 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:55:52 [INFO] Check for updates complete (70 ms)
17:55:52 [INFO] 
17:55:52 
17:55:52 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:55:52 
17:55:52 
17:55:52    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:55:52    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:55:52 
17:55:52 
17:55:52 [INFO] Analysis Started
17:55:52 [INFO] Finished Archive Analyzer (0 seconds)
17:55:52 [INFO] Finished File Name Analyzer (0 seconds)
17:55:52 [INFO] Finished Jar Analyzer (0 seconds)
17:55:52 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:55:52 [INFO] Finished Hint Analyzer (0 seconds)
17:55:52 [INFO] Finished Version Filter Analyzer (0 seconds)
17:55:53 [INFO] Created CPE Index (1 seconds)
17:55:54 [INFO] Finished CPE Analyzer (1 seconds)
17:55:54 [INFO] Finished False Positive Analyzer (0 seconds)
17:55:54 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:55:54 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:55:54 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:55:54 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:55:54 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:55:54 
17:55:54 
17:55:54 ## Recommendation
17:55:54 
17:55:54 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:55:54 
17:55:54 The following template can be used to demonstrate the vulnerability:  
17:55:54 ```{{#with "constructor"}}
17:55:54 	{{#with split as |a|}}
17:55:54 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:55:54 		{{#with (concat (lookup join (slice 0 1)))}}
17:55:54 			{{#each (slice 2 3)}}
17:55:54 				{{#with (apply 0 a)}}
17:55:54 					{{.}}
17:55:54 				{{/with}}
17:55:54 			{{/each}}
17:55:54 		{{/with}}
17:55:54 	{{/with}}
17:55:54 {{/with}}```
17:55:54 
17:55:54 
17:55:54 ## Recommendation
17:55:54 
17:55:54 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:55:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:55:54 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:55:54 [INFO] Analysis Complete (1 seconds)
17:55:54 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:55:54 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:55:54 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:55:54 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:55:54 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:55:54 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:55:54 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:55:54 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:55:54 [INFO] 
17:55:54 [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >---------------
17:55:54 [INFO] Building dependencies.reports 1.0                                [24/67]
17:55:54 [INFO]   from mvn/dependencies/reports/pom.xml
17:55:54 [INFO] --------------------------------[ pom ]---------------------------------
17:55:54 [INFO] 
17:55:54 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.reports ---
17:55:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = [])
17:55:54 [INFO] 
17:55:54 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports ---
17:55:54 [INFO] 
17:55:54 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.reports ---
17:55:54 [INFO] Executing tasks
17:55:59 [INFO] Executed tasks
17:55:59 [INFO] 
17:55:59 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.reports ---
17:55:59 [INFO] Checking for updates
17:55:59 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:55:59 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:55:59 [INFO] Check for updates complete (66 ms)
17:55:59 [INFO] 
17:55:59 
17:55:59 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:55:59 
17:55:59 
17:55:59    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:55:59    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:55:59 
17:55:59 
17:55:59 [INFO] Analysis Started
17:55:59 [INFO] Finished Archive Analyzer (0 seconds)
17:55:59 [INFO] Finished File Name Analyzer (0 seconds)
17:55:59 [INFO] Finished Jar Analyzer (0 seconds)
17:55:59 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:55:59 [INFO] Finished Hint Analyzer (0 seconds)
17:55:59 [INFO] Finished Version Filter Analyzer (0 seconds)
17:56:01 [INFO] Created CPE Index (1 seconds)
17:56:01 [INFO] Finished CPE Analyzer (1 seconds)
17:56:01 [INFO] Finished False Positive Analyzer (0 seconds)
17:56:01 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:56:01 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:56:01 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:56:01 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:56:01 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:56:01 
17:56:01 
17:56:01 ## Recommendation
17:56:01 
17:56:01 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:56:01 
17:56:01 The following template can be used to demonstrate the vulnerability:  
17:56:01 ```{{#with "constructor"}}
17:56:01 	{{#with split as |a|}}
17:56:01 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:56:01 		{{#with (concat (lookup join (slice 0 1)))}}
17:56:01 			{{#each (slice 2 3)}}
17:56:01 				{{#with (apply 0 a)}}
17:56:01 					{{.}}
17:56:01 				{{/with}}
17:56:01 			{{/each}}
17:56:01 		{{/with}}
17:56:01 	{{/with}}
17:56:01 {{/with}}```
17:56:01 
17:56:01 
17:56:01 ## Recommendation
17:56:01 
17:56:01 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:56:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:56:01 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:56:01 [INFO] Analysis Complete (1 seconds)
17:56:01 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:56:01 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:56:01 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:56:01 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:56:01 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:56:01 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:56:01 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:56:01 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:56:01 [INFO] 
17:56:01 [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >----------------
17:56:01 [INFO] Building dependencies.saaj 1.0                                   [25/67]
17:56:01 [INFO]   from mvn/dependencies/saaj/pom.xml
17:56:01 [INFO] --------------------------------[ pom ]---------------------------------
17:56:01 [INFO] 
17:56:01 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.saaj ---
17:56:01 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = [])
17:56:01 [INFO] 
17:56:01 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj ---
17:56:01 [INFO] 
17:56:01 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.saaj ---
17:56:01 [INFO] Executing tasks
17:56:01 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-3.0.4.jar
17:56:01 [INFO] Executed tasks
17:56:01 [INFO] 
17:56:01 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.saaj ---
17:56:01 [INFO] Executing tasks
17:56:06 [INFO] Executed tasks
17:56:06 [INFO] 
17:56:06 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.saaj ---
17:56:06 [INFO] Checking for updates
17:56:06 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:56:06 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:56:06 [INFO] Check for updates complete (106 ms)
17:56:07 [INFO] 
17:56:07 
17:56:07 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:56:07 
17:56:07 
17:56:07    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:56:07    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:56:07 
17:56:07 
17:56:07 [INFO] Analysis Started
17:56:07 [INFO] Finished Archive Analyzer (0 seconds)
17:56:07 [INFO] Finished File Name Analyzer (0 seconds)
17:56:07 [INFO] Finished Jar Analyzer (0 seconds)
17:56:07 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:56:07 [INFO] Finished Hint Analyzer (0 seconds)
17:56:07 [INFO] Finished Version Filter Analyzer (0 seconds)
17:56:08 [INFO] Created CPE Index (1 seconds)
17:56:08 [INFO] Finished CPE Analyzer (1 seconds)
17:56:08 [INFO] Finished False Positive Analyzer (0 seconds)
17:56:08 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:56:08 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:56:08 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:56:08 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:56:08 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:56:08 
17:56:08 
17:56:08 ## Recommendation
17:56:08 
17:56:08 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:56:08 
17:56:08 The following template can be used to demonstrate the vulnerability:  
17:56:08 ```{{#with "constructor"}}
17:56:08 	{{#with split as |a|}}
17:56:08 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:56:08 		{{#with (concat (lookup join (slice 0 1)))}}
17:56:08 			{{#each (slice 2 3)}}
17:56:08 				{{#with (apply 0 a)}}
17:56:08 					{{.}}
17:56:08 				{{/with}}
17:56:08 			{{/each}}
17:56:08 		{{/with}}
17:56:08 	{{/with}}
17:56:08 {{/with}}```
17:56:08 
17:56:08 
17:56:08 ## Recommendation
17:56:08 
17:56:08 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:56:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:56:08 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:56:08 [INFO] Analysis Complete (1 seconds)
17:56:08 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:56:08 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:56:08 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:56:09 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:56:09 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:56:09 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:56:09 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:56:09 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:56:09 [INFO] 
17:56:09 [INFO] --------------< org.openspcoop2:org.openspcoop2.security >--------------
17:56:09 [INFO] Building dependencies.security 1.0                               [26/67]
17:56:09 [INFO]   from mvn/dependencies/security/pom.xml
17:56:09 [INFO] --------------------------------[ pom ]---------------------------------
17:56:09 [INFO] 
17:56:09 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.security ---
17:56:09 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = [])
17:56:09 [INFO] 
17:56:09 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security ---
17:56:09 [INFO] 
17:56:09 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.security ---
17:56:09 [INFO] Executing tasks
17:56:14 [INFO] Executed tasks
17:56:14 [INFO] 
17:56:14 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.security ---
17:56:14 [INFO] Checking for updates
17:56:14 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:56:14 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:56:14 [INFO] Check for updates complete (90 ms)
17:56:14 [INFO] 
17:56:14 
17:56:14 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:56:14 
17:56:14 
17:56:14    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:56:14    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:56:14 
17:56:14 
17:56:14 [INFO] Analysis Started
17:56:14 [INFO] Finished Archive Analyzer (0 seconds)
17:56:14 [INFO] Finished File Name Analyzer (0 seconds)
17:56:14 [INFO] Finished Jar Analyzer (0 seconds)
17:56:14 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:56:15 [INFO] Finished Hint Analyzer (0 seconds)
17:56:15 [INFO] Finished Version Filter Analyzer (0 seconds)
17:56:16 [INFO] Created CPE Index (1 seconds)
17:56:16 [INFO] Finished CPE Analyzer (1 seconds)
17:56:16 [INFO] Finished False Positive Analyzer (0 seconds)
17:56:16 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:56:16 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:56:16 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:56:16 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:56:16 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:56:16 
17:56:16 
17:56:16 ## Recommendation
17:56:16 
17:56:16 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:56:16 
17:56:16 The following template can be used to demonstrate the vulnerability:  
17:56:16 ```{{#with "constructor"}}
17:56:16 	{{#with split as |a|}}
17:56:16 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:56:16 		{{#with (concat (lookup join (slice 0 1)))}}
17:56:16 			{{#each (slice 2 3)}}
17:56:16 				{{#with (apply 0 a)}}
17:56:16 					{{.}}
17:56:16 				{{/with}}
17:56:16 			{{/each}}
17:56:16 		{{/with}}
17:56:16 	{{/with}}
17:56:16 {{/with}}```
17:56:16 
17:56:16 
17:56:16 ## Recommendation
17:56:16 
17:56:16 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:56:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:56:16 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:56:16 [INFO] Analysis Complete (2 seconds)
17:56:16 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:56:16 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:56:16 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:56:16 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:56:16 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:56:16 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:56:16 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:56:16 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:56:16 [INFO] 
17:56:16 [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >---------------
17:56:16 [INFO] Building dependencies.shared 1.0                                 [27/67]
17:56:16 [INFO]   from mvn/dependencies/shared/pom.xml
17:56:16 [INFO] --------------------------------[ pom ]---------------------------------
17:56:16 [INFO] 
17:56:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.shared ---
17:56:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = [])
17:56:16 [INFO] 
17:56:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared ---
17:56:16 [INFO] 
17:56:16 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.shared ---
17:56:17 [INFO] Executing tasks
17:56:17 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-12.7.jar
17:56:17 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-2.4.jar
17:56:17 [INFO] Executed tasks
17:56:17 [INFO] 
17:56:17 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.shared ---
17:56:17 [INFO] Executing tasks
17:56:22 [INFO] Executed tasks
17:56:22 [INFO] 
17:56:22 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.shared ---
17:56:22 [INFO] Checking for updates
17:56:22 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:56:22 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:56:22 [INFO] Check for updates complete (80 ms)
17:56:22 [INFO] 
17:56:22 
17:56:22 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:56:22 
17:56:22 
17:56:22    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:56:22    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:56:22 
17:56:22 
17:56:22 [INFO] Analysis Started
17:56:24 [INFO] Finished Archive Analyzer (1 seconds)
17:56:24 [INFO] Finished File Name Analyzer (0 seconds)
17:56:24 [INFO] Finished Jar Analyzer (0 seconds)
17:56:24 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:56:24 [INFO] Finished Hint Analyzer (0 seconds)
17:56:24 [INFO] Finished Version Filter Analyzer (0 seconds)
17:56:26 [INFO] Created CPE Index (1 seconds)
17:56:26 [INFO] Finished CPE Analyzer (2 seconds)
17:56:26 [INFO] Finished False Positive Analyzer (0 seconds)
17:56:26 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:56:26 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:56:27 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:56:27 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:56:27 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:56:27 
17:56:27 
17:56:27 ## Recommendation
17:56:27 
17:56:27 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:56:27 
17:56:27 The following template can be used to demonstrate the vulnerability:  
17:56:27 ```{{#with "constructor"}}
17:56:27 	{{#with split as |a|}}
17:56:27 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:56:27 		{{#with (concat (lookup join (slice 0 1)))}}
17:56:27 			{{#each (slice 2 3)}}
17:56:27 				{{#with (apply 0 a)}}
17:56:27 					{{.}}
17:56:27 				{{/with}}
17:56:27 			{{/each}}
17:56:27 		{{/with}}
17:56:27 	{{/with}}
17:56:27 {{/with}}```
17:56:27 
17:56:27 
17:56:27 ## Recommendation
17:56:27 
17:56:27 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:56:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:56:27 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:56:27 [INFO] Analysis Complete (4 seconds)
17:56:27 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:56:27 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:56:27 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:56:27 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:56:27 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:56:27 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:56:27 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:56:27 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:56:27 [INFO] 
17:56:27 [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >---------------
17:56:27 [INFO] Building dependencies.spring 1.0                                 [28/67]
17:56:27 [INFO]   from mvn/dependencies/spring/pom.xml
17:56:27 [INFO] --------------------------------[ pom ]---------------------------------
17:56:27 [INFO] 
17:56:27 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring ---
17:56:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = [])
17:56:27 [INFO] 
17:56:27 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring ---
17:56:27 [INFO] 
17:56:27 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring ---
17:56:27 [INFO] Executing tasks
17:56:32 [INFO] Executed tasks
17:56:32 [INFO] 
17:56:32 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.spring ---
17:56:32 [INFO] Checking for updates
17:56:32 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:56:32 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:56:32 [INFO] Check for updates complete (67 ms)
17:56:32 [INFO] 
17:56:32 
17:56:32 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:56:32 
17:56:32 
17:56:32    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:56:32    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:56:32 
17:56:32 
17:56:32 [INFO] Analysis Started
17:56:32 [INFO] Finished Archive Analyzer (0 seconds)
17:56:32 [INFO] Finished File Name Analyzer (0 seconds)
17:56:32 [INFO] Finished Jar Analyzer (0 seconds)
17:56:32 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:56:32 [INFO] Finished Hint Analyzer (0 seconds)
17:56:32 [INFO] Finished Version Filter Analyzer (0 seconds)
17:56:34 [INFO] Created CPE Index (1 seconds)
17:56:34 [INFO] Finished CPE Analyzer (1 seconds)
17:56:34 [INFO] Finished False Positive Analyzer (0 seconds)
17:56:34 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:56:34 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:56:34 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:56:34 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:56:34 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:56:34 
17:56:34 
17:56:34 ## Recommendation
17:56:34 
17:56:34 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:56:34 
17:56:34 The following template can be used to demonstrate the vulnerability:  
17:56:34 ```{{#with "constructor"}}
17:56:34 	{{#with split as |a|}}
17:56:34 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:56:34 		{{#with (concat (lookup join (slice 0 1)))}}
17:56:34 			{{#each (slice 2 3)}}
17:56:34 				{{#with (apply 0 a)}}
17:56:34 					{{.}}
17:56:34 				{{/with}}
17:56:34 			{{/each}}
17:56:34 		{{/with}}
17:56:34 	{{/with}}
17:56:34 {{/with}}```
17:56:34 
17:56:34 
17:56:34 ## Recommendation
17:56:34 
17:56:34 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:56:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:56:34 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:56:34 [INFO] Analysis Complete (1 seconds)
17:56:34 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:56:34 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:56:34 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:56:34 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:56:34 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:56:34 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:56:34 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:56:34 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:56:34 [INFO] 
17:56:34 [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >-------------
17:56:34 [INFO] Building dependencies.spring-ldap 1.0                            [29/67]
17:56:34 [INFO]   from mvn/dependencies/spring-ldap/pom.xml
17:56:34 [INFO] --------------------------------[ pom ]---------------------------------
17:56:34 [INFO] 
17:56:34 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-ldap ---
17:56:34 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = [])
17:56:34 [INFO] 
17:56:34 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap ---
17:56:34 [INFO] 
17:56:34 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring-ldap ---
17:56:34 [INFO] Executing tasks
17:56:39 [INFO] Executed tasks
17:56:39 [INFO] 
17:56:39 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.spring-ldap ---
17:56:39 [INFO] Checking for updates
17:56:39 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:56:39 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:56:39 [INFO] Check for updates complete (84 ms)
17:56:40 [INFO] 
17:56:40 
17:56:40 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:56:40 
17:56:40 
17:56:40    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:56:40    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:56:40 
17:56:40 
17:56:40 [INFO] Analysis Started
17:56:40 [INFO] Finished Archive Analyzer (0 seconds)
17:56:40 [INFO] Finished File Name Analyzer (0 seconds)
17:56:40 [INFO] Finished Jar Analyzer (0 seconds)
17:56:40 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:56:40 [INFO] Finished Hint Analyzer (0 seconds)
17:56:40 [INFO] Finished Version Filter Analyzer (0 seconds)
17:56:41 [INFO] Created CPE Index (1 seconds)
17:56:41 [INFO] Finished CPE Analyzer (1 seconds)
17:56:41 [INFO] Finished False Positive Analyzer (0 seconds)
17:56:41 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:56:41 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:56:41 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:56:41 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:56:41 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:56:41 
17:56:41 
17:56:41 ## Recommendation
17:56:41 
17:56:41 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:56:41 
17:56:41 The following template can be used to demonstrate the vulnerability:  
17:56:41 ```{{#with "constructor"}}
17:56:41 	{{#with split as |a|}}
17:56:41 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:56:41 		{{#with (concat (lookup join (slice 0 1)))}}
17:56:41 			{{#each (slice 2 3)}}
17:56:41 				{{#with (apply 0 a)}}
17:56:41 					{{.}}
17:56:41 				{{/with}}
17:56:41 			{{/each}}
17:56:41 		{{/with}}
17:56:41 	{{/with}}
17:56:41 {{/with}}```
17:56:41 
17:56:41 
17:56:41 ## Recommendation
17:56:41 
17:56:41 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:56:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:56:41 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:56:41 [INFO] Analysis Complete (1 seconds)
17:56:41 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:56:41 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:56:41 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:56:41 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:56:41 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:56:41 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:56:41 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:56:41 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:56:41 [INFO] 
17:56:41 [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >-----------
17:56:41 [INFO] Building dependencies.spring-security 1.0                        [30/67]
17:56:41 [INFO]   from mvn/dependencies/spring-security/pom.xml
17:56:41 [INFO] --------------------------------[ pom ]---------------------------------
17:56:41 [INFO] 
17:56:41 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-security ---
17:56:41 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = [])
17:56:41 [INFO] 
17:56:41 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security ---
17:56:41 [INFO] 
17:56:41 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring-security ---
17:56:41 [INFO] Executing tasks
17:56:46 [INFO] Executed tasks
17:56:46 [INFO] 
17:56:46 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.spring-security ---
17:56:47 [INFO] Checking for updates
17:56:47 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:56:47 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:56:47 [INFO] Check for updates complete (75 ms)
17:56:47 [INFO] 
17:56:47 
17:56:47 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:56:47 
17:56:47 
17:56:47    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:56:47    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:56:47 
17:56:47 
17:56:47 [INFO] Analysis Started
17:56:47 [INFO] Finished Archive Analyzer (0 seconds)
17:56:47 [INFO] Finished File Name Analyzer (0 seconds)
17:56:47 [INFO] Finished Jar Analyzer (0 seconds)
17:56:47 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:56:47 [INFO] Finished Hint Analyzer (0 seconds)
17:56:47 [INFO] Finished Version Filter Analyzer (0 seconds)
17:56:49 [INFO] Created CPE Index (1 seconds)
17:56:49 [INFO] Finished CPE Analyzer (1 seconds)
17:56:49 [INFO] Finished False Positive Analyzer (0 seconds)
17:56:49 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:56:49 [INFO] Finished RetireJS Analyzer (0 seconds)
17:56:49 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:56:49 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:56:49 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:56:49 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:56:49 
17:56:49 
17:56:49 ## Recommendation
17:56:49 
17:56:49 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:56:49 
17:56:49 The following template can be used to demonstrate the vulnerability:  
17:56:49 ```{{#with "constructor"}}
17:56:49 	{{#with split as |a|}}
17:56:49 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:56:49 		{{#with (concat (lookup join (slice 0 1)))}}
17:56:49 			{{#each (slice 2 3)}}
17:56:49 				{{#with (apply 0 a)}}
17:56:49 					{{.}}
17:56:49 				{{/with}}
17:56:49 			{{/each}}
17:56:49 		{{/with}}
17:56:49 	{{/with}}
17:56:49 {{/with}}```
17:56:49 
17:56:49 
17:56:49 ## Recommendation
17:56:49 
17:56:49 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:56:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:56:49 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:56:49 [INFO] Analysis Complete (2 seconds)
17:56:49 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:56:49 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:56:49 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:56:49 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:56:49 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:56:49 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:56:49 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:56:49 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:56:50 [INFO] 
17:56:50 [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >---------------
17:56:50 [INFO] Building dependencies.swagger 1.0                                [31/67]
17:56:50 [INFO]   from mvn/dependencies/swagger/pom.xml
17:56:50 [INFO] --------------------------------[ pom ]---------------------------------
17:56:50 [INFO] 
17:56:50 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.swagger ---
17:56:50 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = [])
17:56:50 [INFO] 
17:56:50 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger ---
17:56:50 [INFO] 
17:56:50 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.swagger ---
17:56:50 [INFO] Executing tasks
17:56:50 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.29.jar
17:56:50 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.44.9.jar
17:56:50 [INFO] Executed tasks
17:56:50 [INFO] 
17:56:50 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.swagger ---
17:56:50 [INFO] Executing tasks
17:56:55 [INFO] Executed tasks
17:56:55 [INFO] 
17:56:55 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.swagger ---
17:56:55 [INFO] Checking for updates
17:56:55 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:56:55 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:56:55 [INFO] Check for updates complete (95 ms)
17:56:55 [INFO] 
17:56:55 
17:56:55 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:56:55 
17:56:55 
17:56:55    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:56:55    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:56:55 
17:56:55 
17:56:55 [INFO] Analysis Started
17:56:55 [INFO] Finished Archive Analyzer (0 seconds)
17:56:55 [INFO] Finished File Name Analyzer (0 seconds)
17:56:55 [INFO] Finished Jar Analyzer (0 seconds)
17:56:55 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:56:56 [INFO] Finished Hint Analyzer (0 seconds)
17:56:56 [INFO] Finished Version Filter Analyzer (0 seconds)
17:56:58 [INFO] Created CPE Index (2 seconds)
17:56:58 [INFO] Finished CPE Analyzer (2 seconds)
17:56:58 [INFO] Finished False Positive Analyzer (0 seconds)
17:56:58 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:57:05 [INFO] Finished RetireJS Analyzer (6 seconds)
17:57:05 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:57:05 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:57:05 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:57:05 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:57:05 
17:57:05 
17:57:05 ## Recommendation
17:57:05 
17:57:05 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:57:05 
17:57:05 The following template can be used to demonstrate the vulnerability:  
17:57:05 ```{{#with "constructor"}}
17:57:05 	{{#with split as |a|}}
17:57:05 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:57:05 		{{#with (concat (lookup join (slice 0 1)))}}
17:57:05 			{{#each (slice 2 3)}}
17:57:05 				{{#with (apply 0 a)}}
17:57:05 					{{.}}
17:57:05 				{{/with}}
17:57:05 			{{/each}}
17:57:05 		{{/with}}
17:57:05 	{{/with}}
17:57:05 {{/with}}```
17:57:05 
17:57:05 
17:57:05 ## Recommendation
17:57:05 
17:57:05 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:57:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:57:05 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:57:05 [INFO] Analysis Complete (9 seconds)
17:57:05 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:57:05 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:57:05 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:57:05 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:57:05 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:57:05 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:57:05 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:57:05 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:57:05 [INFO] 
17:57:05 [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >----------------
17:57:05 [INFO] Building dependencies.wss4j 1.0                                  [32/67]
17:57:05 [INFO]   from mvn/dependencies/wss4j/pom.xml
17:57:05 [INFO] --------------------------------[ pom ]---------------------------------
17:57:05 [INFO] 
17:57:05 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.wss4j ---
17:57:05 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = [])
17:57:05 [INFO] 
17:57:05 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j ---
17:57:05 [INFO] 
17:57:05 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.wss4j ---
17:57:05 [INFO] Executing tasks
17:57:05 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-4.0.0.jar
17:57:05 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-4.0.0.jar
17:57:05 [INFO] Executed tasks
17:57:05 [INFO] 
17:57:05 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.wss4j ---
17:57:05 [INFO] Executing tasks
17:57:10 [INFO] Executed tasks
17:57:10 [INFO] 
17:57:10 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.wss4j ---
17:57:10 [INFO] Checking for updates
17:57:10 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:57:10 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:57:10 [INFO] Check for updates complete (78 ms)
17:57:10 [INFO] 
17:57:10 
17:57:10 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:57:10 
17:57:10 
17:57:10    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:57:10    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:57:10 
17:57:10 
17:57:10 [INFO] Analysis Started
17:57:10 [INFO] Finished Archive Analyzer (0 seconds)
17:57:10 [INFO] Finished File Name Analyzer (0 seconds)
17:57:10 [INFO] Finished Jar Analyzer (0 seconds)
17:57:10 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:57:10 [INFO] Finished Hint Analyzer (0 seconds)
17:57:10 [INFO] Finished Version Filter Analyzer (0 seconds)
17:57:12 [INFO] Created CPE Index (1 seconds)
17:57:12 [INFO] Finished CPE Analyzer (1 seconds)
17:57:12 [INFO] Finished False Positive Analyzer (0 seconds)
17:57:12 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:57:12 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:57:12 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:57:12 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:57:12 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.
17:57:12 
17:57:12 
17:57:12 ## Recommendation
17:57:12 
17:57:12 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).
17:57:12 
17:57:12 The following template can be used to demonstrate the vulnerability:  
17:57:12 ```{{#with "constructor"}}
17:57:12 	{{#with split as |a|}}
17:57:12 		{{pop (push "alert('Vulnerable Handlebars JS');")}}
17:57:12 		{{#with (concat (lookup join (slice 0 1)))}}
17:57:12 			{{#each (slice 2 3)}}
17:57:12 				{{#with (apply 0 a)}}
17:57:12 					{{.}}
17:57:12 				{{/with}}
17:57:12 			{{/each}}
17:57:12 		{{/with}}
17:57:12 	{{/with}}
17:57:12 {{/with}}```
17:57:12 
17:57:12 
17:57:12 ## Recommendation
17:57:12 
17:57:12 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}}
17:57:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}}
17:57:12 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:57:12 [INFO] Analysis Complete (1 seconds)
17:57:12 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:57:12 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:57:12 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:57:12 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:57:12 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:57:12 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:57:12 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:57:12 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:57:12 [INFO] 
17:57:12 [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >--------------
17:57:12 [INFO] Building dependencies.testsuite 1.0                              [33/67]
17:57:12 [INFO]   from mvn/dependencies/testsuite/pom.xml
17:57:12 [INFO] --------------------------------[ pom ]---------------------------------
17:57:12 [INFO] 
17:57:12 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite ---
17:57:12 [INFO] Executing tasks
17:57:17 [INFO] Executed tasks
17:57:17 [INFO] 
17:57:17 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite ---
17:57:18 [INFO] Checking for updates
17:57:18 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:57:18 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:57:18 [INFO] Check for updates complete (69 ms)
17:57:18 [INFO] 
17:57:18 
17:57:18 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:57:18 
17:57:18 
17:57:18    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:57:18    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:57:18 
17:57:18 
17:57:18 [INFO] Analysis Started
17:57:18 [INFO] Finished File Name Analyzer (0 seconds)
17:57:18 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:57:18 [INFO] Finished Hint Analyzer (0 seconds)
17:57:18 [INFO] Finished Version Filter Analyzer (0 seconds)
17:57:19 [INFO] Created CPE Index (1 seconds)
17:57:19 [INFO] Finished CPE Analyzer (1 seconds)
17:57:19 [INFO] Finished False Positive Analyzer (0 seconds)
17:57:19 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:57:19 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:57:19 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:57:19 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:57:19 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:57:19 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:57:19 [INFO] Analysis Complete (1 seconds)
17:57:19 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml
17:57:19 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html
17:57:19 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json
17:57:19 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv
17:57:19 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif
17:57:19 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html
17:57:19 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml
17:57:19 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json
17:57:20 [INFO] 
17:57:20 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >----------
17:57:20 [INFO] Building dependencies.testsuite.axis14 1.0                       [34/67]
17:57:20 [INFO]   from mvn/dependencies/testsuite/axis14/pom.xml
17:57:20 [INFO] --------------------------------[ pom ]---------------------------------
17:57:20 [INFO] 
17:57:20 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.axis14 ---
17:57:20 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axis14 (includes = [*.jar], excludes = [])
17:57:20 [INFO] 
17:57:20 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 ---
17:57:20 [INFO] 
17:57:20 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.axis14 ---
17:57:20 [INFO] Executing tasks
17:57:20 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4.jar
17:57:20 [INFO]    [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4.jar
17:57:20 [INFO] Executed tasks
17:57:20 [INFO] 
17:57:20 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.axis14 ---
17:57:20 [INFO] Executing tasks
17:57:25 [INFO] Executed tasks
17:57:25 [INFO] 
17:57:25 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.axis14 ---
17:57:25 [INFO] Checking for updates
17:57:25 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:57:25 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:57:25 [INFO] Check for updates complete (119 ms)
17:57:25 [INFO] 
17:57:25 
17:57:25 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:57:25 
17:57:25 
17:57:25    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:57:25    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:57:25 
17:57:25 
17:57:25 [INFO] Analysis Started
17:57:25 [INFO] Finished File Name Analyzer (0 seconds)
17:57:25 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:57:25 [INFO] Finished Hint Analyzer (0 seconds)
17:57:25 [INFO] Finished Version Filter Analyzer (0 seconds)
17:57:26 [INFO] Created CPE Index (1 seconds)
17:57:26 [INFO] Finished CPE Analyzer (1 seconds)
17:57:26 [INFO] Finished False Positive Analyzer (0 seconds)
17:57:26 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:57:26 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:57:26 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:57:27 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:57:27 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:57:27 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:57:27 [INFO] Analysis Complete (1 seconds)
17:57:27 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml
17:57:27 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html
17:57:27 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json
17:57:27 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv
17:57:27 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif
17:57:27 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html
17:57:27 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml
17:57:27 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json
17:57:27 [INFO] 
17:57:27 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >-----
17:57:27 [INFO] Building dependencies.testsuite.as 1.0                           [35/67]
17:57:27 [INFO]   from mvn/dependencies/testsuite/applicationServer/pom.xml
17:57:27 [INFO] --------------------------------[ pom ]---------------------------------
17:57:27 [INFO] 
17:57:27 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer ---
17:57:27 [INFO] Executing tasks
17:57:32 [INFO] Executed tasks
17:57:32 [INFO] 
17:57:32 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer ---
17:57:32 [INFO] Checking for updates
17:57:32 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:57:32 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:57:32 [INFO] Check for updates complete (67 ms)
17:57:32 [INFO] 
17:57:32 
17:57:32 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:57:32 
17:57:32 
17:57:32    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:57:32    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:57:32 
17:57:32 
17:57:32 [INFO] Analysis Started
17:57:32 [INFO] Finished File Name Analyzer (0 seconds)
17:57:32 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:57:32 [INFO] Finished Hint Analyzer (0 seconds)
17:57:32 [INFO] Finished Version Filter Analyzer (0 seconds)
17:57:33 [INFO] Created CPE Index (1 seconds)
17:57:33 [INFO] Finished CPE Analyzer (1 seconds)
17:57:33 [INFO] Finished False Positive Analyzer (0 seconds)
17:57:33 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:57:33 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:57:33 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:57:33 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:57:33 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:57:33 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:57:33 [INFO] Analysis Complete (1 seconds)
17:57:33 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml
17:57:33 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html
17:57:33 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json
17:57:33 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv
17:57:33 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif
17:57:33 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html
17:57:33 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml
17:57:33 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json
17:57:34 [INFO] 
17:57:34 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly27 >--
17:57:34 [INFO] Building dependencies.testsuite.as.wildfly27 1.0                 [36/67]
17:57:34 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly27/pom.xml
17:57:34 [INFO] --------------------------------[ pom ]---------------------------------
17:57:34 [INFO] 
17:57:34 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly27 ---
17:57:34 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly27 (includes = [*.jar], excludes = [])
17:57:34 [INFO] 
17:57:34 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly27 ---
17:57:34 [INFO] 
17:57:34 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly27 ---
17:57:34 [INFO] Executing tasks
17:57:39 [INFO] Executed tasks
17:57:39 [INFO] 
17:57:39 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly27 ---
17:57:39 [INFO] Checking for updates
17:57:39 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:57:39 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:57:39 [INFO] Check for updates complete (115 ms)
17:57:39 [INFO] 
17:57:39 
17:57:39 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:57:39 
17:57:39 
17:57:39    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:57:39    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:57:39 
17:57:39 
17:57:39 [INFO] Analysis Started
17:57:39 [INFO] Finished File Name Analyzer (0 seconds)
17:57:39 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:57:39 [INFO] Finished Hint Analyzer (0 seconds)
17:57:39 [INFO] Finished Version Filter Analyzer (0 seconds)
17:57:41 [INFO] Created CPE Index (2 seconds)
17:57:42 [INFO] Finished CPE Analyzer (2 seconds)
17:57:42 [INFO] Finished False Positive Analyzer (0 seconds)
17:57:42 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:57:42 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:57:42 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:57:42 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:57:42 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:57:42 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:57:42 [INFO] Analysis Complete (2 seconds)
17:57:42 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:57:42 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:57:42 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:57:42 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:57:42 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:57:42 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:57:42 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:57:42 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:57:42 [INFO] 
17:57:42 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly28 >--
17:57:42 [INFO] Building dependencies.testsuite.as.wildfly28 1.0                 [37/67]
17:57:42 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly28/pom.xml
17:57:42 [INFO] --------------------------------[ pom ]---------------------------------
17:57:42 [INFO] 
17:57:42 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly28 ---
17:57:42 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly28 (includes = [*.jar], excludes = [])
17:57:42 [INFO] 
17:57:42 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly28 ---
17:57:42 [INFO] 
17:57:42 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly28 ---
17:57:42 [INFO] Executing tasks
17:57:47 [INFO] Executed tasks
17:57:47 [INFO] 
17:57:47 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly28 ---
17:57:47 [INFO] Checking for updates
17:57:47 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:57:47 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:57:47 [INFO] Check for updates complete (98 ms)
17:57:48 [INFO] 
17:57:48 
17:57:48 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:57:48 
17:57:48 
17:57:48    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:57:48    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:57:48 
17:57:48 
17:57:48 [INFO] Analysis Started
17:57:48 [INFO] Finished File Name Analyzer (0 seconds)
17:57:48 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:57:48 [INFO] Finished Hint Analyzer (0 seconds)
17:57:48 [INFO] Finished Version Filter Analyzer (0 seconds)
17:57:52 [INFO] Created CPE Index (4 seconds)
17:57:52 [INFO] Finished CPE Analyzer (4 seconds)
17:57:52 [INFO] Finished False Positive Analyzer (0 seconds)
17:57:52 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:57:52 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:57:52 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:57:52 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:57:52 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:57:52 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:57:52 [INFO] Analysis Complete (4 seconds)
17:57:52 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:57:53 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:57:53 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:57:53 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:57:53 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:57:53 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:57:53 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:57:53 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:57:53 [INFO] 
17:57:53 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly35 >--
17:57:53 [INFO] Building dependencies.testsuite.as.wildfly35 1.0                 [38/67]
17:57:53 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly35/pom.xml
17:57:53 [INFO] --------------------------------[ pom ]---------------------------------
17:57:53 [INFO] 
17:57:53 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly35 ---
17:57:53 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly35 (includes = [*.jar], excludes = [])
17:57:53 [INFO] 
17:57:53 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly35 ---
17:57:53 [INFO] 
17:57:53 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly35 ---
17:57:53 [INFO] Executing tasks
17:57:58 [INFO] Executed tasks
17:57:58 [INFO] 
17:57:58 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly35 ---
17:57:58 [INFO] Checking for updates
17:57:58 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:57:58 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:57:58 [INFO] Check for updates complete (68 ms)
17:57:58 [INFO] 
17:57:58 
17:57:58 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:57:58 
17:57:58 
17:57:58    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:57:58    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:57:58 
17:57:58 
17:57:58 [INFO] Analysis Started
17:57:58 [INFO] Finished File Name Analyzer (0 seconds)
17:57:58 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:57:58 [INFO] Finished Hint Analyzer (0 seconds)
17:57:58 [INFO] Finished Version Filter Analyzer (0 seconds)
17:58:00 [INFO] Created CPE Index (1 seconds)
17:58:00 [INFO] Finished CPE Analyzer (1 seconds)
17:58:00 [INFO] Finished False Positive Analyzer (0 seconds)
17:58:00 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:58:00 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:58:00 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:58:00 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:58:00 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:58:00 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:58:00 [INFO] Analysis Complete (1 seconds)
17:58:00 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:58:00 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:58:00 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:58:00 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:58:00 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:58:00 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:58:00 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:58:00 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:58:00 [INFO] 
17:58:00 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly36 >--
17:58:00 [INFO] Building dependencies.testsuite.as.wildfly36 1.0                 [39/67]
17:58:00 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly36/pom.xml
17:58:00 [INFO] --------------------------------[ pom ]---------------------------------
17:58:00 [INFO] 
17:58:00 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly36 ---
17:58:00 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly36 (includes = [*.jar], excludes = [])
17:58:00 [INFO] 
17:58:00 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly36 ---
17:58:00 [INFO] 
17:58:00 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly36 ---
17:58:00 [INFO] Executing tasks
17:58:05 [INFO] Executed tasks
17:58:05 [INFO] 
17:58:05 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly36 ---
17:58:05 [INFO] Checking for updates
17:58:05 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:58:05 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:58:05 [INFO] Check for updates complete (72 ms)
17:58:05 [INFO] 
17:58:05 
17:58:05 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:58:05 
17:58:05 
17:58:05    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:58:05    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:58:05 
17:58:05 
17:58:05 [INFO] Analysis Started
17:58:05 [INFO] Finished File Name Analyzer (0 seconds)
17:58:05 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:58:05 [INFO] Finished Hint Analyzer (0 seconds)
17:58:05 [INFO] Finished Version Filter Analyzer (0 seconds)
17:58:07 [INFO] Created CPE Index (1 seconds)
17:58:07 [INFO] Finished CPE Analyzer (1 seconds)
17:58:07 [INFO] Finished False Positive Analyzer (0 seconds)
17:58:07 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:58:07 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:58:07 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:58:07 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:58:07 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:58:07 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:58:07 [INFO] Analysis Complete (1 seconds)
17:58:07 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:58:07 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:58:07 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:58:07 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:58:07 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:58:07 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:58:07 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:58:07 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:58:07 [INFO] 
17:58:07 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly37 >--
17:58:07 [INFO] Building dependencies.testsuite.as.wildfly37 1.0                 [40/67]
17:58:07 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly37/pom.xml
17:58:07 [INFO] --------------------------------[ pom ]---------------------------------
17:58:07 [INFO] 
17:58:07 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly37 ---
17:58:07 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly37 (includes = [*.jar], excludes = [])
17:58:07 [INFO] 
17:58:07 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly37 ---
17:58:07 [INFO] 
17:58:07 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly37 ---
17:58:07 [INFO] Executing tasks
17:58:12 [INFO] Executed tasks
17:58:12 [INFO] 
17:58:12 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly37 ---
17:58:12 [INFO] Checking for updates
17:58:12 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:58:12 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:58:12 [INFO] Check for updates complete (68 ms)
17:58:12 [INFO] 
17:58:12 
17:58:12 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:58:12 
17:58:12 
17:58:12    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:58:12    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:58:12 
17:58:12 
17:58:12 [INFO] Analysis Started
17:58:12 [INFO] Finished File Name Analyzer (0 seconds)
17:58:12 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:58:12 [INFO] Finished Hint Analyzer (0 seconds)
17:58:12 [INFO] Finished Version Filter Analyzer (0 seconds)
17:58:14 [INFO] Created CPE Index (1 seconds)
17:58:14 [INFO] Finished CPE Analyzer (1 seconds)
17:58:14 [INFO] Finished False Positive Analyzer (0 seconds)
17:58:14 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:58:14 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:58:14 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:58:14 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:58:14 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:58:14 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:58:14 [INFO] Analysis Complete (1 seconds)
17:58:14 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:58:14 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:58:14 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:58:14 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:58:14 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:58:14 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:58:14 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:58:14 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:58:14 [INFO] 
17:58:14 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly38 >--
17:58:14 [INFO] Building dependencies.testsuite.as.wildfly38 1.0                 [41/67]
17:58:14 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly38/pom.xml
17:58:14 [INFO] --------------------------------[ pom ]---------------------------------
17:58:14 [INFO] 
17:58:14 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly38 ---
17:58:14 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly38 (includes = [*.jar], excludes = [])
17:58:14 [INFO] 
17:58:14 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly38 ---
17:58:14 [INFO] 
17:58:14 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly38 ---
17:58:14 [INFO] Executing tasks
17:58:19 [INFO] Executed tasks
17:58:19 [INFO] 
17:58:19 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly38 ---
17:58:19 [INFO] Checking for updates
17:58:19 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:58:19 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:58:19 [INFO] Check for updates complete (68 ms)
17:58:20 [INFO] 
17:58:20 
17:58:20 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:58:20 
17:58:20 
17:58:20    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:58:20    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:58:20 
17:58:20 
17:58:20 [INFO] Analysis Started
17:58:20 [INFO] Finished File Name Analyzer (0 seconds)
17:58:20 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:58:20 [INFO] Finished Hint Analyzer (0 seconds)
17:58:20 [INFO] Finished Version Filter Analyzer (0 seconds)
17:58:21 [INFO] Created CPE Index (1 seconds)
17:58:21 [INFO] Finished CPE Analyzer (1 seconds)
17:58:21 [INFO] Finished False Positive Analyzer (0 seconds)
17:58:21 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:58:21 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:58:21 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:58:21 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:58:21 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:58:21 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:58:21 [INFO] Analysis Complete (1 seconds)
17:58:21 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:58:21 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:58:21 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:58:21 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:58:21 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:58:21 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:58:21 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:58:21 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:58:21 [INFO] 
17:58:21 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly39 >--
17:58:21 [INFO] Building dependencies.testsuite.as.wildfly39 1.0                 [42/67]
17:58:21 [INFO]   from mvn/dependencies/testsuite/applicationServer/wildfly39/pom.xml
17:58:21 [INFO] --------------------------------[ pom ]---------------------------------
17:58:21 [INFO] 
17:58:21 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly39 ---
17:58:21 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly39 (includes = [*.jar], excludes = [])
17:58:21 [INFO] 
17:58:21 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly39 ---
17:58:21 [INFO] 
17:58:21 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly39 ---
17:58:21 [INFO] Executing tasks
17:58:26 [INFO] Executed tasks
17:58:26 [INFO] 
17:58:26 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly39 ---
17:58:26 [INFO] Checking for updates
17:58:26 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:58:26 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:58:27 [INFO] Check for updates complete (68 ms)
17:58:27 [INFO] 
17:58:27 
17:58:27 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:58:27 
17:58:27 
17:58:27    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:58:27    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:58:27 
17:58:27 
17:58:27 [INFO] Analysis Started
17:58:27 [INFO] Finished File Name Analyzer (0 seconds)
17:58:27 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:58:27 [INFO] Finished Hint Analyzer (0 seconds)
17:58:27 [INFO] Finished Version Filter Analyzer (0 seconds)
17:58:28 [INFO] Created CPE Index (1 seconds)
17:58:28 [INFO] Finished CPE Analyzer (1 seconds)
17:58:28 [INFO] Finished False Positive Analyzer (0 seconds)
17:58:28 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:58:28 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:58:28 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:58:28 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:58:28 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:58:28 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:58:28 [INFO] Analysis Complete (1 seconds)
17:58:28 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:58:28 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:58:28 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:58:28 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:58:28 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:58:28 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:58:28 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:58:28 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:58:28 [INFO] 
17:58:28 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat10 >--
17:58:28 [INFO] Building dependencies.testsuite.as.tomcat10 1.0                  [43/67]
17:58:28 [INFO]   from mvn/dependencies/testsuite/applicationServer/tomcat10/pom.xml
17:58:28 [INFO] --------------------------------[ pom ]---------------------------------
17:58:28 [INFO] 
17:58:28 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat10 ---
17:58:28 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/tomcat10 (includes = [*.jar], excludes = [])
17:58:28 [INFO] 
17:58:28 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat10 ---
17:58:28 [INFO] 
17:58:28 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.tomcat10 ---
17:58:28 [INFO] Executing tasks
17:58:33 [INFO] Executed tasks
17:58:33 [INFO] 
17:58:33 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.tomcat10 ---
17:58:33 [INFO] Checking for updates
17:58:33 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:58:33 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:58:33 [INFO] Check for updates complete (72 ms)
17:58:34 [INFO] 
17:58:34 
17:58:34 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:58:34 
17:58:34 
17:58:34    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:58:34    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:58:34 
17:58:34 
17:58:34 [INFO] Analysis Started
17:58:34 [INFO] Finished File Name Analyzer (0 seconds)
17:58:34 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:58:34 [INFO] Finished Hint Analyzer (0 seconds)
17:58:34 [INFO] Finished Version Filter Analyzer (0 seconds)
17:58:35 [INFO] Created CPE Index (1 seconds)
17:58:35 [INFO] Finished CPE Analyzer (1 seconds)
17:58:35 [INFO] Finished False Positive Analyzer (0 seconds)
17:58:35 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:58:35 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:58:35 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:58:35 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:58:35 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:58:35 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:58:35 [INFO] Analysis Complete (1 seconds)
17:58:35 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:58:35 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:58:35 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:58:35 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:58:35 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:58:35 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:58:35 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:58:35 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:58:35 [INFO] 
17:58:35 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat11 >--
17:58:35 [INFO] Building dependencies.testsuite.as.tomcat11 1.0                  [44/67]
17:58:35 [INFO]   from mvn/dependencies/testsuite/applicationServer/tomcat11/pom.xml
17:58:35 [INFO] --------------------------------[ pom ]---------------------------------
17:58:35 [INFO] 
17:58:35 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat11 ---
17:58:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/tomcat11 (includes = [*.jar], excludes = [])
17:58:36 [INFO] 
17:58:36 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat11 ---
17:58:36 [INFO] 
17:58:36 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.tomcat11 ---
17:58:36 [INFO] Executing tasks
17:58:41 [INFO] Executed tasks
17:58:41 [INFO] 
17:58:41 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.tomcat11 ---
17:58:41 [INFO] Checking for updates
17:58:41 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:58:41 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:58:41 [INFO] Check for updates complete (220 ms)
17:58:42 [INFO] 
17:58:42 
17:58:42 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:58:42 
17:58:42 
17:58:42    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:58:42    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:58:42 
17:58:42 
17:58:42 [INFO] Analysis Started
17:58:42 [INFO] Finished File Name Analyzer (0 seconds)
17:58:42 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:58:42 [INFO] Finished Hint Analyzer (0 seconds)
17:58:42 [INFO] Finished Version Filter Analyzer (0 seconds)
17:58:46 [INFO] Created CPE Index (4 seconds)
17:58:46 [INFO] Finished CPE Analyzer (4 seconds)
17:58:46 [INFO] Finished False Positive Analyzer (0 seconds)
17:58:46 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:58:46 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:58:46 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:58:46 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:58:46 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:58:46 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:58:46 [INFO] Analysis Complete (4 seconds)
17:58:46 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:58:46 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:58:46 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:58:46 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:58:46 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:58:46 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:58:46 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:58:46 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:58:46 [INFO] 
17:58:46 [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >-----------
17:58:46 [INFO] Building dependencies.testsuite.test 1.0                         [45/67]
17:58:46 [INFO]   from mvn/dependencies/testsuite/test/pom.xml
17:58:46 [INFO] --------------------------------[ pom ]---------------------------------
17:58:46 [INFO] 
17:58:46 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test ---
17:58:47 [INFO] Executing tasks
17:58:52 [INFO] Executed tasks
17:58:52 [INFO] 
17:58:52 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test ---
17:58:52 [INFO] Checking for updates
17:58:52 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:58:52 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:58:52 [INFO] Check for updates complete (115 ms)
17:58:52 [INFO] 
17:58:52 
17:58:52 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:58:52 
17:58:52 
17:58:52    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:58:52    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:58:52 
17:58:52 
17:58:52 [INFO] Analysis Started
17:58:52 [INFO] Finished File Name Analyzer (0 seconds)
17:58:52 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:58:52 [INFO] Finished Hint Analyzer (0 seconds)
17:58:52 [INFO] Finished Version Filter Analyzer (0 seconds)
17:58:54 [INFO] Created CPE Index (1 seconds)
17:58:54 [INFO] Finished CPE Analyzer (1 seconds)
17:58:54 [INFO] Finished False Positive Analyzer (0 seconds)
17:58:54 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:58:54 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:58:54 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:58:54 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:58:54 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:58:54 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:58:54 [INFO] Analysis Complete (1 seconds)
17:58:54 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml
17:58:54 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html
17:58:54 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json
17:58:54 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv
17:58:54 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif
17:58:54 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html
17:58:54 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml
17:58:54 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json
17:58:54 [INFO] 
17:58:54 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.testng >--------
17:58:54 [INFO] Building dependencies.testsuite.test.testng 1.0                  [46/67]
17:58:54 [INFO]   from mvn/dependencies/testsuite/test/testng/pom.xml
17:58:54 [INFO] --------------------------------[ pom ]---------------------------------
17:58:54 [INFO] 
17:58:54 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.testng ---
17:58:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/testng (includes = [*.jar], excludes = [])
17:58:54 [INFO] 
17:58:54 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.testng ---
17:58:54 [INFO] 
17:58:54 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.testng ---
17:58:54 [INFO] Executing tasks
17:58:59 [INFO] Executed tasks
17:58:59 [INFO] 
17:58:59 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.testng ---
17:59:00 [INFO] Checking for updates
17:59:00 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:59:00 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:59:00 [INFO] Check for updates complete (72 ms)
17:59:00 [INFO] 
17:59:00 
17:59:00 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:59:00 
17:59:00 
17:59:00    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:59:00    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:59:00 
17:59:00 
17:59:00 [INFO] Analysis Started
17:59:00 [INFO] Finished File Name Analyzer (0 seconds)
17:59:00 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:59:00 [INFO] Finished Hint Analyzer (0 seconds)
17:59:00 [INFO] Finished Version Filter Analyzer (0 seconds)
17:59:01 [INFO] Created CPE Index (1 seconds)
17:59:01 [INFO] Finished CPE Analyzer (1 seconds)
17:59:01 [INFO] Finished False Positive Analyzer (0 seconds)
17:59:01 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:59:01 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:59:01 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:59:01 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:59:01 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:59:01 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:59:01 [INFO] Analysis Complete (1 seconds)
17:59:01 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:59:01 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:59:01 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:59:01 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:59:01 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:59:01 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:59:01 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:59:01 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:59:02 [INFO] 
17:59:02 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.junit4 >--------
17:59:02 [INFO] Building dependencies.testsuite.test.junit4 1.0                  [47/67]
17:59:02 [INFO]   from mvn/dependencies/testsuite/test/junit4/pom.xml
17:59:02 [INFO] --------------------------------[ pom ]---------------------------------
17:59:02 [INFO] 
17:59:02 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.junit4 ---
17:59:02 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/junit4 (includes = [*.jar], excludes = [])
17:59:02 [INFO] 
17:59:02 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.junit4 ---
17:59:02 [INFO] 
17:59:02 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.junit4 ---
17:59:02 [INFO] Executing tasks
17:59:07 [INFO] Executed tasks
17:59:07 [INFO] 
17:59:07 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.junit4 ---
17:59:07 [INFO] Checking for updates
17:59:07 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:59:07 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:59:07 [INFO] Check for updates complete (73 ms)
17:59:07 [INFO] 
17:59:07 
17:59:07 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:59:07 
17:59:07 
17:59:07    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:59:07    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:59:07 
17:59:07 
17:59:07 [INFO] Analysis Started
17:59:07 [INFO] Finished File Name Analyzer (0 seconds)
17:59:07 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:59:07 [INFO] Finished Hint Analyzer (0 seconds)
17:59:07 [INFO] Finished Version Filter Analyzer (0 seconds)
17:59:08 [INFO] Created CPE Index (1 seconds)
17:59:08 [INFO] Finished CPE Analyzer (1 seconds)
17:59:08 [INFO] Finished False Positive Analyzer (0 seconds)
17:59:08 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:59:08 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:59:08 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:59:08 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:59:08 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:59:08 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:59:08 [INFO] Analysis Complete (1 seconds)
17:59:08 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:59:08 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:59:08 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:59:08 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:59:08 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:59:08 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:59:08 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:59:08 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:59:09 [INFO] 
17:59:09 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.karate09 >-------
17:59:09 [INFO] Building dependencies.testsuite.test.karate09 1.0                [48/67]
17:59:09 [INFO]   from mvn/dependencies/testsuite/test/karate09/pom.xml
17:59:09 [INFO] --------------------------------[ pom ]---------------------------------
17:59:09 [INFO] 
17:59:09 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.karate09 ---
17:59:09 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate09 (includes = [*.jar], excludes = [])
17:59:09 [INFO] 
17:59:09 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.karate09 ---
17:59:09 [INFO] 
17:59:09 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.karate09 ---
17:59:09 [INFO] Executing tasks
17:59:14 [INFO] Executed tasks
17:59:14 [INFO] 
17:59:14 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.karate09 ---
17:59:14 [INFO] Checking for updates
17:59:14 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:59:14 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:59:14 [INFO] Check for updates complete (68 ms)
17:59:14 [INFO] 
17:59:14 
17:59:14 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:59:14 
17:59:14 
17:59:14    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:59:14    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:59:14 
17:59:14 
17:59:14 [INFO] Analysis Started
17:59:14 [INFO] Finished File Name Analyzer (0 seconds)
17:59:14 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:59:14 [INFO] Finished Hint Analyzer (0 seconds)
17:59:14 [INFO] Finished Version Filter Analyzer (0 seconds)
17:59:15 [INFO] Created CPE Index (1 seconds)
17:59:15 [INFO] Finished CPE Analyzer (1 seconds)
17:59:15 [INFO] Finished False Positive Analyzer (0 seconds)
17:59:15 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:59:15 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:59:15 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:59:15 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:59:15 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:59:15 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:59:15 [INFO] Analysis Complete (1 seconds)
17:59:15 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:59:15 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:59:15 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:59:15 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:59:15 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:59:15 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:59:15 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:59:15 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:59:15 [INFO] 
17:59:15 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.logback >-------
17:59:15 [INFO] Building dependencies.testsuite.test.logback 1.0                 [49/67]
17:59:15 [INFO]   from mvn/dependencies/testsuite/test/logback/pom.xml
17:59:15 [INFO] --------------------------------[ pom ]---------------------------------
17:59:15 [INFO] 
17:59:15 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.logback ---
17:59:15 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/logback (includes = [*.jar], excludes = [])
17:59:15 [INFO] 
17:59:15 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.logback ---
17:59:15 [INFO] 
17:59:15 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.logback ---
17:59:15 [INFO] Executing tasks
17:59:20 [INFO] Executed tasks
17:59:20 [INFO] 
17:59:20 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.logback ---
17:59:21 [INFO] Checking for updates
17:59:21 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:59:21 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:59:21 [INFO] Check for updates complete (77 ms)
17:59:21 [INFO] 
17:59:21 
17:59:21 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:59:21 
17:59:21 
17:59:21    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:59:21    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:59:21 
17:59:21 
17:59:21 [INFO] Analysis Started
17:59:21 [INFO] Finished File Name Analyzer (0 seconds)
17:59:21 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:59:21 [INFO] Finished Hint Analyzer (0 seconds)
17:59:21 [INFO] Finished Version Filter Analyzer (0 seconds)
17:59:22 [INFO] Created CPE Index (1 seconds)
17:59:22 [INFO] Finished CPE Analyzer (1 seconds)
17:59:22 [INFO] Finished False Positive Analyzer (0 seconds)
17:59:22 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:59:22 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:59:22 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:59:22 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:59:22 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:59:22 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:59:22 [INFO] Analysis Complete (1 seconds)
17:59:22 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:59:22 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:59:22 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:59:22 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:59:22 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:59:22 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:59:22 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:59:22 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:59:22 [INFO] 
17:59:22 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.httpcore4 >------
17:59:22 [INFO] Building dependencies.testsuite.test.httpcore4 1.0               [50/67]
17:59:22 [INFO]   from mvn/dependencies/testsuite/test/httpcore4/pom.xml
17:59:22 [INFO] --------------------------------[ pom ]---------------------------------
17:59:22 [INFO] 
17:59:22 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.httpcore4 ---
17:59:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/httpcore4 (includes = [*.jar], excludes = [])
17:59:22 [INFO] 
17:59:22 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.httpcore4 ---
17:59:22 [INFO] 
17:59:22 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.httpcore4 ---
17:59:22 [INFO] Executing tasks
17:59:27 [INFO] Executed tasks
17:59:27 [INFO] 
17:59:27 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.httpcore4 ---
17:59:27 [INFO] Checking for updates
17:59:27 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:59:28 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:59:28 [INFO] Check for updates complete (69 ms)
17:59:28 [INFO] 
17:59:28 
17:59:28 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:59:28 
17:59:28 
17:59:28    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:59:28    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:59:28 
17:59:28 
17:59:28 [INFO] Analysis Started
17:59:28 [INFO] Finished File Name Analyzer (0 seconds)
17:59:28 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:59:28 [INFO] Finished Hint Analyzer (0 seconds)
17:59:28 [INFO] Finished Version Filter Analyzer (0 seconds)
17:59:29 [INFO] Created CPE Index (1 seconds)
17:59:29 [INFO] Finished CPE Analyzer (1 seconds)
17:59:29 [INFO] Finished False Positive Analyzer (0 seconds)
17:59:29 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:59:29 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:59:29 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:59:29 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:59:29 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:59:29 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:59:29 [INFO] Analysis Complete (1 seconds)
17:59:29 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:59:29 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:59:29 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:59:29 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:59:29 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:59:29 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:59:29 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:59:29 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:59:29 [INFO] 
17:59:29 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.spring5 >-------
17:59:29 [INFO] Building dependencies.testsuite.test.spring5 1.0                 [51/67]
17:59:29 [INFO]   from mvn/dependencies/testsuite/test/spring5/pom.xml
17:59:29 [INFO] --------------------------------[ pom ]---------------------------------
17:59:29 [INFO] 
17:59:29 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring5 ---
17:59:29 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring5 (includes = [*.jar], excludes = [])
17:59:29 [INFO] 
17:59:29 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring5 ---
17:59:29 [INFO] 
17:59:29 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.spring5 ---
17:59:29 [INFO] Executing tasks
17:59:34 [INFO] Executed tasks
17:59:34 [INFO] 
17:59:34 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.spring5 ---
17:59:34 [INFO] Checking for updates
17:59:34 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes
17:59:35 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
17:59:35 [INFO] Check for updates complete (69 ms)
17:59:35 [INFO] 
17:59:35 
17:59:35 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
17:59:35 
17:59:35 
17:59:35    About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html
17:59:35    False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html
17:59:35 
17:59:35 
17:59:35 [INFO] Analysis Started
17:59:35 [INFO] Finished File Name Analyzer (0 seconds)
17:59:35 [INFO] Finished Dependency Merging Analyzer (0 seconds)
17:59:35 [INFO] Finished Hint Analyzer (0 seconds)
17:59:35 [INFO] Finished Version Filter Analyzer (0 seconds)
17:59:36 [INFO] Created CPE Index (1 seconds)
17:59:36 [INFO] Finished CPE Analyzer (1 seconds)
17:59:36 [INFO] Finished False Positive Analyzer (0 seconds)
17:59:36 [INFO] Finished NVD CVE Analyzer (0 seconds)
17:59:36 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
17:59:36 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
17:59:36 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
17:59:36 [INFO] Finished Dependency Bundling Analyzer (0 seconds)
17:59:36 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
17:59:36 [INFO] Analysis Complete (1 seconds)
17:59:36 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml
17:59:36 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html
17:59:36 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json
17:59:36 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv
17:59:36 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif
17:59:36 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html
17:59:36 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml
17:59:36 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json
17:59:36 [INFO] 
17:59:36 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.test.spring-ldap2 >-----
17:59:36 [INFO] Building dependencies.testsuite.test.spring-ldap2 1.0            [52/67]
17:59:36 [INFO]   from mvn/dependencies/testsuite/test/spring-ldap2/pom.xml
17:59:36 [INFO] --------------------------------[ pom ]---------------------------------
17:59:36 [INFO] 
17:59:36 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring-ldap2 ---
17:59:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring-ldap2 (includes = [*.jar], excludes = [])
17:59:36 [INFO] 
17:59:36 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring-ldap2 ---
17:59:36 [INFO] 
17:59:36 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.spring-ldap2 ---
17:59:36 [INFO] Executing tasks
17:59:37 Build was aborted
17:59:37 Aborted by Andrea Poli
17:59:37 INFO: Processing JUnit
17:59:37 INFO: [JUnit] - 2 test report file(s) were found with the pattern 'tools/rs/*/server/testsuite/risultati-testsuite/TEST-*.xml' relative to '/var/lib/jenkins/workspace/GovWay' for the testing framework 'JUnit'.
17:59:37 ERROR: Step ‘Publish xUnit test result report’ failed: Test reports were found but not all of them are new. Did all the tests run?
17:59:37   * /var/lib/jenkins/workspace/GovWay/tools/rs/config/server/testsuite/risultati-testsuite/TEST-org.openspcoop2.core.config.rs.testsuite.ApiConfigTestSuite.xml is 11 hr old
17:59:37   * /var/lib/jenkins/workspace/GovWay/tools/rs/monitor/server/testsuite/risultati-testsuite/TEST-org.openspcoop2.core.monitor.rs.testsuite.ApiMonitorTestSuite.xml is 11 hr old
17:59:37 
17:59:37 Build Aborted. Not looking for any TestNG results.
17:59:37 Collecting Dependency-Check artifact
17:59:37 Parsing file /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.xml
17:59:37 [analysis] Skipping execution of recorder since overall result is 'ABORTED'
17:59:37 Started calculate disk usage of build
17:59:37 Finished Calculation of disk usage of build in 0 seconds
17:59:37 Started calculate disk usage of workspace
17:59:38 Finished Calculation of disk usage of workspace in 0 seconds
17:59:38 Finished: ABORTED