profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/kai-baumann/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Kai Baumann kai-baumann exentra Pfaffenhofen http://exentra.de

kai-baumann/graphql-java 0

GraphQL Java implementation

kai-baumann/orientdb 0

OrientDB is the most versatile DBMS supporting Graph, Document, Reactive, Full-Text, Geospatial and Key-Value models in one Multi-Model product. OrientDB can run distributed (Multi-Master), supports SQL, ACID Transactions, Full-Text indexing and Reactive Queries. OrientDB Community Edition is Open Source using a liberal Apache 2 license.

issue commentjeremylong/DependencyCheck

Dependency Check gets stuck when used

I think that something is leaking db connections and the when it hits 8 used connections, dbcp2 waits forever until something else kills it.

I've reproduced this with a silly amount of dependencies (when testing a BOM). Maven plugin, issue only showed up with 6.2.0

I can see the issue if I set the connection pool to have a timeout in org.owasp.dependencycheck.data.nvdcve.DatabaseManager e.g.

// 1 minute
connectionPool.setMaxWaitMillis(1000 * 60 * 1);

The issue "goes away" if I put no limit on the connection pool size.

connectionPool.setMaxTotal(-1);

Silly amount of dependencies

<dependency><groupId>com.sun.activation</groupId><artifactId>javax.activation</artifactId><version>1.2.0</version></dependency>
<dependency><groupId>com.sun.xml.ws</groupId><artifactId>jaxws-ri</artifactId><version>2.3.3</version><type>pom</type></dependency>
<dependency><groupId>com.sun.xml.bind</groupId><artifactId>jaxb-impl</artifactId><version>2.2.11</version></dependency>
<dependency><groupId>com.sun.xml.bind</groupId><artifactId>jaxb-core</artifactId><version>2.2.11</version></dependency>
<dependency><groupId>javax.xml.bind</groupId><artifactId>jaxb-api</artifactId><version>2.2.11</version></dependency>
<dependency><groupId>org.glassfish.ha</groupId><artifactId>ha-api</artifactId><version>3.1.12</version></dependency>
<dependency><groupId>javax.transaction</groupId><artifactId>javax.transaction-api</artifactId><version>1.2.1</version></dependency>
<dependency><groupId>org.jvnet.mimepull</groupId><artifactId>mimepull</artifactId><version>1.9.13</version></dependency>
<dependency><groupId>com.sun.xml.fastinfoset</groupId><artifactId>FastInfoset</artifactId><version>1.2.18</version></dependency>
<dependency><groupId>com.sun.activation</groupId><artifactId>jakarta.activation</artifactId><version>1.2.2</version></dependency>
<dependency><groupId>com.sun.xml.messaging.saaj</groupId><artifactId>saaj-impl</artifactId><version>1.5.2</version></dependency>
<dependency><groupId>com.sun.xml.stream.buffer</groupId><artifactId>streambuffer</artifactId><version>1.5.9</version></dependency>
<dependency><groupId>org.glassfish.pfl</groupId><artifactId>pfl-basic</artifactId><version>4.1.0</version></dependency>
<dependency><groupId>org.glassfish.pfl</groupId><artifactId>pfl-tf</artifactId><version>4.1.0</version></dependency>
<dependency><groupId>org.glassfish.gmbal</groupId><artifactId>gmbal</artifactId><version>4.0.1</version></dependency>
<dependency><groupId>org.glassfish.external</groupId><artifactId>management-api</artifactId><version>3.2.2</version></dependency>
<dependency><groupId>com.sun.xml.ws</groupId><artifactId>policy</artifactId><version>2.7.10</version></dependency>
<dependency><groupId>com.sun.xml.ws</groupId><artifactId>jaxws-rt</artifactId><version>2.3.3</version></dependency>
<dependency><groupId>org.eclipse.persistence</groupId><artifactId>org.eclipse.persistence.moxy</artifactId><version>2.7.6</version></dependency>
<dependency><groupId>jakarta.persistence</groupId><artifactId>jakarta.persistence-api</artifactId><version>2.2.3</version></dependency>
<dependency><groupId>com.sun.xml.ws</groupId><artifactId>jaxws-eclipselink-plugin</artifactId><version>2.3.3</version></dependency>
<dependency><groupId>com.sun.xml.bind</groupId><artifactId>jaxb-jxc</artifactId><version>2.3.3</version></dependency>
<dependency><groupId>com.sun.xml.bind</groupId><artifactId>jaxb-xjc</artifactId><version>2.3.3</version></dependency>
<dependency><groupId>com.sun.xml.ws</groupId><artifactId>jaxws-tools</artifactId><version>2.3.3</version></dependency>
<dependency><groupId>com.sun.xml.ws</groupId><artifactId>sdo-eclipselink-plugin</artifactId><version>2.3.3</version></dependency>
<dependency><groupId>com.sun.mail</groupId><artifactId>jakarta.mail</artifactId><version>1.6.5</version></dependency>
<dependency><groupId>org.eclipse.persistence</groupId><artifactId>org.eclipse.persistence.asm</artifactId><version>2.7.6</version></dependency>
<dependency><groupId>org.eclipse.persistence</groupId><artifactId>org.eclipse.persistence.core</artifactId><version>2.7.6</version></dependency>
<dependency><groupId>jakarta.xml.ws</groupId><artifactId>jakarta.xml.ws-api</artifactId><version>2.3.3</version></dependency>
<dependency><groupId>org.eclipse.persistence</groupId><artifactId>commonj.sdo</artifactId><version>2.1.1</version></dependency>
<dependency><groupId>jakarta.xml.soap</groupId><artifactId>jakarta.xml.soap-api</artifactId><version>1.4.2</version></dependency>
<dependency><groupId>org.eclipse.persistence</groupId><artifactId>org.eclipse.persistence.sdo</artifactId><version>2.7.6</version></dependency>
<dependency><groupId>javax.annotation</groupId><artifactId>javax.annotation-api</artifactId><version>1.3.2</version></dependency>
<dependency><groupId>commons-configuration</groupId><artifactId>commons-configuration</artifactId><version>1.10</version></dependency>
<dependency><groupId>org.apache.commons</groupId><artifactId>commons-collections4</artifactId><version>4.4</version></dependency>
<dependency><groupId>commons-codec</groupId><artifactId>commons-codec</artifactId><version>1.15</version></dependency>
<dependency><groupId>commons-beanutils</groupId><artifactId>commons-beanutils</artifactId><version>1.9.4</version></dependency>
<dependency><groupId>jakarta.annotation</groupId><artifactId>jakarta.annotation-api</artifactId><version>1.3.5</version></dependency>
<dependency><groupId>jakarta.jws</groupId><artifactId>jakarta.jws-api</artifactId><version>2.1.0</version></dependency>
<dependency><groupId>jakarta.xml.bind</groupId><artifactId>jakarta.xml.bind-api</artifactId><version>2.3.3</version></dependency>
<dependency><groupId>org.apache.httpcomponents</groupId><artifactId>httpmime</artifactId><version>4.5.13</version></dependency>
<dependency><groupId>org.apache.httpcomponents</groupId><artifactId>httpcore</artifactId><version>4.4.14</version></dependency>
<dependency><groupId>org.apache.httpcomponents</groupId><artifactId>httpclient</artifactId><version>4.5.13</version></dependency>
<dependency><groupId>commons-fileupload</groupId><artifactId>commons-fileupload</artifactId><version>1.4</version></dependency>
<dependency><groupId>net.java.dev.jna</groupId><artifactId>jna-platform</artifactId><version>4.5.2</version></dependency>
<dependency><groupId>org.apache.httpcomponents</groupId><artifactId>httpclient-cache</artifactId><version>4.5.13</version></dependency>
<dependency><groupId>net.java.dev.jna</groupId><artifactId>jna</artifactId><version>4.5.2</version></dependency>
<dependency><groupId>org.apache.httpcomponents</groupId><artifactId>httpclient-win</artifactId><version>4.5.13</version></dependency>
<dependency><groupId>org.apache.httpcomponents.core5</groupId><artifactId>httpcore5</artifactId><version>5.1.1</version></dependency>
<dependency><groupId>org.apache.httpcomponents.core5</groupId><artifactId>httpcore5-testing</artifactId><version>5.1.1</version></dependency>
<dependency><groupId>io.reactivex.rxjava2</groupId><artifactId>rxjava</artifactId><version>2.2.8</version></dependency>
<dependency><groupId>org.apache.httpcomponents</groupId><artifactId>fluent-hc</artifactId><version>4.5.13</version></dependency>
<dependency><groupId>org.apache.httpcomponents.client5</groupId><artifactId>httpclient5-win</artifactId><version>5.1</version></dependency>
<dependency><groupId>org.apache.httpcomponents.client5</groupId><artifactId>httpclient5-testing</artifactId><version>5.1</version></dependency>
<dependency><groupId>org.apache.httpcomponents.client5</groupId><artifactId>httpclient5-fluent</artifactId><version>5.1</version></dependency>
<dependency><groupId>org.apache.httpcomponents.client5</groupId><artifactId>httpclient5-cache</artifactId><version>5.1</version></dependency>
<dependency><groupId>org.apache.httpcomponents.client5</groupId><artifactId>httpclient5</artifactId><version>5.1</version></dependency>
<dependency><groupId>org.apache.commons</groupId><artifactId>commons-compress</artifactId><version>1.20</version></dependency>
<dependency><groupId>org.apache.httpcomponents</groupId><artifactId>httpclient-osgi</artifactId><version>4.5.13</version></dependency>
<dependency><groupId>commons-io</groupId><artifactId>commons-io</artifactId><version>2.8.0</version></dependency>
<dependency><groupId>org.apache.httpcomponents.core5</groupId><artifactId>httpcore5-h2</artifactId><version>5.1.1</version></dependency>
<dependency><groupId>org.apache.commons</groupId><artifactId>commons-digester3</artifactId><version>3.2</version></dependency>
<dependency><groupId>commons-logging</groupId><artifactId>commons-logging</artifactId><version>1.2</version></dependency>
<dependency><groupId>org.apache.commons</groupId><artifactId>commons-math3</artifactId><version>3.6.1</version></dependency>
<dependency><groupId>org.reactivestreams</groupId><artifactId>reactive-streams</artifactId><version>1.0.3</version></dependency>
<dependency><groupId>org.apache.httpcomponents.core5</groupId><artifactId>httpcore5-reactive</artifactId><version>5.1.1</version></dependency>
<dependency><groupId>commons-cli</groupId><artifactId>commons-cli</artifactId><version>1.4</version></dependency>
<dependency><groupId>commons-discovery</groupId><artifactId>commons-discovery</artifactId><version>0.5</version></dependency>
<dependency><groupId>commons-jxpath</groupId><artifactId>commons-jxpath</artifactId><version>1.3</version></dependency>
<dependency><groupId>commons-validator</groupId><artifactId>commons-validator</artifactId><version>1.7</version></dependency>
<dependency><groupId>org.apache.commons</groupId><artifactId>commons-text</artifactId><version>1.9</version></dependency>
<dependency><groupId>dom4j</groupId><artifactId>dom4j</artifactId><version>1.6.1</version></dependency>
<dependency><groupId>org.apache.commons</groupId><artifactId>commons-lang3</artifactId><version>3.12.0</version></dependency>
<dependency><groupId>org.dom4j</groupId><artifactId>dom4j</artifactId><version>2.1.3</version></dependency>
<dependency><groupId>commons-collections</groupId><artifactId>commons-collections</artifactId><version>3.2.2</version></dependency>
<dependency><groupId>com.opencsv</groupId><artifactId>opencsv</artifactId><version>5.4</version></dependency>
<dependency><groupId>org.apache.commons</groupId><artifactId>commons-csv</artifactId><version>1.8</version></dependency>
<dependency><groupId>org.apache.commons</groupId><artifactId>commons-pool2</artifactId><version>2.9.0</version></dependency>
<dependency><groupId>commons-net</groupId><artifactId>commons-net</artifactId><version>3.8.0</version></dependency>
<dependency><groupId>commons-pool</groupId><artifactId>commons-pool</artifactId><version>1.6</version></dependency>
<dependency><groupId>com.google.code.findbugs</groupId><artifactId>jsr305</artifactId><version>3.0.2</version></dependency>
<dependency><groupId>commons-math</groupId><artifactId>commons-math</artifactId><version>1.2</version></dependency>
<dependency><groupId>commons-digester</groupId><artifactId>commons-digester</artifactId><version>2.1</version></dependency>
<dependency><groupId>com.google.guava</groupId><artifactId>listenablefuture</artifactId><version>9999.0-empty-to-avoid-conflict-with-guava</version></dependency>
<dependency><groupId>commons-lang</groupId><artifactId>commons-lang</artifactId><version>2.6</version></dependency>
<dependency><groupId>commons-httpclient</groupId><artifactId>commons-httpclient</artifactId><version>3.1</version></dependency>
<dependency><groupId>com.google.j2objc</groupId><artifactId>j2objc-annotations</artifactId><version>1.3</version></dependency>
<dependency><groupId>com.google.errorprone</groupId><artifactId>error_prone_annotations</artifactId><version>2.5.1</version></dependency>
<dependency><groupId>org.checkerframework</groupId><artifactId>checker-qual</artifactId><version>3.8.0</version></dependency>
<dependency><groupId>com.google.guava</groupId><artifactId>failureaccess</artifactId><version>1.0.1</version></dependency>
<dependency><groupId>com.google.guava</groupId><artifactId>guava</artifactId><version>30.1.1-jre</version></dependency>
<dependency><groupId>velocity</groupId><artifactId>velocity</artifactId><version>1.5</version></dependency>
<dependency><groupId>org.hibernate</groupId><artifactId>hibernate-core</artifactId><version>5.4.32.Final</version></dependency>
<dependency><groupId>xerces</groupId><artifactId>xercesImpl</artifactId><version>2.12.1</version></dependency>
<dependency><groupId>xml-apis</groupId><artifactId>xml-apis</artifactId><version>1.4.01</version></dependency>
<dependency><groupId>org.apache.logging.log4j</groupId><artifactId>log4j-bom</artifactId><version>2.14.1</version><type>pom</type></dependency>
<dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version></dependency>
<dependency><groupId>javax.persistence</groupId><artifactId>javax.persistence-api</artifactId><version>2.2</version></dependency>
<dependency><groupId>net.bytebuddy</groupId><artifactId>byte-buddy</artifactId><version>1.10.22</version></dependency>
<dependency><groupId>antlr</groupId><artifactId>antlr</artifactId><version>2.7.7</version></dependency>
<dependency><groupId>org.jboss.spec.javax.transaction</groupId><artifactId>jboss-transaction-api_1.2_spec</artifactId><version>1.1.1.Final</version></dependency>
<dependency><groupId>org.jboss</groupId><artifactId>jandex</artifactId><version>2.2.3.Final</version></dependency>
<dependency><groupId>com.fasterxml</groupId><artifactId>classmate</artifactId><version>1.5.1</version></dependency>
<dependency><groupId>org.hibernate.common</groupId><artifactId>hibernate-commons-annotations</artifactId><version>5.1.2.Final</version></dependency>
<dependency><groupId>org.glassfish.jaxb</groupId><artifactId>jaxb-runtime</artifactId><version>2.3.1</version></dependency>
<dependency><groupId>org.glassfish.jaxb</groupId><artifactId>txw2</artifactId><version>2.3.1</version></dependency>
<dependency><groupId>com.sun.istack</groupId><artifactId>istack-commons-runtime</artifactId><version>3.0.7</version></dependency>
<dependency><groupId>org.hibernate</groupId><artifactId>hibernate-entitymanager</artifactId><version>5.4.32.Final</version></dependency>
<dependency><groupId>org.jboss.logging</groupId><artifactId>jboss-logging</artifactId><version>3.4.1.Final</version></dependency>
<dependency><groupId>org.hibernate.validator</groupId><artifactId>hibernate-validator</artifactId><version>6.1.7.Final</version></dependency>
<dependency><groupId>org.hibernate</groupId><artifactId>hibernate-envers</artifactId><version>5.4.32.Final</version></dependency>
<dependency><groupId>javax.activation</groupId><artifactId>javax.activation-api</artifactId><version>1.2.0</version></dependency>
<dependency><groupId>jakarta.validation</groupId><artifactId>jakarta.validation-api</artifactId><version>2.0.2</version></dependency>
<dependency><groupId>net.sf.ehcache</groupId><artifactId>ehcache-core</artifactId><version>2.6.11</version></dependency>
<dependency><groupId>org.javassist</groupId><artifactId>javassist</artifactId><version>3.28.0-GA</version></dependency>
<dependency><groupId>cglib</groupId><artifactId>cglib</artifactId><version>3.3.0</version></dependency>
<dependency><groupId>org.ow2.asm</groupId><artifactId>asm</artifactId><version>7.1</version></dependency>
<dependency><groupId>net.sf.ehcache</groupId><artifactId>ehcache</artifactId><version>2.10.6</version></dependency>
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-bom</artifactId><version>5.5.0</version><type>pom</type></dependency>
<dependency><groupId>org.hibernate</groupId><artifactId>hibernate-ehcache</artifactId><version>5.4.32.Final</version></dependency>
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-acl</artifactId><version>5.5.0</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-framework-bom</artifactId><version>5.3.7</version><type>pom</type></dependency>
<dependency><groupId>cglib</groupId><artifactId>cglib-nodep</artifactId><version>3.3.0</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-aop</artifactId><version>5.3.7</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-context</artifactId><version>5.3.7</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-core</artifactId><version>5.3.7</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-jcl</artifactId><version>5.3.7</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-jdbc</artifactId><version>5.3.7</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-tx</artifactId><version>5.3.7</version></dependency>
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-config</artifactId><version>5.5.0</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-beans</artifactId><version>5.3.7</version></dependency>
<dependency><groupId>org.jetbrains.kotlin</groupId><artifactId>kotlin-stdlib-jdk8</artifactId><version>1.5.0</version></dependency>
<dependency><groupId>org.jetbrains</groupId><artifactId>annotations</artifactId><version>13.0</version></dependency>
<dependency><groupId>org.jetbrains.kotlin</groupId><artifactId>kotlin-stdlib-common</artifactId><version>1.5.0</version></dependency>
<dependency><groupId>org.jetbrains.kotlin</groupId><artifactId>kotlin-stdlib</artifactId><version>1.5.0</version></dependency>
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-crypto</artifactId><version>5.5.0</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-expression</artifactId><version>5.3.7</version></dependency>
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-core</artifactId><version>5.5.0</version></dependency>
<dependency><groupId>org.jetbrains.kotlin</groupId><artifactId>kotlin-stdlib-jdk7</artifactId><version>1.5.0</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-web</artifactId><version>5.3.7</version></dependency>
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-taglibs</artifactId><version>5.5.0</version></dependency>
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-remoting</artifactId><version>5.5.0</version></dependency>
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-dependencies</artifactId><version>2.5.0</version><type>pom</type></dependency>
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-web</artifactId><version>5.5.0</version></dependency>
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-test</artifactId><version>5.5.0</version></dependency>
<dependency><groupId>org.webjars</groupId><artifactId>webjars-locator-core</artifactId><version>0.44</version></dependency>
<dependency><groupId>org.webjars</groupId><artifactId>webjars-locator</artifactId><version>0.40</version></dependency>
<dependency><groupId>org.keycloak</groupId><artifactId>keycloak-common</artifactId><version>4.0.0.Final</version></dependency>
<dependency><groupId>org.keycloak</groupId><artifactId>keycloak-core</artifactId><version>4.0.0.Final</version></dependency>
<dependency><groupId>org.keycloak</groupId><artifactId>keycloak-admin-client</artifactId><version>4.0.0.Final</version></dependency>
<dependency><groupId>org.keycloak.bom</groupId><artifactId>keycloak-adapter-bom</artifactId><version>4.0.0.Final</version><type>pom</type></dependency>
<dependency><groupId>org.springframework.webflow</groupId><artifactId>spring-binding</artifactId><version>2.5.1.RELEASE</version></dependency>
<dependency><groupId>org.springframework.plugin</groupId><artifactId>spring-plugin-core</artifactId><version>2.0.0.RELEASE</version></dependency>
<dependency><groupId>org.springframework.webflow</groupId><artifactId>spring-webflow</artifactId><version>2.5.1.RELEASE</version></dependency>
<dependency><groupId>org.springframework.hateoas</groupId><artifactId>spring-hateoas</artifactId><version>1.3.1</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>5.0.9.RELEASE</version></dependency>
<dependency><groupId>org.springframework.ldap</groupId><artifactId>spring-ldap-core</artifactId><version>2.3.4.RELEASE</version></dependency>
<dependency><groupId>ognl</groupId><artifactId>ognl</artifactId><version>3.2.21</version></dependency>
<dependency><groupId>org.springframework.batch</groupId><artifactId>spring-batch-infrastructure</artifactId><version>2.0.4.RELEASE</version></dependency>
<dependency><groupId>org.springframework.ldap</groupId><artifactId>spring-ldap-ldif-batch</artifactId><version>2.3.4.RELEASE</version></dependency>
<dependency><groupId>org.springframework.ldap</groupId><artifactId>spring-ldap-ldif-core</artifactId><version>2.3.4.RELEASE</version></dependency>
<dependency><groupId>org.springframework.ldap</groupId><artifactId>spring-ldap-odm</artifactId><version>2.3.4.RELEASE</version></dependency>
<dependency><groupId>org.freemarker</groupId><artifactId>freemarker</artifactId><version>2.3.20</version></dependency>
<dependency><groupId>org.springframework.ws</groupId><artifactId>spring-ws-security</artifactId><version>3.1.1</version></dependency>
<dependency><groupId>org.springframework.ldap</groupId><artifactId>spring-ldap-core-tiger</artifactId><version>2.3.4.RELEASE</version></dependency>
<dependency><groupId>org.apache.wss4j</groupId><artifactId>wss4j-ws-security-dom</artifactId><version>2.3.0</version></dependency>
<dependency><groupId>org.apache.wss4j</groupId><artifactId>wss4j-ws-security-common</artifactId><version>2.3.0</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml-saml-impl</artifactId><version>3.4.5</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml-profile-api</artifactId><version>3.4.5</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml-core</artifactId><version>3.4.5</version></dependency>
<dependency><groupId>io.dropwizard.metrics</groupId><artifactId>metrics-core</artifactId><version>3.1.2</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml-saml-api</artifactId><version>3.4.5</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml-soap-api</artifactId><version>3.4.5</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml-security-impl</artifactId><version>3.4.5</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml-security-api</artifactId><version>3.4.5</version></dependency>
<dependency><groupId>net.shibboleth.utilities</groupId><artifactId>java-support</artifactId><version>7.5.1</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml-xacml-impl</artifactId><version>3.4.5</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml-xacml-api</artifactId><version>3.4.5</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml-xacml-saml-api</artifactId><version>3.4.5</version></dependency>
<dependency><groupId>org.jasypt</groupId><artifactId>jasypt</artifactId><version>1.9.3</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml-xmlsec-api</artifactId><version>3.4.5</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml-xacml-saml-impl</artifactId><version>3.4.5</version></dependency>
<dependency><groupId>org.apache.geronimo.javamail</groupId><artifactId>geronimo-javamail_1.4_mail</artifactId><version>1.8.4</version></dependency>
<dependency><groupId>org.jvnet.staxex</groupId><artifactId>stax-ex</artifactId><version>1.7.8</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml-xmlsec-impl</artifactId><version>3.4.5</version></dependency>
<dependency><groupId>org.springframework.ws</groupId><artifactId>spring-ws-support</artifactId><version>3.1.1</version></dependency>
<dependency><groupId>org.ehcache</groupId><artifactId>ehcache</artifactId><version>3.8.1</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-jms</artifactId><version>5.3.7</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-messaging</artifactId><version>5.3.7</version></dependency>
<dependency><groupId>com.sun.mail</groupId><artifactId>javax.mail</artifactId><version>1.6.0</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-oxm</artifactId><version>5.3.7</version></dependency>
<dependency><groupId>org.springframework.ws</groupId><artifactId>spring-xml</artifactId><version>3.1.1</version></dependency>
<dependency><groupId>org.apache.santuario</groupId><artifactId>xmlsec</artifactId><version>1.5.8</version></dependency>
<dependency><groupId>org.apache.ws.security</groupId><artifactId>wss4j</artifactId><version>1.6.19</version></dependency>
<dependency><groupId>org.springframework.ws</groupId><artifactId>spring-ws-core</artifactId><version>3.1.1</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>openws</artifactId><version>1.4.2-1</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>xmltooling</artifactId><version>1.3.2-1</version></dependency>
<dependency><groupId>org.opensaml</groupId><artifactId>opensaml</artifactId><version>2.5.1-1</version></dependency>
<dependency><groupId>org.springframework.retry</groupId><artifactId>spring-retry</artifactId><version>1.3.1</version></dependency>
<dependency><groupId>org.apache.poi</groupId><artifactId>poi-excelant</artifactId><version>5.0.0</version></dependency>
<dependency><groupId>org.apache.poi</groupId><artifactId>poi-examples</artifactId><version>5.0.0</version></dependency>
<dependency><groupId>org.apache.ant</groupId><artifactId>ant-launcher</artifactId><version>1.10.9</version></dependency>
<dependency><groupId>org.apache.ant</groupId><artifactId>ant</artifactId><version>1.10.9</version></dependency>
<dependency><groupId>org.apache.poi</groupId><artifactId>poi-ooxml-full</artifactId><version>5.0.0</version></dependency>
<!-- We are skipping: ..\lib\tools.jar -->
<dependency><groupId>org.apache.poi</groupId><artifactId>poi-ooxml-lite</artifactId><version>5.0.0</version></dependency>
<dependency><groupId>org.apache.poi</groupId><artifactId>poi-ooxml</artifactId><version>5.0.0</version></dependency>
<dependency><groupId>org.apache.xmlbeans</groupId><artifactId>xmlbeans</artifactId><version>4.0.0</version></dependency>
<dependency><groupId>com.github.virtuald</groupId><artifactId>curvesapi</artifactId><version>1.06</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-all</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-codec</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-constants</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-ext</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-extension</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-gui-util</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-script</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-rasterizer</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-rasterizer-ext</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-parser</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-i18n</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-svgpp</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-svgrasterizer</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-squiggle</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-squiggle-ext</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-slideshow</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-swing</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-svgbrowser</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-svg-dom</artifactId><version>1.13</version></dependency>
<dependency><groupId>org.apache.poi</groupId><artifactId>poi-scratchpad</artifactId><version>5.0.0</version></dependency>
<dependency><groupId>de.rototor.pdfbox</groupId><artifactId>graphics2d</artifactId><version>0.30</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-ttf2svg</artifactId><version>1.13</version></dependency>
<dependency><groupId>com.mchange</groupId><artifactId>c3p0</artifactId><version>0.9.5.4</version></dependency>
<dependency><groupId>org.quartz-scheduler</groupId><artifactId>quartz</artifactId><version>2.3.2</version></dependency>
<dependency><groupId>com.zaxxer</groupId><artifactId>SparseBitSet</artifactId><version>1.2</version></dependency>
<dependency><groupId>org.apache.poi</groupId><artifactId>poi</artifactId><version>5.0.0</version></dependency>
<dependency><groupId>org.quartz-scheduler</groupId><artifactId>quartz-jobs</artifactId><version>2.3.2</version></dependency>
<dependency><groupId>com.zaxxer</groupId><artifactId>HikariCP-java7</artifactId><version>2.4.13</version></dependency>
<dependency><groupId>org.apache.velocity</groupId><artifactId>velocity</artifactId><version>1.7</version></dependency>
<dependency><groupId>com.mchange</groupId><artifactId>mchange-commons-java</artifactId><version>0.2.15</version></dependency>
<dependency><groupId>oro</groupId><artifactId>oro</artifactId><version>2.0.8</version></dependency>
<dependency><groupId>displaytag</groupId><artifactId>displaytag</artifactId><version>1.2</version></dependency>
<dependency><groupId>jakarta.taglibs</groupId><artifactId>unstandard</artifactId><version>20060829</version></dependency>
<dependency><groupId>opensymphony</groupId><artifactId>sitemesh</artifactId><version>2.4.2</version></dependency>
<dependency><groupId>org.slf4j</groupId><artifactId>slf4j-nop</artifactId><version>1.7.30</version></dependency>
<dependency><groupId>org.slf4j</groupId><artifactId>log4j-over-slf4j</artifactId><version>1.7.30</version></dependency>
<dependency><groupId>org.slf4j</groupId><artifactId>slf4j-jcl</artifactId><version>1.7.30</version></dependency>
<dependency><groupId>org.slf4j</groupId><artifactId>slf4j-log4j12</artifactId><version>1.7.30</version></dependency>
<dependency><groupId>org.slf4j</groupId><artifactId>slf4j-api</artifactId><version>1.7.30</version></dependency>
<dependency><groupId>org.aspectj</groupId><artifactId>aspectjweaver</artifactId><version>1.9.6</version></dependency>
<dependency><groupId>org.aspectj</groupId><artifactId>aspectjrt</artifactId><version>1.9.6</version></dependency>
<dependency><groupId>org.slf4j</groupId><artifactId>jul-to-slf4j</artifactId><version>1.7.30</version></dependency>
<dependency><groupId>org.apache.felix</groupId><artifactId>org.apache.felix.framework</artifactId><version>5.6.1</version></dependency>
<dependency><groupId>org.apache.felix</groupId><artifactId>org.apache.felix.main</artifactId><version>5.6.1</version></dependency>
<dependency><groupId>org.slf4j</groupId><artifactId>slf4j-simple</artifactId><version>1.7.30</version></dependency>
<dependency><groupId>ant</groupId><artifactId>ant-junit</artifactId><version>1.6.5</version></dependency>
<dependency><groupId>org.slf4j</groupId><artifactId>integration</artifactId><version>1.7.30</version></dependency>
<dependency><groupId>org.slf4j</groupId><artifactId>osgi-over-slf4j</artifactId><version>1.7.30</version></dependency>
<dependency><groupId>org.slf4j</groupId><artifactId>jcl-over-slf4j</artifactId><version>1.7.30</version></dependency>
<dependency><groupId>com.fasterxml.jackson.core</groupId><artifactId>jackson-annotations</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.core</groupId><artifactId>jackson-core</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>org.slf4j</groupId><artifactId>slf4j-migrator</artifactId><version>1.7.30</version></dependency>
<dependency><groupId>org.slf4j</groupId><artifactId>slf4j-jdk14</artifactId><version>1.7.30</version></dependency>
<dependency><groupId>org.slf4j</groupId><artifactId>slf4j-ext</artifactId><version>1.7.30</version></dependency>
<dependency><groupId>org.eclipse.collections</groupId><artifactId>eclipse-collections-api</artifactId><version>9.1.0</version></dependency>
<dependency><groupId>org.eclipse.collections</groupId><artifactId>eclipse-collections</artifactId><version>9.1.0</version></dependency>
<dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-eclipse-collections</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.dataformat</groupId><artifactId>jackson-dataformat-smile</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.carrotsearch</groupId><artifactId>hppc</artifactId><version>0.8.1</version></dependency>
<dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-jaxrs</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-jdk8</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.core</groupId><artifactId>jackson-databind</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-json-org</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>org.json</groupId><artifactId>json</artifactId><version>20190722</version></dependency>
<dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-jsr310</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-jsr353</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-joda</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-pcollections</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>org.pcollections</groupId><artifactId>pcollections</artifactId><version>2.1.2</version></dependency>
<dependency><groupId>com.fasterxml.jackson.jaxrs</groupId><artifactId>jackson-jaxrs-base</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.jaxrs</groupId><artifactId>jackson-jaxrs-cbor-provider</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.dataformat</groupId><artifactId>jackson-dataformat-cbor</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-hppc</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-hibernate5</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-hibernate4</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-hibernate3</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.datatype</groupId><artifactId>jackson-datatype-guava</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.dataformat</groupId><artifactId>jackson-dataformat-xml</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.jaxrs</groupId><artifactId>jackson-jaxrs-xml-provider</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.jaxrs</groupId><artifactId>jackson-jaxrs-smile-provider</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.jaxrs</groupId><artifactId>jackson-jaxrs-yaml-provider</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.jaxrs</groupId><artifactId>jackson-jaxrs-json-provider</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>javax.json</groupId><artifactId>javax.json-api</artifactId><version>1.1.4</version></dependency>
<dependency><groupId>com.fasterxml.jackson.module</groupId><artifactId>jackson-module-jaxb-annotations</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.module</groupId><artifactId>jackson-module-osgi</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>org.osgi</groupId><artifactId>org.osgi.core</artifactId><version>5.0.0</version></dependency>
<dependency><groupId>com.fasterxml.jackson.module</groupId><artifactId>jackson-module-kotlin</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>org.jetbrains.kotlin</groupId><artifactId>kotlin-reflect</artifactId><version>1.4.21</version></dependency>
<dependency><groupId>org.yaml</groupId><artifactId>snakeyaml</artifactId><version>1.27</version></dependency>
<dependency><groupId>com.fasterxml.jackson.dataformat</groupId><artifactId>jackson-dataformat-yaml</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.woodstox</groupId><artifactId>woodstox-core</artifactId><version>6.2.4</version></dependency>
<dependency><groupId>org.codehaus.woodstox</groupId><artifactId>stax2-api</artifactId><version>4.2</version></dependency>
<dependency><groupId>com.fasterxml.jackson.module</groupId><artifactId>jackson-module-paranamer</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.module</groupId><artifactId>jackson-module-mrbean</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>com.fasterxml.jackson.module</groupId><artifactId>jackson-module-jsonSchema</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>javax.validation</groupId><artifactId>validation-api</artifactId><version>1.1.0.Final</version></dependency>
<dependency><groupId>com.fasterxml.jackson.module</groupId><artifactId>jackson-module-parameter-names</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>jakarta.activation</groupId><artifactId>jakarta.activation-api</artifactId><version>1.2.1</version></dependency>
<dependency><groupId>com.fasterxml.jackson.module</groupId><artifactId>jackson-module-afterburner</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>aopalliance</groupId><artifactId>aopalliance</artifactId><version>1.0</version></dependency>
<dependency><groupId>com.google.inject</groupId><artifactId>guice</artifactId><version>5.0.0-BETA-1</version></dependency>
<dependency><groupId>com.fasterxml.jackson.module</groupId><artifactId>jackson-module-guice</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcmail-jdk15on</artifactId><version>1.68</version></dependency>
<dependency><groupId>com.thoughtworks.paranamer</groupId><artifactId>paranamer</artifactId><version>2.8</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcmail-jdk15to18</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcmail-jdk14</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcpg-jdk15to18</artifactId><version>1.68</version></dependency>
<dependency><groupId>net.minidev</groupId><artifactId>accessors-smart</artifactId><version>2.4.7</version></dependency>
<dependency><groupId>net.minidev</groupId><artifactId>json-smart</artifactId><version>2.4.7</version></dependency>
<dependency><groupId>com.fasterxml.uuid</groupId><artifactId>java-uuid-generator</artifactId><version>4.0.1</version></dependency>
<dependency><groupId>org.scala-lang</groupId><artifactId>scala-library</artifactId><version>2.11.12</version></dependency>
<dependency><groupId>com.fasterxml.jackson.module</groupId><artifactId>jackson-module-scala_2.11</artifactId><version>2.12.3</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcpkix-jdk14</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcpkix-jdk15to18</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcprov-debug-jdk15on</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcpg-jdk15on</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcpg-jdk14</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcprov-ext-jdk15to18</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcprov-ext-jdk14</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bctls-jdk15on</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcpkix-jdk15on</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcmail-jdk15</artifactId><version>1.46</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcmail-jdk16</artifactId><version>1.46</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bctls-jdk15to18</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bctls-jdk14</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcprov-jdk15to18</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcprov-jdk15on</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcprov-jdk14</artifactId><version>1.68</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bctsp-jdk14</artifactId><version>1.46</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcprov-jdk16</artifactId><version>1.46</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcprov-jdk15</artifactId><version>1.46</version></dependency>
<dependency><groupId>org.bouncycastle</groupId><artifactId>bcpg-jdk15</artifactId><version>1.46</version></dependency>
<dependency><groupId>com.lowagie</groupId><artifactId>itext-rtf</artifactId><version>2.1.7</version></dependency>
<dependency><groupId>org.apache.pdfbox</groupId><artifactId>debugger-app</artifactId><version>2.0.8</version></dependency>
<dependency><groupId>com.lowagie</groupId><artifactId>itext</artifactId><version>2.1.7</version></dependency>
<dependency><groupId>org.apache.pdfbox</groupId><artifactId>fontbox</artifactId><version>2.0.8</version></dependency>
<dependency><groupId>org.apache.pdfbox</groupId><artifactId>pdfbox-app</artifactId><version>2.0.8</version></dependency>
<dependency><groupId>org.apache.pdfbox</groupId><artifactId>pdfbox-debugger</artifactId><version>2.0.8</version></dependency>
<dependency><groupId>com.lowagie</groupId><artifactId>itext-rups</artifactId><version>2.1.7</version></dependency>
<dependency><groupId>org.apache.lucene</groupId><artifactId>lucene-analyzers-common</artifactId><version>4.7.2</version></dependency>
<dependency><groupId>org.apache.pdfbox</groupId><artifactId>pdfbox</artifactId><version>2.0.8</version></dependency>
<dependency><groupId>org.apache.pdfbox</groupId><artifactId>preflight-app</artifactId><version>2.0.8</version></dependency>
<dependency><groupId>org.apache.pdfbox</groupId><artifactId>pdfbox-tools</artifactId><version>2.0.8</version></dependency>
<dependency><groupId>org.apache.lucene</groupId><artifactId>lucene-core</artifactId><version>4.7.2</version></dependency>
<dependency><groupId>org.apache.pdfbox</groupId><artifactId>pdfbox-examples</artifactId><version>2.0.8</version></dependency>
<dependency><groupId>struts</groupId><artifactId>struts</artifactId><version>1.2.9</version></dependency>
<dependency><groupId>wsdl4j</groupId><artifactId>wsdl4j</artifactId><version>1.6.3</version></dependency>
<dependency><groupId>org.codehaus.castor</groupId><artifactId>castor-parent</artifactId><version>1.4.1</version><type>pom</type></dependency>
<dependency><groupId>joda-time</groupId><artifactId>joda-time</artifactId><version>2.10.10</version></dependency>
<dependency><groupId>org.apache.pdfbox</groupId><artifactId>xmpbox</artifactId><version>2.0.8</version></dependency>
<dependency><groupId>org.apache.pdfbox</groupId><artifactId>preflight</artifactId><version>2.0.8</version></dependency>
<dependency><groupId>javax.inject</groupId><artifactId>javax.inject</artifactId><version>1</version></dependency>
<dependency><groupId>stax</groupId><artifactId>stax</artifactId><version>1.2.0</version></dependency>
<dependency><groupId>stax</groupId><artifactId>stax-api</artifactId><version>1.0.1</version></dependency>
<dependency><groupId>javax.xml.stream</groupId><artifactId>stax-api</artifactId><version>1.0-2</version></dependency>
<dependency><groupId>net.htmlparser.jericho</groupId><artifactId>jericho-html</artifactId><version>3.4</version></dependency>
<dependency><groupId>com.ibm.icu</groupId><artifactId>icu4j</artifactId><version>69.1</version></dependency>
<dependency><groupId>org.owasp.esapi</groupId><artifactId>esapi</artifactId><version>2.2.3.1</version></dependency>
<dependency><groupId>org.codehaus.castor</groupId><artifactId>castor-core</artifactId><version>1.3.3</version></dependency>
<dependency><groupId>com.io7m.xom</groupId><artifactId>xom</artifactId><version>1.2.10</version></dependency>
<dependency><groupId>org.owasp.antisamy</groupId><artifactId>antisamy</artifactId><version>1.6.3</version></dependency>
<dependency><groupId>org.codehaus.castor</groupId><artifactId>castor-xml</artifactId><version>1.3.3</version></dependency>
<dependency><groupId>xalan</groupId><artifactId>xalan</artifactId><version>2.5.1</version></dependency>
<dependency><groupId>net.sourceforge.nekohtml</groupId><artifactId>nekohtml</artifactId><version>1.9.22</version></dependency>
<dependency><groupId>org.apache-extras.beanshell</groupId><artifactId>bsh</artifactId><version>2.0b6</version></dependency>
<dependency><groupId>xml-apis</groupId><artifactId>xml-apis-ext</artifactId><version>1.3.04</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-bean-validators</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-boot-starter</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>xmlgraphics-commons</artifactId><version>2.6</version></dependency>
<dependency><groupId>org.apache.xmlgraphics</groupId><artifactId>batik-css</artifactId><version>1.14</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-data-rest</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-oas</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-core</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>org.springframework.plugin</groupId><artifactId>spring-plugin-metadata</artifactId><version>2.0.0.RELEASE</version></dependency>
<dependency><groupId>com.google.code.gson</groupId><artifactId>gson</artifactId><version>2.8.7</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-schema</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>org.mapstruct</groupId><artifactId>mapstruct</artifactId><version>1.3.1.Final</version></dependency>
<dependency><groupId>io.swagger.core.v3</groupId><artifactId>swagger-models</artifactId><version>2.1.2</version></dependency>
<dependency><groupId>io.swagger.core.v3</groupId><artifactId>swagger-annotations</artifactId><version>2.1.2</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-spring-web</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-spring-integration-webmvc</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-spring-integration-webflux</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>com.athaydes.rawhttp</groupId><artifactId>rawhttp-core</artifactId><version>2.2.1</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-spring-integration</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-spi</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-swagger-ui</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>io.swagger</groupId><artifactId>swagger-models</artifactId><version>1.5.20</version></dependency>
<dependency><groupId>io.swagger</groupId><artifactId>swagger-annotations</artifactId><version>1.5.20</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-swagger-common</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-spring-webmvc</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-spring-webflux</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>io.github.classgraph</groupId><artifactId>classgraph</artifactId><version>4.8.83</version></dependency>
<dependency><groupId>isorelax</groupId><artifactId>isorelax</artifactId><version>20030108</version></dependency>
<dependency><groupId>com.shapesecurity</groupId><artifactId>salvation</artifactId><version>2.7.2</version></dependency>
<dependency><groupId>nu.validator</groupId><artifactId>validator</artifactId><version>20.7.2</version></dependency>
<dependency><groupId>org.jsoup</groupId><artifactId>jsoup</artifactId><version>1.13.1</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-swagger2</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>io.springfox</groupId><artifactId>springfox-swagger1</artifactId><version>3.0.0</version></dependency>
<dependency><groupId>nu.validator</groupId><artifactId>htmlparser</artifactId><version>1.4.16</version></dependency>
<dependency><groupId>nu.validator</groupId><artifactId>galimatias</artifactId><version>0.1.3</version></dependency>
<dependency><groupId>nu.validator</groupId><artifactId>langdetect</artifactId><version>1.2</version></dependency>
<dependency><groupId>org.eclipse.jetty</groupId><artifactId>jetty-io</artifactId><version>9.4.18.v20190429</version></dependency>
<dependency><groupId>net.sf.saxon</groupId><artifactId>Saxon-HE</artifactId><version>9.6.0-4</version></dependency>
<dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.1.0</version></dependency>
<dependency><groupId>org.eclipse.jetty</groupId><artifactId>jetty-server</artifactId><version>9.4.18.v20190429</version></dependency>
<dependency><groupId>org.eclipse.jetty</groupId><artifactId>jetty-security</artifactId><version>9.4.18.v20190429</version></dependency>
<dependency><groupId>org.eclipse.jetty</groupId><artifactId>jetty-http</artifactId><version>9.4.18.v20190429</version></dependency>
<dependency><groupId>nu.validator</groupId><artifactId>jing</artifactId><version>20200702VNU</version></dependency>
<dependency><groupId>nu.validator</groupId><artifactId>cssvalidator</artifactId><version>1.0.8</version></dependency>
<dependency><groupId>org.eclipse.jetty</groupId><artifactId>jetty-continuation</artifactId><version>9.4.18.v20190429</version></dependency>
<dependency><groupId>org.eclipse.jetty</groupId><artifactId>jetty-servlets</artifactId><version>9.4.18.v20190429</version></dependency>
<dependency><groupId>org.eclipse.jetty</groupId><artifactId>jetty-util</artifactId><version>9.4.18.v20190429</version></dependency>
robinmeleri

comment created time in 22 days

issue closedjeremylong/DependencyCheck

mysql-connector-java-5.1.49-bin.jar causes exception in 6.2.0

Describe the bug

An Exception is thrown related to the CPE analyzer when analyzing a directory with mysql-connector-java-5.1.49-bin.jar in it

I suspect it's because the CPE contains a slash /

[WARN] An error occurred querying the CPE data. See the log for more details.
[INFO] Unable to parse: product:(driver mysql_connector\/j^2 mysql_connector_j^2 mysql_connector/j^2 jdbc^2 mysql mysql_connectors^2) AND vendor:(oracle^2 jdbc^2 mysql^2 sun)
org.apache.lucene.queryparser.classic.ParseException: Cannot parse 'product:(driver mysql_connector\/j^2 mysql_connector_j^2 mysql_connector/j^2 jdbc^2 mysql mysql_connectors^2) AND vendor:(oracle^2 jdbc^2 mysql^2 sun)': Lexical error at line 1, column 151.  Encountered: <EOF> after : "/j^2 jdbc^2 mysql mysql_connectors^2) AND vendor:(oracle^2 jdbc^2 mysql^2 sun)"
	at org.apache.lucene.queryparser.classic.QueryParserBase.parse(QueryParserBase.java:114)
	at org.owasp.dependencycheck.data.cpe.AbstractMemoryIndex.parseQuery(AbstractMemoryIndex.java:277)
	at org.owasp.dependencycheck.analyzer.CPEAnalyzer.searchCPE(CPEAnalyzer.java:446)
	at org.owasp.dependencycheck.analyzer.CPEAnalyzer.determineCPE(CPEAnalyzer.java:280)
	at org.owasp.dependencycheck.analyzer.CPEAnalyzer.analyzeDependency(CPEAnalyzer.java:785)
	at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
	at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
	at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
	at java.base/java.lang.Thread.run(Thread.java:832)
Caused by: org.apache.lucene.queryparser.classic.TokenMgrError: Lexical error at line 1, column 151.  Encountered: <EOF> after : "/j^2 jdbc^2 mysql mysql_connectors^2) AND vendor:(oracle^2 jdbc^2 mysql^2 sun)"
	at org.apache.lucene.queryparser.classic.QueryParserTokenManager.getNextToken(QueryParserTokenManager.java:1119)
	at org.apache.lucene.queryparser.classic.QueryParser.getToken(QueryParser.java:854)
	at org.apache.lucene.queryparser.classic.QueryParser.jj_3R_3(QueryParser.java:668)
	at org.apache.lucene.queryparser.classic.QueryParser.jj_3_2(QueryParser.java:697)
	at org.apache.lucene.queryparser.classic.QueryParser.jj_2_2(QueryParser.java:653)
	at org.apache.lucene.queryparser.classic.QueryParser.Query(QueryParser.java:281)
	at org.apache.lucene.queryparser.classic.QueryParser.Clause(QueryParser.java:359)
	at org.apache.lucene.queryparser.classic.QueryParser.Query(QueryParser.java:244)
	at org.apache.lucene.queryparser.classic.QueryParser.TopLevelQuery(QueryParser.java:215)
	at org.apache.lucene.queryparser.classic.QueryParserBase.parse(QueryParserBase.java:109)
	... 11 common frames omitted

Version of dependency-check used

  • Problem is present in the docker image owasp/dependency-check:6.2.0
  • Problem is not present in the docker image owasp/dependency-check:6.1.6

Log file

https://gist.github.com/MichaelGissingNC/98549876b72b19b03adf47485a7006b5

To Reproduce

  1. download mysql-connector-java-5.1.49-bin.jar https://mvnrepository.com/artifact/mysql/mysql-connector-java/5.1.49
  2. scan current directory containing the file

Expected behavior

No exception

closed time in 22 days

MichaelGissingNC

issue commentjeremylong/DependencyCheck

mysql-connector-java-5.1.49-bin.jar causes exception in 6.2.0

@alerat looks like I'm really bad a searching issues today. Seems to be the same, yes. I just don't know how I missed it :disappointed:

MichaelGissingNC

comment created time in 22 days

issue openedjeremylong/DependencyCheck

mysql-connector-java-5.1.49-bin.jar causes exception in 6.2.0

Describe the bug

An Exception is thrown related to the CPE analyzer when analyzing a directory with mysql-connector-java-5.1.49-bin.jar in it

I suspect it's because the CPE contains a slash /

[WARN] An error occurred querying the CPE data. See the log for more details.
[INFO] Unable to parse: product:(driver mysql_connector\/j^2 mysql_connector_j^2 mysql_connector/j^2 jdbc^2 mysql mysql_connectors^2) AND vendor:(oracle^2 jdbc^2 mysql^2 sun)
org.apache.lucene.queryparser.classic.ParseException: Cannot parse 'product:(driver mysql_connector\/j^2 mysql_connector_j^2 mysql_connector/j^2 jdbc^2 mysql mysql_connectors^2) AND vendor:(oracle^2 jdbc^2 mysql^2 sun)': Lexical error at line 1, column 151.  Encountered: <EOF> after : "/j^2 jdbc^2 mysql mysql_connectors^2) AND vendor:(oracle^2 jdbc^2 mysql^2 sun)"
	at org.apache.lucene.queryparser.classic.QueryParserBase.parse(QueryParserBase.java:114)
	at org.owasp.dependencycheck.data.cpe.AbstractMemoryIndex.parseQuery(AbstractMemoryIndex.java:277)
	at org.owasp.dependencycheck.analyzer.CPEAnalyzer.searchCPE(CPEAnalyzer.java:446)
	at org.owasp.dependencycheck.analyzer.CPEAnalyzer.determineCPE(CPEAnalyzer.java:280)
	at org.owasp.dependencycheck.analyzer.CPEAnalyzer.analyzeDependency(CPEAnalyzer.java:785)
	at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
	at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
	at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
	at java.base/java.lang.Thread.run(Thread.java:832)
Caused by: org.apache.lucene.queryparser.classic.TokenMgrError: Lexical error at line 1, column 151.  Encountered: <EOF> after : "/j^2 jdbc^2 mysql mysql_connectors^2) AND vendor:(oracle^2 jdbc^2 mysql^2 sun)"
	at org.apache.lucene.queryparser.classic.QueryParserTokenManager.getNextToken(QueryParserTokenManager.java:1119)
	at org.apache.lucene.queryparser.classic.QueryParser.getToken(QueryParser.java:854)
	at org.apache.lucene.queryparser.classic.QueryParser.jj_3R_3(QueryParser.java:668)
	at org.apache.lucene.queryparser.classic.QueryParser.jj_3_2(QueryParser.java:697)
	at org.apache.lucene.queryparser.classic.QueryParser.jj_2_2(QueryParser.java:653)
	at org.apache.lucene.queryparser.classic.QueryParser.Query(QueryParser.java:281)
	at org.apache.lucene.queryparser.classic.QueryParser.Clause(QueryParser.java:359)
	at org.apache.lucene.queryparser.classic.QueryParser.Query(QueryParser.java:244)
	at org.apache.lucene.queryparser.classic.QueryParser.TopLevelQuery(QueryParser.java:215)
	at org.apache.lucene.queryparser.classic.QueryParserBase.parse(QueryParserBase.java:109)
	... 11 common frames omitted

Version of dependency-check used

  • Problem is present in the docker image owasp/dependency-check:6.2.0
  • Problem is not present in the docker image owasp/dependency-check:6.1.6

Log file

https://gist.github.com/MichaelGissingNC/98549876b72b19b03adf47485a7006b5

To Reproduce

  1. download mysql-connector-java-5.1.49-bin.jar https://mvnrepository.com/artifact/mysql/mysql-connector-java/5.1.49
  2. scan current directory containing the file

Expected behavior

No exception

created time in 22 days

issue commentjeremylong/DependencyCheck

Postgresql jar not loaded by commons-dbcp

It works but we have to modify our pom.xml files for all of our projects. We centralize all the dependency-check maven plugin configuration in a common settings.xml in our continuous integration

alerat

comment created time in 22 days

issue commentjeremylong/DependencyCheck

Postgresql jar not loaded by commons-dbcp

Can you try configuring the plugin with a dependency like this:

        <plugins>
            <plugin>
                <groupId>org.owasp</groupId>
                <artifactId>dependency-check-maven</artifactId>
                <version>6.2.0</version>
                <dependencies>
                    <dependency>
                        <groupId>org.postgresql</groupId>
                        <artifactId>postgresql</artifactId>
                        <version>42.2.20</version>
                    </dependency>
                </dependencies>
alerat

comment created time in 22 days

issue commentjeremylong/DependencyCheck

Dependency Check gets stuck when used

Similar issue here, i don't know why the AppData\Local\Temp\ folder is analyze. image

robinmeleri

comment created time in 22 days

issue closedjeremylong/DependencyCheck

Exception is displayed when checking MySQL connector

Describe the bug An exception is displayed when checking MySQL connector dependency with 6.2.0. The exception is not displayed with 6.1.6. At this time, I have not seen this error for another dependency.

The check is still performed completely but build ends up in failure.

Version of dependency-check used The problem occurs using version 6.2.0 of the maven plugin

Log file gist I created a sample to reproduce the issue on the mysql-connector branch

To Reproduce Steps to reproduce the behavior:

  1. Clone the above mentionned repository
  2. cd into dependency-check-maven-sample
  3. Run mvn clean dependency-check:check

Expected behavior If the issue is on dependency-check side => no error message displayed and the dependency is correctly processed If the issue in on the NVD database side => just a one line warning telling this dependency cannot be processed

Additional context I have just seen this error while running dependency check on our company product. I will provide more data when I will have time to perform a better investigation.

closed time in 22 days

nhumblot

push eventjeremylong/DependencyCheck

Jeremy Long

commit sha 4e81e6b8f6caf2ff158236111aba5b53a6254274

fix unlikely npe

view details

Jeremy Long

commit sha 049343370533658c9423aa975348119abebb24aa

fix typo

view details

Jeremy Long

commit sha 283492441fe1cde22464e118e4c9ac13b9f25a46

correctly escape boosted terms to resolve #3410

view details

push time in 22 days

issue openedjeremylong/DependencyCheck

Postgresql jar not loaded by commons-dbcp

Describe the bug We are using an external nist database and

Version of dependency-check used The problem occurs using version X.X.X of the ____ (cli, gradle plugin, maven plugin, etc.)

Log file When reporting errors, 99% of the time log file output is required. Please post the log file as a gist and provide a link in the new issue.

To Reproduce Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior A clear and concise description of what you expected to happen.

Additional context Add any other context about the problem here.

created time in 22 days

issue commentjeremylong/DependencyCheck

Dependency Check gets stuck when used

I don't see this as a timeout setting related issue, something changed from 6.1.6 to 6.2.0 that fully hangs ODC. Running "mvn org.owasp:dependency-check-maven:6.1.6:aggregate" completes successfully in 1minute. But "mvn org.owasp:dependency-check-maven:6.2.0:aggregate" on the same build just hangs and dies by timeout/CI tool killing.

robinmeleri

comment created time in 23 days

issue commentjeremylong/DependencyCheck

Dependency Check gets stuck when used

Have tried increasing the timeout to 60 and 120 minutes but it doesnt fix the problem

robinmeleri

comment created time in 23 days

issue commentjeremylong/DependencyCheck

Dependency Check gets stuck when used

@jeremylong I think for the Azure DevOps task the timeout is already set to 60min But that doesn't solve the issue, in a working scenario where (in my case) the NVD CVE Analyzer takes less then a second. image

In a not working build it just keeps waiting and waiting untill it errors or i cancel the pipeline. (This pipeline got canceled after 54min) image

robinmeleri

comment created time in 23 days

issue commentjeremylong/DependencyCheck

Dependency Check gets stuck when used

You can always increase this using:

set JAVA_OPTS=-Dodc.analysis.timeout=60

or

set MAVEN_OPTS=-Dodc.analysis.timeout=60
robinmeleri

comment created time in 23 days

push eventjeremylong/DependencyCheck

Jeremy Long

commit sha 18ea82a0f03f360b2a367fd9c285d41ac5b89118

imcrease timeout per #3408

view details

push time in 23 days

issue commentjeremylong/DependencyCheck

Error during generating the VulnerabilityReport, jnidispatch.dll does not exist and cannot be analyzed by dependency-check

Have you - I don't know - considered using the maven or gradle plugin instead of trying to write your own integration into what appears to be a java build?

h-bahrami

comment created time in 23 days

issue commentjeremylong/DependencyCheck

Error during generating the VulnerabilityReport, jnidispatch.dll does not exist and cannot be analyzed by dependency-check

I receive this error now,

One or more exceptions occurred during analysis: UpdateException: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-2020-15465' caused by DatabaseException: Error updating 'CVE-2020-15465' caused by JdbcSQLNonTransientException: The database is read only; SQL statement: DELETE FROM vulnerability WHERE cve = ? [90097-200] NoDataException: No documents exist
h-bahrami

comment created time in 23 days

issue commentjeremylong/DependencyCheck

Exception is displayed when checking MySQL connector

For me 6.1.5 and 6.1.6 succeed and mvn org.owasp:dependency-check-maven:6.2.0:check fails with

[INFO] Created CPE Index (1 seconds)
[WARNING] An unexpected error occurred during analysis of '/home/romanka/.m2/repository/mysql/mysql-connector-java/8.0.22/mysql-connector-java-8.0.22.jar' (CPE Analyzer): end-of-string expected at position 202
[ERROR] 
java.lang.IllegalArgumentException: end-of-string expected at position 202
    at org.apache.lucene.util.automaton.RegExp.<init> (RegExp.java:488)
    at org.apache.lucene.search.RegexpQuery.<init> (RegexpQuery.java:138)
    at org.apache.lucene.search.RegexpQuery.<init> (RegexpQuery.java:121)
    at org.apache.lucene.search.RegexpQuery.<init> (RegexpQuery.java:92)
    at org.apache.lucene.queryparser.classic.QueryParserBase.newRegexpQuery (QueryParserBase.java:578)
    at org.apache.lucene.queryparser.classic.QueryParserBase.getRegexpQuery (QueryParserBase.java:760)
    at org.apache.lucene.queryparser.classic.QueryParserBase.handleBareTokenQuery (QueryParserBase.java:826)
    at org.apache.lucene.queryparser.classic.QueryParser.Term (QueryParser.java:469)
    at org.apache.lucene.queryparser.classic.QueryParser.Clause (QueryParser.java:355)
    at org.apache.lucene.queryparser.classic.QueryParser.Query (QueryParser.java:303)
    at org.apache.lucene.queryparser.classic.QueryParser.Clause (QueryParser.java:359)
    at org.apache.lucene.queryparser.classic.QueryParser.Query (QueryParser.java:244)
    at org.apache.lucene.queryparser.classic.QueryParser.TopLevelQuery (QueryParser.java:215)
    at org.apache.lucene.queryparser.classic.QueryParserBase.parse (QueryParserBase.java:109)
    at org.owasp.dependencycheck.data.cpe.AbstractMemoryIndex.parseQuery (AbstractMemoryIndex.java:277)
    at org.owasp.dependencycheck.analyzer.CPEAnalyzer.searchCPE (CPEAnalyzer.java:446)
    at org.owasp.dependencycheck.analyzer.CPEAnalyzer.determineCPE (CPEAnalyzer.java:280)
    at org.owasp.dependencycheck.analyzer.CPEAnalyzer.analyzeDependency (CPEAnalyzer.java:785)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze (AbstractAnalyzer.java:131)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:88)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:37)
    at java.util.concurrent.FutureTask.run (FutureTask.java:264)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1128)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:628)
    at java.lang.Thread.run (Thread.java:834)
nhumblot

comment created time in 23 days

issue commentjeremylong/DependencyCheck

Dependency Check gets stuck when used

This morning (just now) I again have the problem of a stuck dependency check, this time executed via mvn --batch-mode --debug org.owasp:dependency-check-maven:check.

robinmeleri

comment created time in 23 days

issue commentjeremylong/DependencyCheck

Dependency Check gets stuck when used

We are experiencing the same issue as the original reporter (using ODC 6.2.0 release on Windows server 2016, via maven plugin). ODC hangs and fails if used without -X. But seems to finish and exit cleanly when using -X.

robinmeleri

comment created time in 23 days

issue openedjeremylong/DependencyCheck

Report CPE link broken

Describe the bug The CPE URL on html report(dependency-check-report.html) is broken(Page Not Found)

Version of dependency-check used The problem occurs using version 6.2.0 of the cli

Log file When reporting errors, 99% of the time log file output is required. Please post the log file as a gist and provide a link in the new issue.

To Reproduce Steps to reproduce the behavior:

  1. Download & Extract Dependency Check from Github
  2. Set up PATH variable to the location of the script
  3. Go to the path where the bat file is located
  4. Run depedency-check.bat --project xxxxxxx --scan "D:\Jenkins\workspace\xxxxx"

Expected behavior NVD CPE link

Additional context Using Windows Server 2019

created time in 23 days

issue commentjeremylong/DependencyCheck

Dependency Check gets stuck when used

OK. Now the build continues, but fails with the issue reported in #3410 .

robinmeleri

comment created time in 23 days

issue commentjeremylong/DependencyCheck

Exception is displayed when checking MySQL connector

I get the same issue with dependency-check-maven-plugin 6.2.0 for mysql-connector-java-8.0.22.jar. It works fine with plugin version 6.1.7.

nhumblot

comment created time in 23 days

issue commentjeremylong/DependencyCheck

Dependency Check gets stuck when used

We got this as last Maven debug output:

DEBUG] Begin Analysis of '/var/folders/f5/9hr0ck5n3pzgn6xmrwj610kh0000gp/T/dctempdcaa0b60-a6fd-44d1-b73e-d1a6590cbd29/check11288188695660540680tmp/43/pom.xml' (NVD CVE Analyzer)
[DEBUG] Cache miss for cpe:2.3:a:netty:netty:4.1.52:*:*:*:*:*:*:*

After that we get after some time

org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error connecting to the database

(unfortunately the debug log output is broken, I have to rerun it with --batch-mode tomorrow ...)

robinmeleri

comment created time in 23 days

issue commentjeremylong/DependencyCheck

Dependency Check gets stuck when used

Same issue here after upgrade from 6.1.7 to 6.2.0.

robinmeleri

comment created time in 23 days

issue commentjeremylong/DependencyCheck

Exception is displayed when checking MySQL connector

Got a similar stacktrace using the gradle plugin version 6.2.0 and 6.1.6 for mysql-connector-java-8.0.25.jar. Error does not occur with 6.1.5.

An unexpected error occurred during analysis of '/home/blaschke/.local/share/gradle/caches/modules-2/files-2.1/mysql/mysql-connector-java/8.0.25/f8b9123acd13058c941aff25f308c9ed8000bb73/mysql-connector-java-8.0.25.jar' (CPE Analyzer): unexpected end-of-string

java.lang.IllegalArgumentException: unexpected end-of-string
        at org.apache.lucene.util.automaton.RegExp.next(RegExp.java:1118)
        at org.apache.lucene.util.automaton.RegExp.parseCharExp(RegExp.java:1265)
        at org.apache.lucene.util.automaton.RegExp.parseSimpleExp(RegExp.java:1260)
        at org.apache.lucene.util.automaton.RegExp.parseCharClassExp(RegExp.java:1192)
        at org.apache.lucene.util.automaton.RegExp.parseComplExp(RegExp.java:1180)
        at org.apache.lucene.util.automaton.RegExp.parseRepeatExp(RegExp.java:1149)
        at org.apache.lucene.util.automaton.RegExp.parseConcatExp(RegExp.java:1142)
        at org.apache.lucene.util.automaton.RegExp.parseConcatExp(RegExp.java:1144)
        at org.apache.lucene.util.automaton.RegExp.parseConcatExp(RegExp.java:1144)
        ... // line is repeated a few hundred times
        at org.apache.lucene.util.automaton.RegExp.parseConcatExp(RegExp.java:1144)
        at org.apache.lucene.util.automaton.RegExp.parseConcatExp(RegExp.java:1144)
        at org.apache.lucene.util.automaton.RegExp.parseInterExp(RegExp.java:1135)
        at org.apache.lucene.util.automaton.RegExp.parseUnionExp(RegExp.java:1129)
        at org.apache.lucene.util.automaton.RegExp.<init>(RegExp.java:487)
        at org.apache.lucene.search.RegexpQuery.<init>(RegexpQuery.java:138)
        at org.apache.lucene.search.RegexpQuery.<init>(RegexpQuery.java:121)
        at org.apache.lucene.search.RegexpQuery.<init>(RegexpQuery.java:92)
        at org.apache.lucene.queryparser.classic.QueryParserBase.newRegexpQuery(QueryParserBase.java:578)
        at org.apache.lucene.queryparser.classic.QueryParserBase.getRegexpQuery(QueryParserBase.java:760)
        at org.apache.lucene.queryparser.classic.QueryParserBase.handleBareTokenQuery(QueryParserBase.java:826)
        at org.apache.lucene.queryparser.classic.QueryParser.Term(QueryParser.java:469)
        at org.apache.lucene.queryparser.classic.QueryParser.Clause(QueryParser.java:355)
        at org.apache.lucene.queryparser.classic.QueryParser.Query(QueryParser.java:303)
        at org.apache.lucene.queryparser.classic.QueryParser.Clause(QueryParser.java:359)
        at org.apache.lucene.queryparser.classic.QueryParser.Query(QueryParser.java:244)
        at org.apache.lucene.queryparser.classic.QueryParser.TopLevelQuery(QueryParser.java:215)
        at org.apache.lucene.queryparser.classic.QueryParserBase.parse(QueryParserBase.java:109)
        at org.owasp.dependencycheck.data.cpe.AbstractMemoryIndex.parseQuery(AbstractMemoryIndex.java:277)
        at org.owasp.dependencycheck.analyzer.CPEAnalyzer.searchCPE(CPEAnalyzer.java:446)
        at org.owasp.dependencycheck.analyzer.CPEAnalyzer.determineCPE(CPEAnalyzer.java:280)
        at org.owasp.dependencycheck.analyzer.CPEAnalyzer.analyzeDependency(CPEAnalyzer.java:785)
        at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
        at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
        at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)

> Task :starter:dependencyCheckAnalyze FAILED

nhumblot

comment created time in 23 days

issue commentjeremylong/DependencyCheck

Dependency Check gets stuck when used

We are experiencing the same issue. Our devops server automatically downloaded the 6.2.0 version (before it was using 6.1.6) And since then some (not all) of our projects experience this issue. Everything goes quick untill '[INFO] Finished False Positive Analyzer (0 seconds)' After that nothing. We didn't wait 1h yet, but i guess after 60min we will just get a timeout.

robinmeleri

comment created time in 23 days

issue commentjeremylong/DependencyCheck

Dependency Check gets stuck when used

Tried that but it still gives the same problem. :/ When I use the -X flag for debug output it doesnt crash, do you have any suggestions to why that may be?

robinmeleri

comment created time in 23 days

issue openedjeremylong/DependencyCheck

Exception is displayed when checking MySQL connector

Describe the bug An exception is displayed when checking MySQL connector dependency with 6.2.0. The exception is not displayed with 6.1.6. At this time, I have not seen this error for another dependency.

Version of dependency-check used The problem occurs using version 6.2.0 of the maven plugin

Log file gist I created a sample to reproduce the issue on the mysql-connector branch

To Reproduce Steps to reproduce the behavior:

  1. Clone the above mentionned repository
  2. cd into dependency-check-maven-sample
  3. Run mvn clean dependency-check:check

Expected behavior If the issue is on dependency-check side => no error message displayed and the dependency is correctly processed If the issue in on the NVD database side => just a one line warning telling this dependency cannot be processed

Additional context I have just seen this error while running dependency check on our company product. I will provide more data when I will have time to perform a better investigation.

created time in 23 days