Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13732

Upgrade OWASP dependency-check plugin version

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.0-alpha2
    • Component/s: security
    • Labels:
      None

      Description

      For reasons I don't fully understand, the current version (1.3.6) of the OWASP dependency-check plugin produces an essentially empty report on trunk (3.0.0). After some research, it appears that this plugin has undergone significant work in the latest version, 1.4.3. Upgrading to this version produces the expected full report.

      The only gotcha is that a new-ish version of maven is required. I'm using 3.2.2; I know that 3.0.x fails with a strange error.

      This plugin was introduced in HADOOP-13198.

        Attachments

        1. HADOOP-13732.002.patch
          2 kB
          Mike Yoder
        2. HADOOP-13732.001.patch
          0.6 kB
          Mike Yoder

          Activity

            People

            • Assignee:
              yoderme Mike Yoder
              Reporter:
              yoderme Mike Yoder
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: