dataminer.accolade created ANY23-608:
----------------------------------------
Summary: Any23 cannot be built due to security vulnerabilities.
Key: ANY23-608
URL: https://issues.apache.org/jira/browse/ANY23-608
Project: Apache Any23
Issue Type: Improvement
Affects Versions: 2.7
Reporter: dataminer.accolade
Ich have tried to build from the following Dockerfile:
{code:java}
FROM maven:3-jdk-11 AS buildARG ANY23_VERSION_ARG
ENV ANY23_VERSION=${ANY23_VERSION_ARG:-2.7}
ENV ARCHIV_NAME="tmp-archiv.tar.gz"RUN mkdir -p ~/.m2/
RUN echo
"<settings><mirrors><mirror><id>maven-central</id><mirrorOf>*</mirrorOf><url>https://repo.maven.apache.org/maven2</url><blocked>false</blocked></mirror></mirrors></settings>"
> ~/.m2/settings.xml
WORKDIR /any23
RUN curl -L --output "$ARCHIV_NAME"
"https://api.github.com/repos/apache/any23/tarball/refs/tags/any23-$ANY23_VERSION";
RUN tar xf "$ARCHIV_NAME" --strip-components=1
RUN rm "$ARCHIV_NAME"
RUN mvn clean install -Dmaven.test.skip=true -Dmaven.javadoc.skip=true {code}
I had to exclude the following packages with (-Dossindex.excludeCoordinates) to
complete the build process:
com.drewnoakes:metadata-extractor:2.16.0
com.fasterxml.jackson.core:jackson-databind:2.11.4
com.google.guava:guava:30.1.1-jre
org.apache.poi:poi-scratchpad:5.2.0
org.apache.tika:tika-core:2.3.0
org.apache.tika:tika-parser-image-module:2.3.0
org.jsoup:jsoup:1.14.3
org.yaml:snakeyaml:1.30
xerces:xercesImpl:2.12.2
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
