Hi Team, I'm trying to install Tika 2.4.1 on a RHEL machine but getting below error. Is there any easy way to skip the dependency auditing at compile time? Or a way to update that library to resolve the security issues? Though I tried below command but did not help. mvn clean install -Dossindex.fail=false
---------------------------------------------------------Stacktrace---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [ERROR] Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (audit-dependencies) on project tika-fetcher-az-blob: Detected 1 vulnerable components: [ERROR] com.azure:azure-storage-blob:jar:12.17.1:compile; https://ossindex.sonatype.org/component/pkg:maven/com.azure/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1 [ERROR] * [CVE-2022-30187] CWE-200: Information Exposure (4.7); https://ossindex.sonatype.org/vulnerability/CVE-2022-30187?component-type=maven&component-name=com.azure%2Fazure-storage-blob&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1 [ERROR] [ERROR] Excluded coordinates: [ERROR] - io.netty:netty-handler:4.1.77.Final [ERROR] [ERROR] -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException [ERROR] [ERROR] After correcting the problems, you can resume the build with the command [ERROR] mvn <args> -rf :tika-fetcher-az-blob Thanks, Anshuman ________________________________ The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. S&P Global Inc. reserves the right, subject to applicable local law, to monitor, review and process the content of any electronic message or information sent to or from S&P Global Inc. e-mail addresses without informing the sender or recipient of the message. By sending electronic message or information to S&P Global Inc. e-mail addresses you, as the sender, are consenting to S&P Global Inc. processing any of your personal data therein.
