ossindex is not a source of joy for us after some recent changes. I ran into the -Dossindex.fail=false not working within the last month and should have raised it as an issue. I don't know if this is user error with how we've configured something or a bug in the plugin.
I did just test -Dossindex.skip, and that works for me. I'll update our readme. On Mon, Jul 18, 2022 at 7:29 PM Bansal, Anshuman <[email protected]> wrote: > Hi Team, > > I'm trying to install Tika 2.4.1 on a RHEL machine but getting below error. > Is there any easy way to skip the dependency auditing at compile time? Or > a way to update that library to resolve the security issues? Though I tried > below command but did not help. > mvn clean install -Dossindex.fail=false > > > ---------------------------------------------------------Stacktrace---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > [ERROR] Failed to execute goal > org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit > (audit-dependencies) on project tika-fetcher-az-blob: Detected 1 vulnerable > components: > [ERROR] com.azure:azure-storage-blob:jar:12.17.1:compile; > https://ossindex.sonatype.org/component/pkg:maven/com.azure/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1 > [ERROR] * [CVE-2022-30187] CWE-200: Information Exposure (4.7); > https://ossindex.sonatype.org/vulnerability/CVE-2022-30187?component-type=maven&component-name=com.azure%2Fazure-storage-blob&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1 > [ERROR] > [ERROR] Excluded coordinates: > [ERROR] - io.netty:netty-handler:4.1.77.Final > [ERROR] > [ERROR] -> [Help 1] > [ERROR] > [ERROR] To see the full stack trace of the errors, re-run Maven with the > -e switch. > [ERROR] Re-run Maven using the -X switch to enable full debug logging. > [ERROR] > [ERROR] For more information about the errors and possible solutions, > please read the following articles: > [ERROR] [Help 1] > http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException > [ERROR] > [ERROR] After correcting the problems, you can resume the build with the > command > [ERROR] mvn <args> -rf :tika-fetcher-az-blob > > > > Thanks, > Anshuman > > ________________________________ > > The information contained in this message is intended only for the > recipient, and may be a confidential attorney-client communication or may > otherwise be privileged and confidential and protected from disclosure. If > the reader of this message is not the intended recipient, or an employee or > agent responsible for delivering this message to the intended recipient, > please be aware that any dissemination or copying of this communication is > strictly prohibited. If you have received this communication in error, > please immediately notify us by replying to the message and deleting it > from your computer. S&P Global Inc. reserves the right, subject to > applicable local law, to monitor, review and process the content of any > electronic message or information sent to or from S&P Global Inc. e-mail > addresses without informing the sender or recipient of the message. By > sending electronic message or information to S&P Global Inc. e-mail > addresses you, as the sender, are consenting to S&P Global Inc. processing > any of your personal data therein. >
