[overlord-issues] [JBoss JIRA] (RTGOV-601) Enforcer issues in multiple modules

[ https://issues.jboss.org/browse/RTGOV-601?page=com.atlassian.jira.plugin.... ] Brett Meyer updated RTGOV-601: ------------------------------ Description: org.overlord.rtgov.activity-management:activity org.overlord.rtgov.integration:rtgov-switchyard After upgrading to the BOM CR14, enforcer fails, but no actual errors are shown during the build. The only thing relevant I can find: {code} [WARNING] The dependency xercesImpl-2.9.1 matches a vulnerability recorded in the victims database. [CVE-2009-2625] [WARNING] Rule 0: com.redhat.victims.VictimsRule failed with message: +=======================+ |VULNERABILITY DETECTED!| +=======================+ For more information visit: - https://access.redhat.com/security/cve/CVE-2009-2625 {code} What's odd is that we don't explicitly depend on xercesImpl. I'm not sure if that's a bug in the plugin: failing due to a warning on a transitive dependency. For now, enforcer is completely disabled on the listed modules. was: org.overlord.rtgov.activity-management:activity org.overlord.rtgov.integration:rtgov-switchyard After upgrading to the BOM CR14, enforcer fails, but no actual errors are shown during the build. The only thing relevant I can find: {code} [WARNING] The dependency xercesImpl-2.9.1 matches a vulnerability recorded in the victims database. [CVE-2009-2625] [WARNING] Rule 0: com.redhat.victims.VictimsRule failed with message: +=======================+ |VULNERABILITY DETECTED!| +=======================+ For more information visit: - https://access.redhat.com/security/cve/CVE-2009-2625 {code} What's odd is that we don't explicitly depend on xercesImpl. I'm not sure if that's a bug in the plugin: failing due to a warning on a transitive dependency. For now, enforcer is completely disabled on the module. -- This message was sent by Atlassian JIRA (v6.3.1#6329)