Enforcer issues in multiple modules ----------------------------------- Key: RTGOV-601 URL: https://issues.jboss.org/browse/RTGOV-601 Project: RTGov (Run Time Governance) Issue Type: Bug Reporter: Brett Meyer Assignee: Gary Brown After upgrading to the BOM CR14, enforcer fails, but no actual errors are shown during the build. The only thing relevant I can find: {code} [WARNING] The dependency xercesImpl-2.9.1 matches a vulnerability recorded in the victims database. [CVE-2009-2625] [WARNING] Rule 0: com.redhat.victims.VictimsRule failed with message: +=======================+ |VULNERABILITY DETECTED!| +=======================+ For more information visit: - https://access.redhat.com/security/cve/CVE-2009-2625 {code} What's odd is that we don't explicitly depend on xercesImpl. I'm not sure if that's a bug in the plugin: failing due to a warning on a transitive dependency. For now, enforcer is completely disabled on the module.