[
https://issues.jboss.org/browse/RTGOV-601?page=com.atlassian.jira.plugin....
]
Brett Meyer updated RTGOV-601:
------------------------------
Description:
org.overlord.rtgov.activity-management:activity
org.overlord.rtgov.integration:rtgov-switchyard
org.overlord.rtgov.distribution:overlord-rtgov-features-fuse6
After upgrading to the BOM CR14, enforcer fails, but no actual errors are shown during the
build. The only thing relevant I can find:
{code}
[WARNING] The dependency xercesImpl-2.9.1 matches a vulnerability recorded in the victims
database. [CVE-2009-2625]
[WARNING] Rule 0: com.redhat.victims.VictimsRule failed with message:
+=======================+
|VULNERABILITY DETECTED!|
+=======================+
For more information visit:
-
https://access.redhat.com/security/cve/CVE-2009-2625
{code}
What's odd is that we don't explicitly depend on xercesImpl. I'm not sure if
that's a bug in the plugin: failing due to a warning on a transitive dependency.
For now, enforcer is completely disabled on the listed modules.
was:
org.overlord.rtgov.activity-management:activity
org.overlord.rtgov.integration:rtgov-switchyard
After upgrading to the BOM CR14, enforcer fails, but no actual errors are shown during the
build. The only thing relevant I can find:
{code}
[WARNING] The dependency xercesImpl-2.9.1 matches a vulnerability recorded in the victims
database. [CVE-2009-2625]
[WARNING] Rule 0: com.redhat.victims.VictimsRule failed with message:
+=======================+
|VULNERABILITY DETECTED!|
+=======================+
For more information visit:
-
https://access.redhat.com/security/cve/CVE-2009-2625
{code}
What's odd is that we don't explicitly depend on xercesImpl. I'm not sure if
that's a bug in the plugin: failing due to a warning on a transitive dependency.
For now, enforcer is completely disabled on the listed modules.
Enforcer issues in multiple modules
-----------------------------------
Key: RTGOV-601
URL:
https://issues.jboss.org/browse/RTGOV-601
Project: RTGov (Run Time Governance)
Issue Type: Bug
Reporter: Brett Meyer
Assignee: Gary Brown
org.overlord.rtgov.activity-management:activity
org.overlord.rtgov.integration:rtgov-switchyard
org.overlord.rtgov.distribution:overlord-rtgov-features-fuse6
After upgrading to the BOM CR14, enforcer fails, but no actual errors are shown during
the build. The only thing relevant I can find:
{code}
[WARNING] The dependency xercesImpl-2.9.1 matches a vulnerability recorded in the victims
database. [CVE-2009-2625]
[WARNING] Rule 0: com.redhat.victims.VictimsRule failed with message:
+=======================+
|VULNERABILITY DETECTED!|
+=======================+
For more information visit:
-
https://access.redhat.com/security/cve/CVE-2009-2625
{code}
What's odd is that we don't explicitly depend on xercesImpl. I'm not sure if
that's a bug in the plugin: failing due to a warning on a transitive dependency.
For now, enforcer is completely disabled on the listed modules.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)