Maven build fails due to identified "vulnerabilities" (?) in dependencies
Authzforce core: mvn clean install.
Java 8 (1.8.0_201 oracle) on Linux Ubuntu 18.04.
Trace follows:
`[WARNING]
One or more dependencies were identified with known vulnerabilities in org.ow2.authzforce:authzforce-ce-core-pdp-engine:
spring-core-4.3.12.RELEASE.jar (cpe:/a:vmware:springsource_spring_framework:4.3.12, cpe:/a:pivotal_software:spring_framework:4.3.12, cpe:/a:springsource:spring_framework:4.3.12, org.springframework:spring-core:4.3.12.RELEASE, cpe:/a:pivotal:spring_framework:4.3.12) : CVE-2018-1257, CVE-2018-1275, CVE-2018-11040, CVE-2018-1199, CVE-2018-1271, CVE-2018-1270, CVE-2018-15756, CVE-2018-1272, CVE-2018-11039 guava-22.0.jar (com.google.guava:guava:22.0, cpe:/a:google:guava:22.0) : CVE-2018-10237
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary: [INFO] [INFO] org.ow2.authzforce:authzforce-ce-core .............. SUCCESS [ 1.712 s] [INFO] org.ow2.authzforce:authzforce-ce-core-pdp-engine ... FAILURE [05:14 min] [INFO] org.ow2.authzforce:authzforce-ce-core-pdp-testutils SKIPPED [INFO] org.ow2.authzforce:authzforce-ce-core-pdp-io-xacml-json SKIPPED [INFO] org.ow2.authzforce:authzforce-ce-core-pdp-cli ...... SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 05:16 min [INFO] Finished at: 2019-02-22T09:35:25+01:00 [INFO] Final Memory: 46M/751M [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.owasp:dependency-check-maven:3.0.2:check (default) on project authzforce-ce-core-pdp-engine: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities: [ERROR] [ERROR] spring-core-4.3.12.RELEASE.jar: CVE-2018-1257, CVE-2018-1275, CVE-2018-11040, CVE-2018-1199, CVE-2018-1271, CVE-2018-1270, CVE-2018-15756, CVE-2018-1272, CVE-2018-11039 [ERROR] guava-22.0.jar: CVE-2018-10237 [ERROR] [ERROR] See the dependency-check report for more details. [ERROR] [ERROR] [ERROR] -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException [ERROR] [ERROR] After correcting the problems, you can resume the build with the command [ERROR] mvn -rf :authzforce-ce-core-pdp-engine`