Trivy detect false positive vunerabilities about jetty ? #7767

sbernard31 · 2024-10-18T14:28:05Z

sbernard31
Oct 18, 2024

IDs

CVE-2021-28169, CVE-2020-27216

Description

Since recently, trivy detects some vulnerability in my code but I pretty sure this is false positive...

Here the trivy report :

leshan-bsserver-demo/pom.xml (pom)

Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

┌────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────────────────────┬──────────────────────────────────────────────────────────┐
│            Library             │ Vulnerability  │ Severity │ Status │ Installed Version │                Fixed Version                 │                          Title                           │
├────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────────────────────┼──────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-webapp │ CVE-2020-27216 │ HIGH     │ fixed  │ 9.4.56.v20240826  │ 9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3 │ jetty: local temporary directory hijacking vulnerability │
│                                │                │          │        │                   │                                              │ https://avd.aquasec.com/nvd/cve-2020-27216               │
└────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────────────────────┴──────────────────────────────────────────────────────────┘

leshan-server-demo/pom.xml (pom)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0)

┌──────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────────────────────┬────────────────────────────────────────────────────────────┐
│             Library              │ Vulnerability  │ Severity │ Status │ Installed Version │                Fixed Version                 │                           Title                            │
├──────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-servlets │ CVE-2021-28169 │ MEDIUM   │ fixed  │ 9.4.56.v20240826  │ 9.4.41, 10.0.3, 11.0.3                       │ jetty: requests to the ConcatServlet and WelcomeFilter are │
│                                  │                │          │        │                   │                                              │ able to access protected...                                │
│                                  │                │          │        │                   │                                              │ https://avd.aquasec.com/nvd/cve-2021-28169                 │
├──────────────────────────────────┼────────────────┼──────────┤        │                   ├──────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-webapp   │ CVE-2020-27216 │ HIGH     │        │                   │ 9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3 │ jetty: local temporary directory hijacking vulnerability   │
│                                  │                │          │        │                   │                                              │ https://avd.aquasec.com/nvd/cve-2020-27216                 │
└──────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────────────────────┴────────────────────────────────────────────────────────────┘

pom.xml (pom)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0)

┌──────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────────────────────┬────────────────────────────────────────────────────────────┐
│             Library              │ Vulnerability  │ Severity │ Status │ Installed Version │                Fixed Version                 │                           Title                            │
├──────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-servlets │ CVE-2021-28169 │ MEDIUM   │ fixed  │ 9.4.56.v20240826  │ 9.4.41, 10.0.3, 11.0.3                       │ jetty: requests to the ConcatServlet and WelcomeFilter are │
│                                  │                │          │        │                   │                                              │ able to access protected...                                │
│                                  │                │          │        │                   │                                              │ https://avd.aquasec.com/nvd/cve-2021-28169                 │
├──────────────────────────────────┼────────────────┼──────────┤        │                   ├──────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-webapp   │ CVE-2020-27216 │ HIGH     │        │                   │ 9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3 │ jetty: local temporary directory hijacking vulnerability   │
│                                  │                │          │        │                   │                                              │ https://avd.aquasec.com/nvd/cve-2020-27216                 │
└──────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────────────────────┴────────────────────────────────────────────────────────────┘

This vulnerabilities are pretty old and was not detected before. I don't know what happens exactly.
It seems both hasn't been modifier recently :

Reproduction Steps

It can be reproduce scanning branch `1.x` of [Leshan](https://github.com/eclipse-leshan/leshan/tree/1.x).

Using : `trivy -f table --scanners vuln fs ./ --include-dev-deps`

Target

Filesystem

Scanner

Vulnerability

Target OS

Debian 12 (stable)

Debug Output

2024-10-18T16:27:30+02:00	DEBUG	No plugins loaded
2024-10-18T16:27:30+02:00	DEBUG	Default config file "file_path=trivy.yaml" not found, using built in values
2024-10-18T16:27:30+02:00	DEBUG	Cache dir	dir="/home/sbernard/.cache/trivy"
2024-10-18T16:27:30+02:00	DEBUG	Cache dir	dir="/home/sbernard/.cache/trivy"
2024-10-18T16:27:30+02:00	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-10-18T16:27:30+02:00	DEBUG	Ignore statuses	statuses=[]
2024-10-18T16:27:30+02:00	DEBUG	DB update was skipped because the local DB is the latest
2024-10-18T16:27:30+02:00	DEBUG	DB info	schema=2 updated_at=2024-10-18T12:17:57.577049117Z next_update=2024-10-19T12:17:57.577048987Z downloaded_at=2024-10-18T14:02:47.175870908Z
2024-10-18T16:27:30+02:00	DEBUG	[pkg] Package types	types=[os library]
2024-10-18T16:27:30+02:00	DEBUG	[pkg] Package relationships	relationships=[unknown root direct indirect]
2024-10-18T16:27:30+02:00	INFO	[vuln] Vulnerability scanning is enabled
2024-10-18T16:27:30+02:00	DEBUG	Enabling misconfiguration scanners	scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-10-18T16:27:30+02:00	DEBUG	Initializing scan cache...	type="memory"
2024-10-18T16:27:30+02:00	DEBUG	Skipping path	path=".git"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="commons-cli" artifact_id="commons-cli" version="1.5.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:52"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-client-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-core" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:23"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="scandium" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:23"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-legal" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:californium-legal"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="element-connector" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:element-connector"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-client-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="commons-cli" artifact_id="commons-cli" version="1.5.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:52"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:52"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="commons-lang" artifact_id="commons-lang" version="2.6"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-client-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="commons-cli" artifact_id="commons-cli" version="1.5.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:17"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:52"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:23"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:23"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:52"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-simple" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:23"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:23"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:52"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-simple" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-client-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-core" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:17"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.jetty" artifact_id="jetty-webapp" version=" 9.4.56.v20240826"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="scandium" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-legal" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:californium-legal"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="element-connector" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:element-connector"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-client-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-core" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-core" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="scandium" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="scandium" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-legal" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:californium-legal"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="element-connector" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-redis" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:element-connector"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-client-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-redis" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-client-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-legal" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:californium-legal"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="element-connector" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:element-connector"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-core" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-core" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-core" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="scandium" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="scandium" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-legal" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:californium-legal"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="element-connector" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:element-connector"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="scandium" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="redis.clients" artifact_id="jedis" version="3.2.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.sonatype.oss:oss-parent:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.sonatype.oss:oss-parent:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-client-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-legal" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:californium-legal"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="element-connector" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:element-connector"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.apache.commons" artifact_id="commons-pool2" version="2.6.2"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="redis.clients" artifact_id="jedis" version="3.2.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.sonatype.oss:oss-parent:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:48"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.sonatype.oss:oss-parent:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.jmdns" artifact_id="jmdns" version="3.5.8"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-client-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-redis" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="commons-cli" artifact_id="commons-cli" version="1.5.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:52"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-legal" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:californium-legal"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="element-connector" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:element-connector"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:21"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="redis.clients" artifact_id="jedis" version="3.2.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:21"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.apache.commons" artifact_id="commons-pool2" version="2.6.2"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.sonatype.oss:oss-parent:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:48"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.sonatype.oss:oss-parent:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:48"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-core" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:23"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:23"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:52"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="scandium" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-core" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:21"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:21"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:48"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.apache.commons" artifact_id="commons-pool2" version="2.6.2"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:48"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="commons-io" artifact_id="commons-io" version="2.14.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:62"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-core" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:21"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:21"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:48"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="scandium" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-legal" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:californium-legal"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="element-connector" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:element-connector"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-legal" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:californium-legal"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="element-connector" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:element-connector"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:30"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="redis.clients" artifact_id="jedis" version="3.2.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:30"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.sonatype.oss:oss-parent:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:62"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.sonatype.oss:oss-parent:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.apache.commons" artifact_id="commons-pool2" version="2.6.2"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.junit" artifact_id="junit-bom" version="5.10.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:48"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="commons-lang" artifact_id="commons-lang" version="2.6"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:17"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:21"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:17"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.jetty" artifact_id="jetty-webapp" version=" 9.4.56.v20240826"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:21"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:48"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.jmdns" artifact_id="jmdns" version="3.5.8"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="commons-cli" artifact_id="commons-cli" version="1.5.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:52"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:23"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:23"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:52"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="commons-io" artifact_id="commons-io" version="2.14.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:62"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:30"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:30"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:62"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.junit" artifact_id="junit-bom" version="5.10.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="commons-lang" artifact_id="commons-lang" version="2.6"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:17"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:7"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:17"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.jetty" artifact_id="jetty-webapp" version=" 9.4.56.v20240826"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Failed to fetch	url="https://repo.maven.apache.org/maven2/org/eclipse/jetty/jetty-webapp/%209.4.56.v20240826/jetty-webapp-%209.4.56.v20240826.pom"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="org.eclipse.jetty:jetty-webapp: 9.4.56.v20240826 was not found in local/remote repositories"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.jetty" artifact_id="jetty-servlets" version=" 9.4.56.v20240826"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Failed to fetch	url="https://repo.maven.apache.org/maven2/org/eclipse/jetty/jetty-webapp/%209.4.56.v20240826/jetty-webapp-%209.4.56.v20240826.pom"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="org.eclipse.jetty:jetty-webapp: 9.4.56.v20240826 was not found in local/remote repositories"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.google.code.gson" artifact_id="gson" version="2.10.1"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Failed to fetch	url="https://repo.maven.apache.org/maven2/org/eclipse/jetty/jetty-webapp/%209.4.56.v20240826/jetty-webapp-%209.4.56.v20240826.pom"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="org.eclipse.jetty:jetty-webapp: 9.4.56.v20240826 was not found in local/remote repositories"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.jetty" artifact_id="jetty-servlets" version=" 9.4.56.v20240826"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="com.google.code.gson:gson-parent:2.10.1"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="com.google.code.gson:gson-parent:2.10.1"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="ch.qos.logback" artifact_id="logback-classic" version="1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="ch.qos.logback:logback-parent:1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="ch.qos.logback:logback-parent:1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-core" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:parent:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="scandium" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="ch.qos.logback" artifact_id="logback-core" version="1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="ch.qos.logback:logback-parent:1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="ch.qos.logback:logback-parent:1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-legal" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:californium-legal"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="element-connector" version=""
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:element-connector"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Failed to fetch	url="https://repo.maven.apache.org/maven2/org/eclipse/jetty/jetty-servlets/%209.4.56.v20240826/jetty-servlets-%209.4.56.v20240826.pom"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Failed to fetch	url="https://repo.maven.apache.org/maven2/org/eclipse/jetty/jetty-servlets/%209.4.56.v20240826/jetty-servlets-%209.4.56.v20240826.pom"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="org.eclipse.jetty:jetty-servlets: 9.4.56.v20240826 was not found in local/remote repositories"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Repository error	err="org.eclipse.jetty:jetty-servlets: 9.4.56.v20240826 was not found in local/remote repositories"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.google.code.gson" artifact_id="gson" version="2.10.1"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="com.google.code.gson" artifact_id="gson" version="2.10.1"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="com.google.code.gson:gson-parent:2.10.1"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="com.google.code.gson:gson-parent:2.10.1"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="com.google.code.gson:gson-parent:2.10.1"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="com.google.code.gson:gson-parent:2.10.1"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="ch.qos.logback" artifact_id="logback-classic" version="1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="ch.qos.logback" artifact_id="logback-classic" version="1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="ch.qos.logback:logback-parent:1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="ch.qos.logback:logback-parent:1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="ch.qos.logback:logback-parent:1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="ch.qos.logback:logback-parent:1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-api" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="ch.qos.logback" artifact_id="logback-core" version="1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="ch.qos.logback:logback-parent:1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="ch.qos.logback:logback-parent:1.2.13"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.slf4j" artifact_id="slf4j-simple" version="1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.slf4j:slf4j-parent:1.7.36"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core-cf" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-server-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="scandium" version="2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:30+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.californium:cf-bom:2.8.0"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Resolving...	group_id="redis.clients" artifact_id="jedis" version="3.2.0"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Start parent	artifact="org.sonatype.oss:oss-parent:7"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Adding repository	id="sonatype-nexus-snapshots" url="https://oss.sonatype.org/content/repositories/snapshots"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Exit parent	artifact="org.sonatype.oss:oss-parent:7"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Resolving...	group_id="com.eclipsesource.minimal-json" artifact_id="minimal-json" version="0.9.5"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="californium-legal" version=""
2024-10-18T16:27:31+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:californium-legal"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.californium" artifact_id="element-connector" version=""
2024-10-18T16:27:31+02:00	DEBUG	[pom] Repository error	err="Version missing for org.eclipse.californium:element-connector"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Resolving...	group_id="ch.qos.logback" artifact_id="logback-core" version="1.2.13"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Start parent	artifact="ch.qos.logback:logback-parent:1.2.13"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Exit parent	artifact="ch.qos.logback:logback-parent:1.2.13"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Resolving...	group_id="org.eclipse.leshan" artifact_id="leshan-core" version="1.5.1-SNAPSHOT"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Start parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Exit parent	artifact="org.eclipse.leshan:leshan:1.5.1-SNAPSHOT"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Resolving...	group_id="org.apache.commons" artifact_id="commons-pool2" version="2.6.2"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Start parent	artifact="org.apache.commons:commons-parent:48"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Start parent	artifact="org.apache:apache:21"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Exit parent	artifact="org.apache:apache:21"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Exit parent	artifact="org.apache.commons:commons-parent:48"
2024-10-18T16:27:31+02:00	DEBUG	OS is not detected.
2024-10-18T16:27:31+02:00	DEBUG	Detected OS: unknown
2024-10-18T16:27:31+02:00	INFO	Number of language-specific files	num=14
2024-10-18T16:27:31+02:00	INFO	[pom] Detecting vulnerabilities...
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="leshan-client-cf/pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="leshan-core-cf/pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="leshan-core/pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="leshan-integration-tests/target/classes/META-INF/maven/org.eclipse.leshan/leshan-integration-tests/pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="leshan-integration-tests/pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="leshan-server-cf/pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="leshan-bsserver-demo/pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="leshan-client-core/pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="leshan-client-demo/pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="leshan-client-demo/target/classes/META-INF/maven/org.eclipse.leshan/leshan-client-demo/pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="leshan-server-core/pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="leshan-server-demo/pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[pom] Scanning packages for vulnerabilities	file_path="leshan-server-redis/pom.xml"
2024-10-18T16:27:31+02:00	DEBUG	[vex] VEX filtering is disabled

Version

Version: 0.55.2
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-10-18 12:17:57.577049117 +0000 UTC
  NextUpdate: 2024-10-19 12:17:57.577048987 +0000 UTC
  DownloadedAt: 2024-10-18 14:02:47.175870908 +0000 UTC

Checklist

Read the documentation regarding wrong detection
Ran Trivy with -f json that shows data sources and confirmed that the security advisory in data sources was correct

Answered by DmitriyLewen

Oct 24, 2024

I found a problem!

Your pom.xml file contains extra space prefix:

➜ cat pom.xml | grep 9.4.56.v20240826
        <jetty.version> 9.4.56.v20240826</jetty.version>

That's why the version comparison is not working correctly.
We fixed this problem in #7747
Trivy from main branch works correctly:

➜ ./trivy -q fs ./pom.xml

pom.xml (pom)

Total: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

┌──────────────────────────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
│           Library            │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │                           Ti…

View full answer

DmitriyLewen · 2024-10-22T09:45:10Z

DmitriyLewen
Oct 22, 2024
Maintainer

Hello @sbernard31

I can't reproduce your case for Trivy v0.56.2:

leshan-bsserver-demo/pom.xml (pom)

Total: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

┌────────────────────────────────┬───────────────┬──────────┬────────┬───────────────────┬──────────────────────────────────┬───────────────────────────────────────────────────────────┐
│            Library             │ Vulnerability │ Severity │ Status │ Installed Version │          Fixed Version           │                           Title                           │
├────────────────────────────────┼───────────────┼──────────┼────────┼───────────────────┼──────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-http   │ CVE-2024-6763 │ LOW      │ fixed  │ 9.4.53.v20231009  │ 12.0.12                          │ org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of │
│                                │               │          │        │                   │                                  │ invalid authority                                         │
│                                │               │          │        │                   │                                  │ https://avd.aquasec.com/nvd/cve-2024-6763                 │
├────────────────────────────────┼───────────────┼──────────┤        │                   ├──────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-server │ CVE-2024-8184 │ MEDIUM   │        │                   │ 12.0.9, 10.0.24, 11.0.24, 9.4.56 │ org.eclipse.jetty:jetty-server: jetty: Jetty              │
│                                │               │          │        │                   │                                  │ ThreadLimitHandler.getRemote() vulnerable to remote DoS   │
│                                │               │          │        │                   │                                  │ attacks                                                   │
│                                │               │          │        │                   │                                  │ https://avd.aquasec.com/nvd/cve-2024-8184                 │
└────────────────────────────────┴───────────────┴──────────┴────────┴───────────────────┴──────────────────────────────────┴───────────────────────────────────────────────────────────┘

leshan-server-demo/pom.xml (pom)

Total: 3 (UNKNOWN: 0, LOW: 1, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌──────────────────────────────────┬───────────────┬──────────┬────────┬───────────────────┬──────────────────────────────────┬───────────────────────────────────────────────────────────┐
│             Library              │ Vulnerability │ Severity │ Status │ Installed Version │          Fixed Version           │                           Title                           │
├──────────────────────────────────┼───────────────┼──────────┼────────┼───────────────────┼──────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-http     │ CVE-2024-6763 │ LOW      │ fixed  │ 9.4.53.v20231009  │ 12.0.12                          │ org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of │
│                                  │               │          │        │                   │                                  │ invalid authority                                         │
│                                  │               │          │        │                   │                                  │ https://avd.aquasec.com/nvd/cve-2024-6763                 │
├──────────────────────────────────┼───────────────┼──────────┤        │                   ├──────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-server   │ CVE-2024-8184 │ MEDIUM   │        │                   │ 12.0.9, 10.0.24, 11.0.24, 9.4.56 │ org.eclipse.jetty:jetty-server: jetty: Jetty              │
│                                  │               │          │        │                   │                                  │ ThreadLimitHandler.getRemote() vulnerable to remote DoS   │
│                                  │               │          │        │                   │                                  │ attacks                                                   │
│                                  │               │          │        │                   │                                  │ https://avd.aquasec.com/nvd/cve-2024-8184                 │
├──────────────────────────────────┼───────────────┤          │        │                   ├──────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-servlets │ CVE-2024-9823 │          │        │                   │ 9.4.54, 10.0.18, 11.0.18         │ org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS        │
│                                  │               │          │        │                   │                                  │ vulnerability on DosFilter                                │
│                                  │               │          │        │                   │                                  │ https://avd.aquasec.com/nvd/cve-2024-9823                 │
└──────────────────────────────────┴───────────────┴──────────┴────────┴───────────────────┴──────────────────────────────────┴───────────────────────────────────────────────────────────┘

pom.xml (pom)

Total: 3 (UNKNOWN: 0, LOW: 1, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌──────────────────────────────────┬───────────────┬──────────┬────────┬───────────────────┬──────────────────────────────────┬───────────────────────────────────────────────────────────┐
│             Library              │ Vulnerability │ Severity │ Status │ Installed Version │          Fixed Version           │                           Title                           │
├──────────────────────────────────┼───────────────┼──────────┼────────┼───────────────────┼──────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-http     │ CVE-2024-6763 │ LOW      │ fixed  │ 9.4.53.v20231009  │ 12.0.12                          │ org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of │
│                                  │               │          │        │                   │                                  │ invalid authority                                         │
│                                  │               │          │        │                   │                                  │ https://avd.aquasec.com/nvd/cve-2024-6763                 │
├──────────────────────────────────┼───────────────┼──────────┤        │                   ├──────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-server   │ CVE-2024-8184 │ MEDIUM   │        │                   │ 12.0.9, 10.0.24, 11.0.24, 9.4.56 │ org.eclipse.jetty:jetty-server: jetty: Jetty              │
│                                  │               │          │        │                   │                                  │ ThreadLimitHandler.getRemote() vulnerable to remote DoS   │
│                                  │               │          │        │                   │                                  │ attacks                                                   │
│                                  │               │          │        │                   │                                  │ https://avd.aquasec.com/nvd/cve-2024-8184                 │
├──────────────────────────────────┼───────────────┤          │        │                   ├──────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-servlets │ CVE-2024-9823 │          │        │                   │ 9.4.54, 10.0.18, 11.0.18         │ org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS        │
│                                  │               │          │        │                   │                                  │ vulnerability on DosFilter                                │
│                                  │               │          │        │                   │                                  │ https://avd.aquasec.com/nvd/cve-2024-9823                 │
└──────────────────────────────────┴───────────────┴──────────┴────────┴───────────────────┴──────────────────────────────────┴───────────────────────────────────────────────────────────┘

Can you update Trivy and check again?

6 replies

DmitriyLewen Oct 23, 2024
Maintainer

Thanks!
I can reproduce your case now 👍

I compared versions from mvn dependency:tree and output of Trivy.
Trivy correctly detects the versions for these packages.

Also, these versions are in the ranges from GitHub recommendations.
So Trivy correctly reports vulnerabilities for these packages.

Why do you think this is a false positive?

sbernard31 Oct 23, 2024
Author

Affected version are :

<= 9.4.40
< 9.4.33

and installed version is 9.4.56.v20240826
So vulnerabilities should not be reported or I missed something ?

DmitriyLewen Oct 24, 2024
Maintainer

hmm... i don't know why 9.4.56.v20240826 was on the affected versions list for me yesterday... 😕
Sorry about that.
I'll take a look and write to you!

DmitriyLewen Oct 24, 2024
Maintainer

I found a problem!

Your pom.xml file contains extra space prefix:

➜ cat pom.xml | grep 9.4.56.v20240826
        <jetty.version> 9.4.56.v20240826</jetty.version>

That's why the version comparison is not working correctly.
We fixed this problem in #7747
Trivy from main branch works correctly:

➜ ./trivy -q fs ./pom.xml

pom.xml (pom)

Total: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

┌──────────────────────────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
│           Library            │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │                           Title                           │
├──────────────────────────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤
│ org.eclipse.jetty:jetty-http │ CVE-2024-6763 │ LOW      │ fixed  │ 9.4.56.v20240826  │ 12.0.12       │ org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of │
│                              │               │          │        │                   │               │ invalid authority                                         │
│                              │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-6763                 │
└──────────────────────────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘

Answer selected by DmitriyLewen

sbernard31 Oct 24, 2024
Author

Thx a lot @DmitriyLewen 🙏 !

DmitriyLewen · 2024-10-24T06:55:33Z

DmitriyLewen
Oct 24, 2024
Maintainer

Duplicate of #7658

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trivy detect false positive vunerabilities about jetty ? #7767

{{title}}

Replies: 2 comments 6 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

Trivy detect false positive vunerabilities about jetty ? #7767

sbernard31 Oct 18, 2024

IDs

Description

Reproduction Steps

Target

Scanner

Target OS

Debug Output

Version

Checklist

Replies: 2 comments · 6 replies

DmitriyLewen Oct 22, 2024 Maintainer

DmitriyLewen Oct 23, 2024 Maintainer

sbernard31 Oct 23, 2024 Author

DmitriyLewen Oct 24, 2024 Maintainer

DmitriyLewen Oct 24, 2024 Maintainer

sbernard31 Oct 24, 2024 Author

DmitriyLewen Oct 24, 2024 Maintainer

sbernard31
Oct 18, 2024

Replies: 2 comments 6 replies

DmitriyLewen
Oct 22, 2024
Maintainer

DmitriyLewen Oct 23, 2024
Maintainer

sbernard31 Oct 23, 2024
Author

DmitriyLewen Oct 24, 2024
Maintainer

DmitriyLewen Oct 24, 2024
Maintainer

sbernard31 Oct 24, 2024
Author

DmitriyLewen
Oct 24, 2024
Maintainer