Versions Compared

Old Version 18

changes.mady.by.user Pamela Dragosh

Saved on

compared with

New Version 19

changes.mady.by.user Pamela Dragosh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
# Clone oparent somewhere local
> git clone https://github.com/onap/oparent.git 

# 1st - your project should be inheriting from this oparent java dependency
> cd <my-repo>
> vi pom.xml

# ensure pom.xml is pointing to 3.1.0-SNAPSHOT or later

# 2nd - go into your project's source directory you wish to reformat
> cd <my-repo-to-reformat>

# 3rd - type in the following and make sure you set the path to where you have oparent cloned and its
              onap-java-formatter.xml file

> mvn formatter:format spotless:apply process-sources -Dproject.parent.basedir=<oparent-clone-location>

# formatter will re-format your source files

# check that the source compiles
> mvn clean install

# the source changes can now be uploaded via git review process

CVE Profile Now Available -  

This profile can be used offline to check a repository for CVE issues in the codebase. Useful for contributors to check a new dependency without waiting for code to be merged and a CLM report job to be run.

NOTE: Downloading the CVE database can take awhile and require some bandwidth.

Code Block
#
# Be sure your project is inheriting from oparent java dependency
#
> mvn verify -P cve

# should start seeing the following output:
[INFO] Processing Complete for NVD CVE - 2019  (50630 ms)
[INFO] Download Started for NVD CVE - Modified
[INFO] Download Complete for NVD CVE - Modified  (594 ms)
[INFO] Processing Started for NVD CVE - Modified
[INFO] Processing Complete for NVD CVE - Modified  (592 ms)
[INFO] Begin database maintenance
[INFO] Updated the CPE ecosystem on 661 NVD records

...

#
# Look for these types of messages
#
apache-log4j-extras-1.2.17.jar (pkg:maven/log4j/apache-log4j-extras@1.2.17, cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*) : CVE-2019-17571, CVE-2020-9488
dme2-3.1.200-oss.jar/META-INF/maven/com.google.guava/guava/pom.xml (pkg:maven/com.google.guava/guava@19.0, cpe:2.3:a:google:guava:19.0:*:*:*:*:*:*:*) : CVE-2018-10237
dme2-3.1.200-oss.jar/META-INF/maven/com.hazelcast/hazelcast-client-protocol/pom.xml (pkg:maven/com.hazelcast/hazelcast-client-protocol@1.2.0, cpe:2.3:a:hazelcast:hazelcast:1.2.0:*:*:*:*:*:*:*) : CVE-2016-10750
dme2-3.1.200-oss.jar/META-INF/maven/com.hazelcast/hazelcast/pom.xml (pkg:maven/com.hazelcast/hazelcast@3.7.2, cpe:2.3:a:hazelcast:hazelcast:3.7.2:*:*:*:*:*:*:*) : CVE-2016-10750
dme2-3.1.200-oss.jar/META-INF/maven/commons-beanutils/commons-beanutils/pom.xml (pkg:maven/commons-beanutils/commons-beanutils@1.9.2, cpe:2.3:a:apache:commons_beanutils:1.9.2:*:*:*:*:*:*:*) : CVE-2019-10086
dme2-3.1.200-oss.jar/META-INF/maven/commons-collections/commons-collections/pom.xml (pkg:maven/commons-collections/commons-collections@3.2.1, cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*) : CVE-2015-6420, CVE-2017-15708, Remote code execution
dme2-3.1.200-oss.jar/META-INF/maven/org.eclipse.jetty.websocket/websocket-core/pom.xml (pkg:maven/org.eclipse.jetty.websocket/websocket-core@9.0.0.M2, cpe:2.3:a:eclipse:jetty:9.0.0:m2:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.0.0:m2:*:*:*:*:*:*) : CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536
dme2-3.1.200-oss.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml (pkg:maven/org.eclipse.jetty/jetty-server@9.3.12.v20160915, cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.3.12:20160915:*:*:*:*:*:*) : CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2017-9735, CVE-2018-12536, CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
dme2-3.1.200-oss.jar/META-INF/maven/org.eclipse.jetty/jetty-xml/pom.xml (pkg:maven/org.eclipse.jetty/jetty-xml@9.3.12.v20160915, cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.3.12:20160915:*:*:*:*:*:*) : CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536, CVE-2018-12545, CVE-2019-10241, CVE-2019-10247
kotlin-stdlib-1.3.20.jar (pkg:maven/org.jetbrains.kotlin/kotlin-stdlib@1.3.20, cpe:2.3:a:jetbrains:kotlin:1.3.20:*:*:*:*:*:*:*) : CVE-2019-10101, CVE-2019-10102, CVE-2019-10103


Previous Versions of Oparent

Code Block
titleoparent Frankfurt Branch - JDK 11 (Please migrate to 3.1.0-SNAPSHOT)
    <!-- LATEST RELEASE -->
    <parent>
        <groupId>org.onap.oparent</groupId>
        <artifactId>oparent</artifactId>
        <version>3.0.2</version>
        <relativePath/>
    </parent>

    <!-- Current SNAPSHOT -->
    <parent>
        <groupId>org.onap.oparent</groupId>
        <artifactId>oparent</artifactId>
        <version>3.0.3-SNAPSHOT</version>
        <relativePath/>
    </parent>

...