[PDI-20086] Fix file locking errors on windows.

hitachivantarasonarqube[bot] commented 3 weeks ago

Quality Gate passed

Issues
0 New issues
1 Fixed issue
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

buildguy commented 3 weeks ago

[![🚨 Frogbot scanned this pull request and found the below:](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/vulnerabilitiesBannerPR.png)](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)

📦 Vulnerable Dependencies

✍️ Summary

| SEVERITY | CONTEXTUAL ANALYSIS | DIRECT DEPENDENCIES | IMPACTED DEPENDENCY | FIXED VERSIONS | CVES | | :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | | ![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/applicableMediumSeverity.png)
Medium | Undetermined | commons-httpclient:commons-httpclient:3.0.1 | commons-httpclient:commons-httpclient 3.0.1 | [4.0] | CVE-2012-5783 |

🔬 Research Details

Description: Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

[🐸 JFrog Frogbot](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)

buildguy commented 3 weeks ago

:x: Build failed in 55m 49s

Build command:

mvn clean verify -B -e -Daudit -Djs.no.sandbox -pl extensions

:ok_hand: All tests passed!

Tests run: 1576, Failures: 0, Skipped: 5 Test Results

:information_source: This is an automatic message

pentaho / pentaho-platform