[10 Jan 2025 20:51:01,0873] PIPELINE-SCAN INFO: Pipeline Scan Tool Version 24.12.1-0. [10 Jan 2025 20:51:01,0891] PIPELINE-SCAN INFO: Loading policy file Alfresco_Default.json [10 Jan 2025 20:51:01,0893] PIPELINE-SCAN INFO: Successfully retrieved the policy [10 Jan 2025 20:51:01,0893] PIPELINE-SCAN INFO: Policy name: Alfresco Default [10 Jan 2025 20:51:01,0893] PIPELINE-SCAN INFO: CWE filter: [10 Jan 2025 20:51:01,0893] PIPELINE-SCAN INFO: Severity filter: 3, 4, 5, [10 Jan 2025 20:51:01,0894] PIPELINE-SCAN INFO: Beginning scanning of 'packaging/war/target/alfresco.war'. [10 Jan 2025 20:51:01,0897] PIPELINE-SCAN INFO: Sending 137047196 bytes to the server for analysis. [10 Jan 2025 20:51:45,0164] PIPELINE-SCAN INFO: Upload complete. [10 Jan 2025 20:51:45,0164] PIPELINE-SCAN INFO: Scan ID: 36f0f0a9-c5be-4875-a65f-9c0461dc0f49 [10 Jan 2025 20:51:45,0431] PIPELINE-SCAN INFO: Analysis Started. =========================== Found 2 Scannable modules. =========================== alfresco.war JS files within alfresco.war ==================== Scanning 2 modules. ==================== alfresco.war JS files within alfresco.war [10 Jan 2025 20:54:11,0306] PIPELINE-SCAN INFO: Analysis Complete. [10 Jan 2025 20:54:11,0307] PIPELINE-SCAN INFO: Analysis Results: Received 11268 bytes in 189413ms. [10 Jan 2025 20:54:11,0311] PIPELINE-SCAN INFO: Writing Raw JSON Results to file '/home/runner/work/alfresco-community-repo/alfresco-community-repo/results.json'. [10 Jan 2025 20:54:11,0313] PIPELINE-SCAN INFO: Applying custom severity 4 to cwe 80 [10 Jan 2025 20:54:11,0315] PIPELINE-SCAN INFO: Writing Filtered JSON Results to file '/home/runner/work/alfresco-community-repo/alfresco-community-repo/filtered_results.json'. Scan Summary: PIPELINE_SCAN_VERSION: 24.12.1-0 DEV-STAGE: DEVELOPMENT PROJECT-NAME: alfresco-community-repo SCAN_ID: 36f0f0a9-c5be-4875-a65f-9c0461dc0f49 SCAN_STATUS: SUCCESS SCAN_MESSAGE: Scan successful. Results size: 10760 bytes ==================== Analysis Successful. ==================== ========================== Found 2 Scannable modules. ========================== alfresco.war JS files within alfresco.war =================== Analyzed 2 modules. =================== alfresco.war JS files within alfresco.war ================== Analyzed 5 issues. ================== -------------------------------- Found 1 issues of High severity. -------------------------------- CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): org/springframework/security/spring-security-webauthn.js:199 Details: <span>This call to href() contains a cross-site scripting (XSS) flaw. The application populates the HTTP response with untrusted input, allowing an attacker to embed malicious content, such as Javascript code, which will be executed in the context of the victim's browser. XSS vulnerabilities are commonly exploited to steal or manipulate cookies, modify presentation of content, and compromise confidential information, with new attack vectors being discovered on a regular basis. </span> <span>Use contextual escaping on all untrusted data before using it to construct any portion of an HTTP response. The escaping method should be chosen based on the specific use case of the untrusted data, otherwise it may not protect fully against the attack. For example, if the data is being written to the body of an HTML page, use HTML entity escaping; if the data is being written to an attribute, use attribute escaping; etc. Both the OWASP Java Encoder library and the Microsoft AntiXSS library provide contextual escaping methods. For more details on contextual escaping, see https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md. In addition, as a best practice, always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible.</span> <span>References: <a href="https://cwe.mitre.org/data/definitions/79.html">CWE</a> <a href="https://owasp.org/www-community/attacks/xss/">OWA

Your workflow is using a version of actions/cache that is scheduled for deprecation, actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a. Please update your workflow to use either v3 or v4 of actions/cache to avoid interruptions. Learn more: https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

Your workflow is using a version of actions/cache that is scheduled for deprecation, actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a. Please update your workflow to use either v3 or v4 of actions/cache to avoid interruptions. Learn more: https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down

Your workflow is using a version of actions/cache that is scheduled for deprecation, actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a. Please update your workflow to use either v3 or v4 of actions/cache to avoid interruptions. Learn more: https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down

Your workflow is using a version of actions/cache that is scheduled for deprecation, actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a. Please update your workflow to use either v3 or v4 of actions/cache to avoid interruptions. Learn more: https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down

Your workflow is using a version of actions/cache that is scheduled for deprecation, actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a. Please update your workflow to use either v3 or v4 of actions/cache to avoid interruptions. Learn more: https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down

Your workflow is using a version of actions/cache that is scheduled for deprecation, actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a. Please update your workflow to use either v3 or v4 of actions/cache to avoid interruptions. Learn more: https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down

Your workflow is using a version of actions/cache that is scheduled for deprecation, actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a. Please update your workflow to use either v3 or v4 of actions/cache to avoid interruptions. Learn more: https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down

Your workflow is using a version of actions/cache that is scheduled for deprecation, actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a. Please update your workflow to use either v3 or v4 of actions/cache to avoid interruptions. Learn more: https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down

Your workflow is using a version of actions/cache that is scheduled for deprecation, actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a. Please update your workflow to use either v3 or v4 of actions/cache to avoid interruptions. Learn more: https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down

Your workflow is using a version of actions/cache that is scheduled for deprecation, actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a. Please update your workflow to use either v3 or v4 of actions/cache to avoid interruptions. Learn more: https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636