You are viewing a plain text version of this content. The canonical link for it is here.
Posted to distributedlog-issues@bookkeeper.apache.org by "Kaifeng Huang (JIRA)" <ji...@apache.org> on 2019/02/15 08:20:00 UTC

[jira] [Created] (DL-213) Your project twitter/distributedlog is using buggy third-party libraries [WARNING]

Kaifeng Huang created DL-213:
--------------------------------

             Summary: Your project twitter/distributedlog is using buggy third-party libraries [WARNING]
                 Key: DL-213
                 URL: https://issues.apache.org/jira/browse/DL-213
             Project: DistributedLog
          Issue Type: Bug
            Reporter: Kaifeng Huang



Hi, there!

    We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.

    We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information.

	1. commons-cli commons-cli
	version: 1.1

	Jira issues:
	CLI_1_BRANCH build.xml doesn't work
	affectsVersions:1.1
	https://issues.apache.org/jira/projects/CLI/issues/CLI-129?filter=allopenissues
	MissingOptionException.getMessage() changed from CLI 1.0 > 1.1
	affectsVersions:1.1
	https://issues.apache.org/jira/projects/CLI/issues/CLI-149?filter=allopenissues
	Incomplete usage documentation about Java property option
	affectsVersions:1.0;1.1
	https://issues.apache.org/jira/projects/CLI/issues/CLI-154?filter=allopenissues
	infinite loop in the wrapping code of HelpFormatter
	affectsVersions:1.1
	https://issues.apache.org/jira/projects/CLI/issues/CLI-162?filter=allopenissues
	PosixParser keeps bursting tokens even if a non option character is found
	affectsVersions:1.1
	https://issues.apache.org/jira/projects/CLI/issues/CLI-163?filter=allopenissues
	PosixParser ignores unrecognized tokens starting with '-'
	affectsVersions:1.1
	https://issues.apache.org/jira/projects/CLI/issues/CLI-164?filter=allopenissues
	PosixParser keeps processing tokens after a non unrecognized long option
	affectsVersions:1.1
	https://issues.apache.org/jira/projects/CLI/issues/CLI-165?filter=allopenissues
	Unable to select a pure long option in a group
	affectsVersions:1.0;1.1;1.2
	https://issues.apache.org/jira/projects/CLI/issues/CLI-182?filter=allopenissues
	Clear the selection from the groups before parsing
	affectsVersions:1.0;1.1;1.2
	https://issues.apache.org/jira/projects/CLI/issues/CLI-183?filter=allopenissues
	Negative arguments should take the priority over numerical options
	affectsVersions:1.1
	https://issues.apache.org/jira/projects/CLI/issues/CLI-184?filter=allopenissues
	Commons CLI incorrectly stripping leading and trailing quotes
	affectsVersions:1.1;1.2
	https://issues.apache.org/jira/projects/CLI/issues/CLI-185?filter=allopenissues
	Standard help text will not show mandatory arguments for first option
	affectsVersions:1.1
	https://issues.apache.org/jira/projects/CLI/issues/CLI-186?filter=allopenissues


	2. commons-codec commons-codec
	version: 1.6

	Jira issues:
	QuotedPrintableCodec does not support soft line break per the 'quoted-printable' example on Wikipedia
	affectsVersions:1.5;1.6
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-121?filter=allopenissues
	BeiderMorseEncoder OOM issues
	affectsVersions:1.6
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-132?filter=allopenissues
	BeiderMorse phonetic filter give uncertain results 
	affectsVersions:1.6
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-147?filter=allopenissues
	DigestUtils.getDigest(String) looses the orginal exception
	affectsVersions:1.6
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-152?filter=allopenissues
	DigestUtils.getDigest(String) should throw IllegalArgumentException instead of RuntimeException
	affectsVersions:1.6
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-155?filter=allopenissues
	DigestUtils: add APIs named after standard alg name SHA-1
	affectsVersions:1.6
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-156?filter=allopenissues
	BaseNCodecOutputStream only supports writing EOF on close()
	affectsVersions:1.6
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-183?filter=allopenissues


	3. org.apache.commons commons-lang3
	version: 3.3.2

	Jira issues:
	ISO 8601 misspelled throughout the Javadocs
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1001?filter=allopenissues
	Several predefined ISO FastDateFormats in DateFormatUtils are incorrect
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1002?filter=allopenissues
	DurationFormatUtils are not able to handle negative durations/periods
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1003?filter=allopenissues
	DurationFormatUtils#formatDurationHMS implementation does not correspond to Javadoc and vice versa
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1004?filter=allopenissues
	NumberUtils.createNumber(final String str)  Precision will be lost
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1018?filter=allopenissues
	Javadoc for EqualsBuilder.reflectionEquals() is unclear
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1035?filter=allopenissues
	NumberUtils#isNumber() returns false for "+2" and true for "-2"
	affectsVersions:3.1;3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1038?filter=allopenissues
	Javadoc for NumberUtils.isNumber() are not clear enough
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1040?filter=allopenissues
	Fix MethodUtilsTest so it does not depend on JDK method ordering
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1041?filter=allopenissues
	StrSubstitutor.replaceSystemProperties does not work consistently
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1055?filter=allopenissues
	NumberUtils.isNumber assumes number starting with Zero is octal
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1060?filter=allopenissues
	FastDateParser error - timezones not handled correctly
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1061?filter=allopenissues
	Wrong formating of time zones with daylight saving time in FastDatePrinter
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1092?filter=allopenissues
	TypeUtils.ParameterizedType#equals doesn't work with wildcard types
	affectsVersions:3.3.2;3.4
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1114?filter=allopenissues
	Fix bug with stripping spaces on last line in WordUtils.wrap() 
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-995?filter=allopenissues
	FastDateFormat is case sensitive
	affectsVersions:3.3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-996?filter=allopenissues
	NumberUtils#createNumber() returns positive BigDecimal when negative Float is expected
	affectsVersions:3.x
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1087?filter=allopenissues


	4. commons-lang commons-lang
	version: 2.6

	Jira issues:
	Remove unnecessary synchronization from registry lookup in EqualsBuilder and HashCodeBuilder
	affectsVersions:2.6
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1230?filter=allopenissues
	LocaleUtils - DCL idiom is not thread-safe
	affectsVersions:2.6
	https://issues.apache.org/jira/projects/LANG/issues/LANG-803?filter=allopenissues
	Exception when combining custom and choice format in ExtendedMessageFormat
	affectsVersions:2.5;2.6
	https://issues.apache.org/jira/projects/LANG/issues/LANG-917?filter=allopenissues




Sincerely~
FDU Software Engineering Lab
Feb 15th, 2019




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)