You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@calcite.apache.org by "Kaifeng Huang (JIRA)" <ji...@apache.org> on 2019/02/15 09:50:00 UTC

[jira] [Created] (CALCITE-2849) Your project apache/calcite is using buggy third-party libraries [WARNING]

Kaifeng Huang created CALCITE-2849:
--------------------------------------

             Summary: Your project apache/calcite is using buggy third-party libraries [WARNING]
                 Key: CALCITE-2849
                 URL: https://issues.apache.org/jira/browse/CALCITE-2849
             Project: Calcite
          Issue Type: Bug
            Reporter: Kaifeng Huang
            Assignee: Julian Hyde



Hi, there!

    We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.

    We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information.

	1. org.apache.httpcomponents httpclient
	version: 4.5.6

	Jira issues:
	Support relatively new HTTP 308 redirect - RFC7538
	affectsVersions:3.1 (end of life),4.5.6
	https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1946?filter=allopenissues


	2. org.apache.commons commons-lang3
	version: 3.8

	Jira issues:
	Restore BundleSymbolicName / regression in version 3.8.0
	affectsVersions:3.8
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1419?filter=allopenissues


	3. commons-io commons-io
	version: 2.4

	Jira issues:
	IOUtils copyLarge() and skip() methods are performance hogs
	affectsVersions:2.3;2.4
	https://issues.apache.org/jira/projects/IO/issues/IO-355?filter=allopenissues
	CharSequenceInputStream#reset() behaves incorrectly in case when buffer size is not dividable by data size
	affectsVersions:2.4
	https://issues.apache.org/jira/projects/IO/issues/IO-356?filter=allopenissues
	[Tailer] InterruptedException while the thead is sleeping is silently ignored
	affectsVersions:2.4
	https://issues.apache.org/jira/projects/IO/issues/IO-357?filter=allopenissues
	IOUtils.contentEquals* methods returns false if input1 == input2; should return true
	affectsVersions:2.4
	https://issues.apache.org/jira/projects/IO/issues/IO-362?filter=allopenissues
	Apache Commons - standard links for documents are failing
	affectsVersions:2.4
	https://issues.apache.org/jira/projects/IO/issues/IO-369?filter=allopenissues
	FileUtils.sizeOfDirectoryAsBigInteger can overflow
	affectsVersions:2.4
	https://issues.apache.org/jira/projects/IO/issues/IO-390?filter=allopenissues
	Regression in FileUtils.readFileToString from 2.0.1
	affectsVersions:2.1;2.2;2.3;2.4
	https://issues.apache.org/jira/projects/IO/issues/IO-453?filter=allopenissues
	Correct exception message in FileUtils.getFile(File; String...)
	affectsVersions:2.4
	https://issues.apache.org/jira/projects/IO/issues/IO-479?filter=allopenissues
	org.apache.commons.io.FileUtils#waitFor waits too long
	affectsVersions:2.4
	https://issues.apache.org/jira/projects/IO/issues/IO-481?filter=allopenissues
	FilenameUtils should handle embedded null bytes
	affectsVersions:2.4
	https://issues.apache.org/jira/projects/IO/issues/IO-484?filter=allopenissues
	Exceptions are suppressed incorrectly when copying files.
	affectsVersions:2.4;2.5
	https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues


	4. org.apache.logging.log4j log4j-core
	version: 2.11.0

	Jira issues:
	Log4j2 throws NoClassDefFoundError in Java 9
	affectsVersions:2.10.0;2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2129?filter=allopenissues
	Empty Automatic-Module-Name Header
	affectsVersions:2.10.0;2.11.0;3.0.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2254?filter=allopenissues
	gc-free mixed async loging loses parameter values after the first appender
	affectsVersions:2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2301?filter=allopenissues
	Log4j 2.10+not working with SLF4J 1.8 in OSGI environment
	affectsVersions:2.10.0;2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2305?filter=allopenissues
	AsyncQueueFullMessageUtil causes unparsable message output
	affectsVersions:2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2318?filter=allopenissues
	AbstractLogger NPE hides actual cause when getFormat returns null
	affectsVersions:2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2320?filter=allopenissues
	AsyncLogger without specifying a level always uses ERROR
	affectsVersions:2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2321?filter=allopenissues
	Errors thrown in formatting may stop background threads
	affectsVersions:2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2333?filter=allopenissues
	JsonLayout not working with AsyncLoggerContextSelector in 2.11.0
	affectsVersions:2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2341?filter=allopenissues
	Typo in log4j-api Activator
	affectsVersions:2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2343?filter=allopenissues
	PropertiesUtil.reload() might throw NullPointerException
	affectsVersions:2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2355?filter=allopenissues
	NameAbbreviator skips first fragments
	affectsVersions:2.11.0;2.11.1
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2365?filter=allopenissues
	Outputs wrong message when used within overridden Throwable method
	affectsVersions:2.8.1;2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2368?filter=allopenissues
	StringBuilder escapeJson performs unnecessary Memory Allocations
	affectsVersions:2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2373?filter=allopenissues
	fix the CacheEntry map in ThrowableProxy#toExtendedStackTrace to be put and gotten with same key
	affectsVersions:2.6.2;2.7;2.8;2.8.1;2.8.2;2.9.0;2.9.1;2.10.0;2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2389?filter=allopenissues
	Fix incorrect links in Log4j web documentation.
	affectsVersions:2.11.0
	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2390?filter=allopenissues


	5. org.apache.commons commons-lang3
	version: 3.2

	Jira issues:
	SerializationUtils.ClassLoaderAwareObjectInputStream should use static initializer to initialize primitiveTypes map.
	affectsVersions:3.2;3.3;3.4
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1251?filter=allopenissues
	Build fails with test failures when building with JDK 8
	affectsVersions:3.2
	https://issues.apache.org/jira/projects/LANG/issues/LANG-938?filter=allopenissues
	Test DurationFormatUtilsTest.testEdgeDuration fails in JDK 1.6; 1.7 and 1.8; BRST time zone
	affectsVersions:3.1;3.2;3.2.1
	https://issues.apache.org/jira/projects/LANG/issues/LANG-943?filter=allopenissues
	Exception while using ExtendedMessageFormat and escaping braces
	affectsVersions:3.2;3.2.1
	https://issues.apache.org/jira/projects/LANG/issues/LANG-948?filter=allopenissues
	org.apache.commons.lang3.reflect.FieldUtils.removeFinalModifier(Field) does not clean up after itself
	affectsVersions:3.2;3.2.1
	https://issues.apache.org/jira/projects/LANG/issues/LANG-961?filter=allopenissues
	NumberUtils#createNumber() returns positive BigDecimal when negative Float is expected
	affectsVersions:3.x
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1087?filter=allopenissues




Sincerely~
FDU Software Engineering Lab
Feb 15th,2019




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)