You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tinkerpop.apache.org by "stephen mallette (JIRA)" <ji...@apache.org> on 2019/02/15 11:28:00 UTC

[jira] [Closed] (TINKERPOP-2160) Your project tinkerpop/blueprints is using buggy third-party libraries [WARNING]

     [ https://issues.apache.org/jira/browse/TINKERPOP-2160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

stephen mallette closed TINKERPOP-2160.
---------------------------------------
    Resolution: Invalid

those projects are no longer supported as they are part of TinkerPop 2.x - only 3.x under Apache is currently maintained and developed.

>  Your project tinkerpop/blueprints is using buggy third-party libraries [WARNING]
> ---------------------------------------------------------------------------------
>
>                 Key: TINKERPOP-2160
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2160
>             Project: TinkerPop
>          Issue Type: Bug
>            Reporter: Kaifeng Huang
>            Priority: Major
>
> Hi, there!
>     We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
>     We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information.
> 	1. commons-logging commons-logging(blueprints-core/pom.xml)
> 	version: 1.1.1
> 	Jira issues:
> 	Unit tests fail on linux with java16
> 	affectsVersions:1.1.1
> 	https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-117?filter=allopenissues
> 	deadlock on re-registration of logger
> 	affectsVersions:1.1.1
> 	https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-119?filter=allopenissues
> 	Potential missing privileged block for class loader
> 	affectsVersions:1.1.1
> 	https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-130?filter=allopenissues
> 	Log4JLogger uses deprecated static members of Priority such as INFO
> 	affectsVersions:1.1.1
> 	https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-142?filter=allopenissues
> 	LogFactory/LogFactoryImpl ingore Throwable
> 	affectsVersions:1.1.1
> 	https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-144?filter=allopenissues
> 	LogFactory.nullClassLoaderFactory is not properly synchronized
> 	affectsVersions:1.1.1
> 	https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-146?filter=allopenissues
> 	SimpleLog.log - unsafe update of shortLogName
> 	affectsVersions:1.1.1
> 	https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-147?filter=allopenissues
> 	BufferedReader is not closed properly
> 	affectsVersions:1.1.1;1.2
> 	https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-163?filter=allopenissues
> 	2. commons-codec commons-codec(blueprints-rexster-graph/pom.xml)
> 	version: 1.4
> 	Jira issues:
> 	Base64InputStream#read(byte[]) incorrectly returns 0 at end of any stream which is multiple of 3 bytes long
> 	affectsVersions:1.4
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-101?filter=allopenissues
> 	ArrayIndexOutOfBoundsException when doing multiple reads() on encoding Base64InputStream
> 	affectsVersions:1.4
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-105?filter=allopenissues
> 	org.apache.commons.codec.net.URLCodec.ESCAPE_CHAR isn't final but should be
> 	affectsVersions:1.2;1.3;1.4
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-111?filter=allopenissues
> 	org.apache.commons.codec.language.RefinedSoundex.US_ENGLISH_MAPPING should be package protected MALICIOUS_CODE
> 	affectsVersions:1.4
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-113?filter=allopenissues
> 	org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING should be package protected MALICIOUS_CODE
> 	affectsVersions:1.4
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-114?filter=allopenissues
> 	Caverphone encodes names starting and ending with "mb" incorrectly.
> 	affectsVersions:1.4
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-117?filter=allopenissues
> 	All links to fixed bugs in the "Changes Report" http://commons.apache.org/codec/changes-report.html point nowhere; e.g. http://issues.apache.org/jira/browse/34157. Looks as if all JIRA tickets were renumbered.
> 	affectsVersions:1.1;1.2;1.3;1.4
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-76?filter=allopenissues
> 	Regression:  Base64.encode(chunk=true) has bug when input length is multiple of 76
> 	affectsVersions:1.4
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-80?filter=allopenissues
> 	new Base64().encode() appends a CRLF; and chunks results into 76 character lines
> 	affectsVersions:1.4
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-89?filter=allopenissues
> 	Base64 encode() method is no longer thread-safe; breaking clients using it as a shared BinaryEncoder
> 	affectsVersions:1.4
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-96?filter=allopenissues
> 	Base64 default constructor behaviour changed to enable chunking in 1.4
> 	affectsVersions:1.4
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-97?filter=allopenissues
> 	Base64InputStream causes NullPointerException on some input
> 	affectsVersions:1.4
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-98?filter=allopenissues
> 	Base64.encodeBase64String() shouldn't chunk
> 	affectsVersions:1.4
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-99?filter=allopenissues
> 	
> Sincerely~
> FDU Software Engineering Lab
> Feb 15th,2019



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)