You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tinkerpop.apache.org by "stephen mallette (JIRA)" <ji...@apache.org> on 2019/02/15 11:28:00 UTC
[jira] [Closed] (TINKERPOP-2160) Your project tinkerpop/blueprints
is using buggy third-party libraries [WARNING]
[ https://issues.apache.org/jira/browse/TINKERPOP-2160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
stephen mallette closed TINKERPOP-2160.
---------------------------------------
Resolution: Invalid
those projects are no longer supported as they are part of TinkerPop 2.x - only 3.x under Apache is currently maintained and developed.
> Your project tinkerpop/blueprints is using buggy third-party libraries [WARNING]
> ---------------------------------------------------------------------------------
>
> Key: TINKERPOP-2160
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2160
> Project: TinkerPop
> Issue Type: Bug
> Reporter: Kaifeng Huang
> Priority: Major
>
> Hi, there!
> We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
> We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information.
> 1. commons-logging commons-logging(blueprints-core/pom.xml)
> version: 1.1.1
> Jira issues:
> Unit tests fail on linux with java16
> affectsVersions:1.1.1
> https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-117?filter=allopenissues
> deadlock on re-registration of logger
> affectsVersions:1.1.1
> https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-119?filter=allopenissues
> Potential missing privileged block for class loader
> affectsVersions:1.1.1
> https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-130?filter=allopenissues
> Log4JLogger uses deprecated static members of Priority such as INFO
> affectsVersions:1.1.1
> https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-142?filter=allopenissues
> LogFactory/LogFactoryImpl ingore Throwable
> affectsVersions:1.1.1
> https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-144?filter=allopenissues
> LogFactory.nullClassLoaderFactory is not properly synchronized
> affectsVersions:1.1.1
> https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-146?filter=allopenissues
> SimpleLog.log - unsafe update of shortLogName
> affectsVersions:1.1.1
> https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-147?filter=allopenissues
> BufferedReader is not closed properly
> affectsVersions:1.1.1;1.2
> https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-163?filter=allopenissues
> 2. commons-codec commons-codec(blueprints-rexster-graph/pom.xml)
> version: 1.4
> Jira issues:
> Base64InputStream#read(byte[]) incorrectly returns 0 at end of any stream which is multiple of 3 bytes long
> affectsVersions:1.4
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-101?filter=allopenissues
> ArrayIndexOutOfBoundsException when doing multiple reads() on encoding Base64InputStream
> affectsVersions:1.4
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-105?filter=allopenissues
> org.apache.commons.codec.net.URLCodec.ESCAPE_CHAR isn't final but should be
> affectsVersions:1.2;1.3;1.4
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-111?filter=allopenissues
> org.apache.commons.codec.language.RefinedSoundex.US_ENGLISH_MAPPING should be package protected MALICIOUS_CODE
> affectsVersions:1.4
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-113?filter=allopenissues
> org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING should be package protected MALICIOUS_CODE
> affectsVersions:1.4
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-114?filter=allopenissues
> Caverphone encodes names starting and ending with "mb" incorrectly.
> affectsVersions:1.4
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-117?filter=allopenissues
> All links to fixed bugs in the "Changes Report" http://commons.apache.org/codec/changes-report.html point nowhere; e.g. http://issues.apache.org/jira/browse/34157. Looks as if all JIRA tickets were renumbered.
> affectsVersions:1.1;1.2;1.3;1.4
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-76?filter=allopenissues
> Regression: Base64.encode(chunk=true) has bug when input length is multiple of 76
> affectsVersions:1.4
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-80?filter=allopenissues
> new Base64().encode() appends a CRLF; and chunks results into 76 character lines
> affectsVersions:1.4
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-89?filter=allopenissues
> Base64 encode() method is no longer thread-safe; breaking clients using it as a shared BinaryEncoder
> affectsVersions:1.4
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-96?filter=allopenissues
> Base64 default constructor behaviour changed to enable chunking in 1.4
> affectsVersions:1.4
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-97?filter=allopenissues
> Base64InputStream causes NullPointerException on some input
> affectsVersions:1.4
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-98?filter=allopenissues
> Base64.encodeBase64String() shouldn't chunk
> affectsVersions:1.4
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-99?filter=allopenissues
>
> Sincerely~
> FDU Software Engineering Lab
> Feb 15th,2019
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)