You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@bookkeeper.apache.org by Venkateswara Rao Jujjuri <ju...@gmail.com> on 2019/01/07 04:39:41 UTC
Fwd: [apache/bookkeeper] Your project apache/bookkeeper is using
buggy third-party libraries [WARNING] (#1896)
---------- Forwarded message ---------
From: FDU-SE-LAB <no...@github.com>
Date: Sun, Jan 6, 2019 at 8:33 PM
Subject: [apache/bookkeeper] Your project apache/bookkeeper is using buggy
third-party libraries [WARNING] (#1896)
To: apache/bookkeeper <bo...@noreply.github.com>
Cc: Subscribed <su...@noreply.github.com>
Hi, there!
We are a research team working on third-party library analysis. We have
found that some widely-used third-party libraries in your project have
major/critical bugs, which will degrade the quality of your project. We
highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira
issue links below for you to have more detailed information.
1 commons-cli commons-cli (pom.xml)
version: 1.2
Jira issues:
Unable to select a pure long option in a group
affectsVersions:1.0;1.1;1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-182?filter=allopenissues
Clear the selection from the groups before parsing
affectsVersions:1.0;1.1;1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-183?filter=allopenissues
Commons CLI incorrectly stripping leading and trailing quotes
affectsVersions:1.1;1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-185?filter=allopenissues
Coding error: OptionGroup.setSelected causes java.lang.NullPointerException
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-191?filter=allopenissues
StringIndexOutOfBoundsException in HelpFormatter.findWrapPos
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-193?filter=allopenissues
HelpFormatter strips leading whitespaces in the footer
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-207?filter=allopenissues
OptionBuilder only has static methods; yet many return an OptionBuilder
instance
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-224?filter=allopenissues
Unable to properly require options
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-230?filter=allopenissues
OptionValidator Implementation Does Not Agree With JavaDoc
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-241?filter=allopenissues
2 commons-io commons-io (pom.xml)
version: 2.4
Jira issues:
IOUtils copyLarge() and skip() methods are performance hogs
affectsVersions:2.3;2.4
https://issues.apache.org/jira/projects/IO/issues/IO-355?filter=allopenissues
CharSequenceInputStream#reset() behaves incorrectly in case when buffer
size is not dividable by data size
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-356?filter=allopenissues
[Tailer] InterruptedException while the thead is sleeping is silently
ignored
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-357?filter=allopenissues
IOUtils.contentEquals* methods returns false if input1 == input2; should
return true
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-362?filter=allopenissues
Apache Commons - standard links for documents are failing
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-369?filter=allopenissues
FileUtils.sizeOfDirectoryAsBigInteger can overflow
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-390?filter=allopenissues
Regression in FileUtils.readFileToString from 2.0.1
affectsVersions:2.1;2.2;2.3;2.4
https://issues.apache.org/jira/projects/IO/issues/IO-453?filter=allopenissues
Correct exception message in FileUtils.getFile(File; String...)
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-479?filter=allopenissues
org.apache.commons.io.FileUtils#waitFor waits too long
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-481?filter=allopenissues
FilenameUtils should handle embedded null bytes
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-484?filter=allopenissues
Exceptions are suppressed incorrectly when copying files.
affectsVersions:2.4;2.5
https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues
3 commons-codec commons-codec (pom.xml)
version: 1.6
Jira issues:
QuotedPrintableCodec does not support soft line break per the
'quoted-printable' example on Wikipedia
affectsVersions:1.5;1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-121?filter=allopenissues
BeiderMorseEncoder OOM issues
affectsVersions:1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-132?filter=allopenissues
BeiderMorse phonetic filter give uncertain results
affectsVersions:1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-147?filter=allopenissues
DigestUtils.getDigest(String) looses the orginal exception
affectsVersions:1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-152?filter=allopenissues
DigestUtils.getDigest(String) should throw IllegalArgumentException instead
of RuntimeException
affectsVersions:1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-155?filter=allopenissues
DigestUtils: add APIs named after standard alg name SHA-1
affectsVersions:1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-156?filter=allopenissues
BaseNCodecOutputStream only supports writing EOF on close()
affectsVersions:1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-183?filter=allopenissues
4 commons-lang commons-lang (pom.xml)
version: 2.6
Jira issues:
Remove unnecessary synchronization from registry lookup in EqualsBuilder
and HashCodeBuilder
affectsVersions:2.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1230?filter=allopenissues
LocaleUtils - DCL idiom is not thread-safe
affectsVersions:2.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-803?filter=allopenissues
Exception when combining custom and choice format in ExtendedMessageFormat
affectsVersions:2.5;2.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-917?filter=allopenissues
5 org.apache.commons commons-lang3 (pom.xml)
version: 3.6
Jira issues:
StackOverflowError on TypeUtils.toString(...) for a generic return type of
Enum.valueOf
affectsVersions:3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1348?filter=allopenissues
EqualsBuilder#isRegistered: swappedPair construction bug
affectsVersions:3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1349?filter=allopenissues
ConstructorUtils.invokeConstructor(Class; Object...) regression
affectsVersions:3.5;3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1350?filter=allopenissues
TimeZone.getTimeZone() in FastDateParser causes resource contention
affectsVersions:3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1355?filter=allopenissues
org.apache.commons.lang3.time.FastDateParser should use toUpperCase(Locale)
affectsVersions:3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1357?filter=allopenissues
ExceptionUtils.getThrowableList() is using deprecated
ExceptionUtils.getCause()
affectsVersions:3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1361?filter=allopenissues
ExceptionUtils#getRootCause(Throwable t) should return t if no lower level
cause exists
affectsVersions:3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1364?filter=allopenissues
Sincerely~
FDU Software Engineering Lab
Jan 7th,2019
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<https://github.com/apache/bookkeeper/issues/1896>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAChrq_m-gzAn0huRMRn1DMdgvnd-0ZPks5vAs4wgaJpZM4Zy2Po>
.
--
Jvrao
---
First they ignore you, then they laugh at you, then they fight you, then
you win. - Mahatma Gandhi