You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@beam.apache.org by "Kaifeng Huang (JIRA)" <ji...@apache.org> on 2019/01/08 06:33:00 UTC
[jira] [Closed] (BEAM-6383) Your project apache/beam is using buggy
third-party libraries [WARNING]
[ https://issues.apache.org/jira/browse/BEAM-6383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kaifeng Huang closed BEAM-6383.
-------------------------------
Resolution: Incomplete
Fix Version/s: Not applicable
> Your project apache/beam is using buggy third-party libraries [WARNING]
> -----------------------------------------------------------------------
>
> Key: BEAM-6383
> URL: https://issues.apache.org/jira/browse/BEAM-6383
> Project: Beam
> Issue Type: Bug
> Components: build-system
> Reporter: Kaifeng Huang
> Assignee: Luke Cwik
> Priority: Minor
> Fix For: Not applicable
>
>
> Hi, there!
> We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
> We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information.
> 1 org.apache.httpcomponents httpclient (sdks/java/io/elasticsearch/build.gradle,sdks/java/io/solr/build.gradle,sdks/java/io/elasticsearch-tests/elasticsearch-tests-common/build.gradle,sdks/java/io/amazon-web-services/build.gradle)
> version: 4.5.6
> Jira issues:
> Support relatively new HTTP 308 redirect - RFC7538
> affectsVersions:3.1 (end of life),4.5.6
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1946?filter=allopenissues
> 2 commons-cli commons-cli (release/build.gradle)
> version: 1.2
> Jira issues:
> Unable to select a pure long option in a group
> affectsVersions:1.0;1.1;1.2
> https://issues.apache.org/jira/projects/CLI/issues/CLI-182?filter=allopenissues
> Clear the selection from the groups before parsing
> affectsVersions:1.0;1.1;1.2
> https://issues.apache.org/jira/projects/CLI/issues/CLI-183?filter=allopenissues
> Commons CLI incorrectly stripping leading and trailing quotes
> affectsVersions:1.1;1.2
> https://issues.apache.org/jira/projects/CLI/issues/CLI-185?filter=allopenissues
> Coding error: OptionGroup.setSelected causes java.lang.NullPointerException
> affectsVersions:1.2
> https://issues.apache.org/jira/projects/CLI/issues/CLI-191?filter=allopenissues
> StringIndexOutOfBoundsException in HelpFormatter.findWrapPos
> affectsVersions:1.2
> https://issues.apache.org/jira/projects/CLI/issues/CLI-193?filter=allopenissues
> HelpFormatter strips leading whitespaces in the footer
> affectsVersions:1.2
> https://issues.apache.org/jira/projects/CLI/issues/CLI-207?filter=allopenissues
> OptionBuilder only has static methods; yet many return an OptionBuilder instance
> affectsVersions:1.2
> https://issues.apache.org/jira/projects/CLI/issues/CLI-224?filter=allopenissues
> Unable to properly require options
> affectsVersions:1.2
> https://issues.apache.org/jira/projects/CLI/issues/CLI-230?filter=allopenissues
> OptionValidator Implementation Does Not Agree With JavaDoc
> affectsVersions:1.2
> https://issues.apache.org/jira/projects/CLI/issues/CLI-241?filter=allopenissues
> 3 org.apache.logging.log4j log4j-core (sdks/java/io/elasticsearch-tests/elasticsearch-tests-6/build.gradle,sdks/java/io/elasticsearch-tests/elasticsearch-tests-2/build.gradle,sdks/java/io/elasticsearch-tests/elasticsearch-tests-common/build.gradle,sdks/java/io/hadoop-input-format/build.gradle,sdks/java/io/hadoop-format/build.gradle)
> version: 2.6.2
> Jira issues:
> Custom plugins are not loaded; URL protocol vfs is not supported
> affectsVersions:2.5;2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1320?filter=allopenissues
> [OSGi] Missing import package
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1467?filter=allopenissues
> CronTriggeringPolicy raise exception and fail to rollover log file when evaluateOnStartup is true.
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1474?filter=allopenissues
> Improper header in CsvParameterLayout
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1482?filter=allopenissues
> Merging configurations fail with an NPE when comparing Nodes with different attributes
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1500?filter=allopenissues
> CsvParameterLayout and CsvLogEventLayout insert NUL character if data starts with {; (; [ or "
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1502?filter=allopenissues
> Unregister JMX ignores log4j2.disable.jmx property
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1506?filter=allopenissues
> DynamicThresholdFilter filters incorrectly when params are passed as individual arguments instead of varargs
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1511?filter=allopenissues
> Deadlock when using pure async and toString logs another message
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1518?filter=allopenissues
> NPE thrown when log4j2 used within a webapp and RingBufferLogEvent's getFormattedMessage() is called.
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1527?filter=allopenissues
> composite configurations do not merge attributes on logger nodes
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1529?filter=allopenissues
> LogEvent.getContextStack() can return null
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1530?filter=allopenissues
> Dynamic removal of filter may cause NPE
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1538?filter=allopenissues
> java.lang.ArrayIndexOutOfBoundsException in ParameterizedMessage.formatTo(ParameterizedMessage.java:221)
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1542?filter=allopenissues
> org.apache.logging.log4j.core.filter.DynamicThresholdFilter doesn't override all 'filter' methods of org.apache.logging.log4j.core.filter.AbstractFilter
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1554?filter=allopenissues
> NPE in Level.isInRange
> affectsVersions:2.4;2.4.1;2.5;2.6;2.6.1;2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1559?filter=allopenissues
> Log4j can lose exceptions when a security manager is present
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1560?filter=allopenissues
> SocketAppender memory usage grows unbounded if it cannot connect to a server
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1562?filter=allopenissues
> Log4j 2.6.2 can lose exceptions when a security manager is present
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1563?filter=allopenissues
> Nested logging call disrupts output of outer logging call
> affectsVersions:2.6;2.6.1;2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1583?filter=allopenissues
> AbstractFilter should call vararg method from methods with unrolled parameters
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1590?filter=allopenissues
> Prevent potential NPE in org.apache.logging.log4j.message.ParameterFormatter.formatMessage3(StringBuilder; char[]; int; Object[]; int; int[])
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1599?filter=allopenissues
> Prevent potential NPE due to org.apache.logging.log4j.core.layout.MarkerPatternSelector.createSelector(PatternMatch[]; String; boolean; boolean; Configuration)
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1600?filter=allopenissues
> Prevent potential NPE due to org.apache.logging.log4j.core.layout.ScriptPatternSelector.createSelector(AbstractScript; PatternMatch[]; String; boolean; boolean; Configuration)
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1601?filter=allopenissues
> Prevent potential NPE in org.apache.logging.log4j.core.util.datetime.FormatCache.MultipartKey.equals(Object) when object is null
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1602?filter=allopenissues
> ServletAppender does not provide throwable object to ServletContext
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1608?filter=allopenissues
> Add targetNamespace to log4j-config.xsd
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1610?filter=allopenissues
> ClassCastException at shutdown with JUL: casting SimpleLogger to Logger
> affectsVersions:2.6.2;2.7
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1618?filter=allopenissues
> new Log4jLogEvent().toString() throws an NPE
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1619?filter=allopenissues
> Regression in FileAppender locking since 2.6
> affectsVersions:2.6.2
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1628?filter=allopenissues
> API Version is incorrect
> affectsVersions:2.6;2.6.1;2.6.2;2.7;2.8;2.8.1
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1836?filter=allopenissues
> TcpSocketServer does not replace any “{}” in message
> affectsVersions:2.6.2;2.7
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1969?filter=allopenissues
> Configuration builder classes should look for "onMismatch"; not "onMisMatch".
> affectsVersions:2.4;2.4.1;2.5;2.6;2.6.1;2.6.2;2.7;2.8;2.8.1;2.8.2;2.9.0;2.10.0
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2219?filter=allopenissues
> fix the CacheEntry map in ThrowableProxy#toExtendedStackTrace to be put and gotten with same key
> affectsVersions:2.6.2;2.7;2.8;2.8.1;2.8.2;2.9.0;2.9.1;2.10.0;2.11.0
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2389?filter=allopenissues
> Sincerely~
> FDU Software Engineering Lab
> calvinkfh@gmail.com
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)