You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@beam.apache.org by "Kaifeng Huang (JIRA)" <ji...@apache.org> on 2019/01/08 06:33:00 UTC
[jira] [Closed] (BEAM-6383) Your project apache/beam is using buggy third-party libraries [WARNING]

     [ https://issues.apache.org/jira/browse/BEAM-6383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kaifeng Huang closed BEAM-6383.
-------------------------------
       Resolution: Incomplete
    Fix Version/s: Not applicable

> Your project apache/beam is using buggy third-party libraries [WARNING]
> -----------------------------------------------------------------------
>
>                 Key: BEAM-6383
>                 URL: https://issues.apache.org/jira/browse/BEAM-6383
>             Project: Beam
>          Issue Type: Bug
>          Components: build-system
>            Reporter: Kaifeng Huang
>            Assignee: Luke Cwik
>            Priority: Minor
>             Fix For: Not applicable
>
>
> Hi, there!
> We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.    
> We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information.
> 	1  org.apache.httpcomponents httpclient (sdks/java/io/elasticsearch/build.gradle,sdks/java/io/solr/build.gradle,sdks/java/io/elasticsearch-tests/elasticsearch-tests-common/build.gradle,sdks/java/io/amazon-web-services/build.gradle)
> 	version: 4.5.6
> 	Jira issues:
> 	Support relatively new HTTP 308 redirect - RFC7538
> 	affectsVersions:3.1 (end of life),4.5.6
> 	https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1946?filter=allopenissues
> 	2  commons-cli commons-cli (release/build.gradle)
> 	version: 1.2
> 	Jira issues:
> 	Unable to select a pure long option in a group
> 	affectsVersions:1.0;1.1;1.2
> 	https://issues.apache.org/jira/projects/CLI/issues/CLI-182?filter=allopenissues
> 	Clear the selection from the groups before parsing
> 	affectsVersions:1.0;1.1;1.2
> 	https://issues.apache.org/jira/projects/CLI/issues/CLI-183?filter=allopenissues
> 	Commons CLI incorrectly stripping leading and trailing quotes
> 	affectsVersions:1.1;1.2
> 	https://issues.apache.org/jira/projects/CLI/issues/CLI-185?filter=allopenissues
> 	Coding error: OptionGroup.setSelected causes java.lang.NullPointerException
> 	affectsVersions:1.2
> 	https://issues.apache.org/jira/projects/CLI/issues/CLI-191?filter=allopenissues
> 	StringIndexOutOfBoundsException in HelpFormatter.findWrapPos
> 	affectsVersions:1.2
> 	https://issues.apache.org/jira/projects/CLI/issues/CLI-193?filter=allopenissues
> 	HelpFormatter strips leading whitespaces in the footer
> 	affectsVersions:1.2
> 	https://issues.apache.org/jira/projects/CLI/issues/CLI-207?filter=allopenissues
> 	OptionBuilder only has static methods; yet many return an OptionBuilder instance
> 	affectsVersions:1.2
> 	https://issues.apache.org/jira/projects/CLI/issues/CLI-224?filter=allopenissues
> 	Unable to properly require options
> 	affectsVersions:1.2
> 	https://issues.apache.org/jira/projects/CLI/issues/CLI-230?filter=allopenissues
> 	OptionValidator Implementation Does Not Agree With JavaDoc
> 	affectsVersions:1.2
> 	https://issues.apache.org/jira/projects/CLI/issues/CLI-241?filter=allopenissues
> 	3  org.apache.logging.log4j log4j-core (sdks/java/io/elasticsearch-tests/elasticsearch-tests-6/build.gradle,sdks/java/io/elasticsearch-tests/elasticsearch-tests-2/build.gradle,sdks/java/io/elasticsearch-tests/elasticsearch-tests-common/build.gradle,sdks/java/io/hadoop-input-format/build.gradle,sdks/java/io/hadoop-format/build.gradle)
> 	version: 2.6.2
> 	Jira issues:
> 	Custom plugins are not loaded; URL protocol vfs is not supported
> 	affectsVersions:2.5;2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1320?filter=allopenissues
> 	[OSGi] Missing import package
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1467?filter=allopenissues
> 	CronTriggeringPolicy raise exception and fail to rollover log file when evaluateOnStartup is true.
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1474?filter=allopenissues
> 	Improper header in CsvParameterLayout
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1482?filter=allopenissues
> 	Merging configurations fail with an NPE when comparing Nodes with different attributes
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1500?filter=allopenissues
> 	CsvParameterLayout and CsvLogEventLayout insert NUL character if data starts with {; (; [ or "
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1502?filter=allopenissues
> 	Unregister JMX ignores log4j2.disable.jmx property
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1506?filter=allopenissues
> 	DynamicThresholdFilter filters incorrectly when params are passed as individual arguments instead of varargs
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1511?filter=allopenissues
> 	Deadlock when using pure async and toString logs another message
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1518?filter=allopenissues
> 	NPE thrown when log4j2 used within a webapp and RingBufferLogEvent's getFormattedMessage() is called.
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1527?filter=allopenissues
> 	composite configurations do not merge attributes on logger nodes
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1529?filter=allopenissues
> 	LogEvent.getContextStack() can return null
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1530?filter=allopenissues
> 	Dynamic removal of filter may cause NPE
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1538?filter=allopenissues
> 	java.lang.ArrayIndexOutOfBoundsException in ParameterizedMessage.formatTo(ParameterizedMessage.java:221)
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1542?filter=allopenissues
> 	org.apache.logging.log4j.core.filter.DynamicThresholdFilter doesn't override all 'filter' methods of org.apache.logging.log4j.core.filter.AbstractFilter
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1554?filter=allopenissues
> 	NPE in Level.isInRange
> 	affectsVersions:2.4;2.4.1;2.5;2.6;2.6.1;2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1559?filter=allopenissues
> 	Log4j can lose exceptions when a security manager is present
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1560?filter=allopenissues
> 	SocketAppender memory usage grows unbounded if it cannot connect to a server
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1562?filter=allopenissues
> 	Log4j 2.6.2 can lose exceptions when a security manager is present
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1563?filter=allopenissues
> 	Nested logging call disrupts output of outer logging call
> 	affectsVersions:2.6;2.6.1;2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1583?filter=allopenissues
> 	AbstractFilter should call vararg method from methods with unrolled parameters
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1590?filter=allopenissues
> 	Prevent potential NPE in org.apache.logging.log4j.message.ParameterFormatter.formatMessage3(StringBuilder; char[]; int; Object[]; int; int[])
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1599?filter=allopenissues
> 	Prevent potential NPE due to org.apache.logging.log4j.core.layout.MarkerPatternSelector.createSelector(PatternMatch[]; String; boolean; boolean; Configuration)
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1600?filter=allopenissues
> 	Prevent potential NPE due to org.apache.logging.log4j.core.layout.ScriptPatternSelector.createSelector(AbstractScript; PatternMatch[]; String; boolean; boolean; Configuration)
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1601?filter=allopenissues
> 	Prevent potential NPE in org.apache.logging.log4j.core.util.datetime.FormatCache.MultipartKey.equals(Object) when object is null
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1602?filter=allopenissues
> 	ServletAppender does not provide throwable object to ServletContext
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1608?filter=allopenissues
> 	Add targetNamespace to log4j-config.xsd
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1610?filter=allopenissues
> 	ClassCastException at shutdown with JUL: casting SimpleLogger to Logger
> 	affectsVersions:2.6.2;2.7
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1618?filter=allopenissues
> 	new Log4jLogEvent().toString() throws an NPE
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1619?filter=allopenissues
> 	Regression in FileAppender locking since 2.6
> 	affectsVersions:2.6.2
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1628?filter=allopenissues
> 	API Version is incorrect
> 	affectsVersions:2.6;2.6.1;2.6.2;2.7;2.8;2.8.1
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1836?filter=allopenissues
> 	TcpSocketServer does not replace any “{}” in message
> 	affectsVersions:2.6.2;2.7
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1969?filter=allopenissues
> 	Configuration builder classes should look for "onMismatch"; not "onMisMatch".
> 	affectsVersions:2.4;2.4.1;2.5;2.6;2.6.1;2.6.2;2.7;2.8;2.8.1;2.8.2;2.9.0;2.10.0
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2219?filter=allopenissues
> 	fix the CacheEntry map in ThrowableProxy#toExtendedStackTrace to be put and gotten with same key
> 	affectsVersions:2.6.2;2.7;2.8;2.8.1;2.8.2;2.9.0;2.9.1;2.10.0;2.11.0
> 	https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2389?filter=allopenissues
> Sincerely~
> FDU Software Engineering Lab
> calvinkfh@gmail.com



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)