You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Kaifeng Huang (JIRA)" <ji...@apache.org> on 2019/02/15 08:11:00 UTC
[jira] [Created] (HBASE-21912) Your project apache/hbase is using
buggy third-party libraries [WARNING]
Kaifeng Huang created HBASE-21912:
-------------------------------------
Summary: Your project apache/hbase is using buggy third-party libraries [WARNING]
Key: HBASE-21912
URL: https://issues.apache.org/jira/browse/HBASE-21912
Project: HBase
Issue Type: Bug
Reporter: Kaifeng Huang
Hi, there!
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information.
1. commons-logging commons-logging(pom.xml)
version: 1.2
Jira issues:
BufferedReader is not closed properly
affectsVersions:1.1.1,1.2
https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-163?filter=allopenissues
2. org.apache.httpcomponents httpclient(pom.xml)
version: 4.5.3
Jira issues:
Possible bug in URIBuilder
affectsVersions:4.5.3
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1831?filter=allopenissues
RuntimeException from WindowsNegotiateScheme: Unexpected token
affectsVersions:4.5.3
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1833?filter=allopenissues
DefaultServiceUnavailableRetryStrategy does not respect HttpEntity#isRepeatable
affectsVersions:4.5.3
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1865?filter=allopenissues
connection should revert to SocketConfig's soTimeout
affectsVersions:4.5.3
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1879?filter=allopenissues
NTLM authentication against ntlm.herokuapp.com
affectsVersions:4.5.3
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1881?filter=allopenissues
connection leak issue when OutOfMemory
affectsVersions:4.5.3;4.5.4;4.5.5
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1924?filter=allopenissues
org.apache.http.conn.ssl.SSLSocketFactory no longer throws ConnectTimeoutException
affectsVersions:4.5.3
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1940?filter=allopenissues
3. commons-io commons-io(pom.xml)
version: 2.5
Jira issues:
ant test fails - resources missing from test classpath
affectsVersions:2.5
https://issues.apache.org/jira/projects/IO/issues/IO-451?filter=allopenissues
Exceptions are suppressed incorrectly when copying files.
affectsVersions:2.4;2.5
https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues
ThresholdingOutputStream.thresholdReached() results in FileNotFoundException
affectsVersions:2.5
https://issues.apache.org/jira/projects/IO/issues/IO-512?filter=allopenissues
Tailer.run race condition runaway logging
affectsVersions:2.5
https://issues.apache.org/jira/projects/IO/issues/IO-528?filter=allopenissues
Thread bug in FileAlterationMonitor#stop(int)
affectsVersions:2.5
https://issues.apache.org/jira/projects/IO/issues/IO-535?filter=allopenissues
2.5 ExceptionInInitializerError
affectsVersions:2.5
https://issues.apache.org/jira/projects/IO/issues/IO-536?filter=allopenissues
4. commons-codec commons-codec(pom.xml)
version: 1.10
Jira issues:
Bug in HW rule in Soundex
affectsVersions:1.10
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-199?filter=allopenissues
Charsets Javadoc breaks build when using Java 8
affectsVersions:1.10
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-207?filter=allopenissues
Javadoc for SHA-224 DigestUtils methods should mention Java 1.8.0 restriction instead of 1.4.0
affectsVersions:1.10
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-209?filter=allopenissues
Don't deprecate Charsets Charset constants in favor of Java 7's java.nio.charset.StandardCharsets
affectsVersions:1.10
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-219?filter=allopenissues
HmacUtils.updateHmac calls reset() unnecessarily
affectsVersions:1.10
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-221?filter=allopenissues
InputStream not closed
affectsVersions:1.10;1.11
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-225?filter=allopenissues
StringUtils.newStringxxx(null) should return null; not NPE
affectsVersions:1.10
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-229?filter=allopenissues
URLCodec.WWW_FORM_URL should be private
affectsVersions:1.10
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-230?filter=allopenissues
StringUtils.equals(CharSequence cs1; CharSequence cs2) can fail with String Index OBE
affectsVersions:1.10
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-231?filter=allopenissues
URLCodec is neither immutable nor threadsafe
affectsVersions:1.10
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-232?filter=allopenissues
5. org.apache.commons commons-lang3(pom.xml)
version: 3.6
Jira issues:
StackOverflowError on TypeUtils.toString(...) for a generic return type of Enum.valueOf
affectsVersions:3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1348?filter=allopenissues
EqualsBuilder#isRegistered: swappedPair construction bug
affectsVersions:3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1349?filter=allopenissues
ConstructorUtils.invokeConstructor(Class; Object...) regression
affectsVersions:3.5;3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1350?filter=allopenissues
TimeZone.getTimeZone() in FastDateParser causes resource contention
affectsVersions:3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1355?filter=allopenissues
org.apache.commons.lang3.time.FastDateParser should use toUpperCase(Locale)
affectsVersions:3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1357?filter=allopenissues
ExceptionUtils.getThrowableList() is using deprecated ExceptionUtils.getCause()
affectsVersions:3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1361?filter=allopenissues
ExceptionUtils#getRootCause(Throwable t) should return t if no lower level cause exists
affectsVersions:3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1364?filter=allopenissues
Sincerely~
FDU Software Engineering Lab
Feb 15th,2019
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)