You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Kaifeng Huang (JIRA)" <ji...@apache.org> on 2019/02/15 08:11:00 UTC

[jira] [Created] (HBASE-21912) Your project apache/hbase is using buggy third-party libraries [WARNING]

Kaifeng Huang created HBASE-21912:
-------------------------------------

             Summary: Your project apache/hbase is using buggy third-party libraries [WARNING]
                 Key: HBASE-21912
                 URL: https://issues.apache.org/jira/browse/HBASE-21912
             Project: HBase
          Issue Type: Bug
            Reporter: Kaifeng Huang



Hi, there!

    We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.

    We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information.

	1. commons-logging commons-logging(pom.xml)
	version: 1.2

	Jira issues:
	BufferedReader is not closed properly
	affectsVersions:1.1.1,1.2
	https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-163?filter=allopenissues


	2. org.apache.httpcomponents httpclient(pom.xml)
	version: 4.5.3

	Jira issues:
	Possible bug in URIBuilder
	affectsVersions:4.5.3
	https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1831?filter=allopenissues
	RuntimeException from WindowsNegotiateScheme: Unexpected token
	affectsVersions:4.5.3
	https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1833?filter=allopenissues
	DefaultServiceUnavailableRetryStrategy does not respect HttpEntity#isRepeatable
	affectsVersions:4.5.3
	https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1865?filter=allopenissues
	connection should revert to SocketConfig's soTimeout
	affectsVersions:4.5.3
	https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1879?filter=allopenissues
	NTLM authentication against ntlm.herokuapp.com
	affectsVersions:4.5.3
	https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1881?filter=allopenissues
	connection leak issue when OutOfMemory
	affectsVersions:4.5.3;4.5.4;4.5.5
	https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1924?filter=allopenissues
	org.apache.http.conn.ssl.SSLSocketFactory no longer throws ConnectTimeoutException
	affectsVersions:4.5.3
	https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1940?filter=allopenissues


	3. commons-io commons-io(pom.xml)
	version: 2.5

	Jira issues:
	ant test fails - resources missing from test classpath
	affectsVersions:2.5
	https://issues.apache.org/jira/projects/IO/issues/IO-451?filter=allopenissues
	Exceptions are suppressed incorrectly when copying files.
	affectsVersions:2.4;2.5
	https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues
	ThresholdingOutputStream.thresholdReached() results in FileNotFoundException
	affectsVersions:2.5
	https://issues.apache.org/jira/projects/IO/issues/IO-512?filter=allopenissues
	Tailer.run race condition runaway logging
	affectsVersions:2.5
	https://issues.apache.org/jira/projects/IO/issues/IO-528?filter=allopenissues
	Thread bug in FileAlterationMonitor#stop(int)
	affectsVersions:2.5
	https://issues.apache.org/jira/projects/IO/issues/IO-535?filter=allopenissues
	2.5 ExceptionInInitializerError
	affectsVersions:2.5
	https://issues.apache.org/jira/projects/IO/issues/IO-536?filter=allopenissues


	4. commons-codec commons-codec(pom.xml)
	version: 1.10

	Jira issues:
	Bug in HW rule in Soundex
	affectsVersions:1.10
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-199?filter=allopenissues
	Charsets Javadoc breaks build when using Java 8
	affectsVersions:1.10
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-207?filter=allopenissues
	Javadoc for SHA-224 DigestUtils methods should mention Java 1.8.0 restriction instead of 1.4.0
	affectsVersions:1.10
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-209?filter=allopenissues
	Don't deprecate Charsets Charset constants in favor of Java 7's java.nio.charset.StandardCharsets
	affectsVersions:1.10
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-219?filter=allopenissues
	HmacUtils.updateHmac calls reset() unnecessarily
	affectsVersions:1.10
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-221?filter=allopenissues
	InputStream not closed
	affectsVersions:1.10;1.11
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-225?filter=allopenissues
	StringUtils.newStringxxx(null) should return null; not NPE
	affectsVersions:1.10
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-229?filter=allopenissues
	URLCodec.WWW_FORM_URL should be private
	affectsVersions:1.10
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-230?filter=allopenissues
	StringUtils.equals(CharSequence cs1; CharSequence cs2) can fail with String Index OBE
	affectsVersions:1.10
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-231?filter=allopenissues
	URLCodec is neither immutable nor threadsafe
	affectsVersions:1.10
	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-232?filter=allopenissues


	5. org.apache.commons commons-lang3(pom.xml)
	version: 3.6

	Jira issues:
	StackOverflowError on TypeUtils.toString(...) for a generic return type of Enum.valueOf
	affectsVersions:3.6
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1348?filter=allopenissues
	EqualsBuilder#isRegistered: swappedPair construction bug
	affectsVersions:3.6
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1349?filter=allopenissues
	ConstructorUtils.invokeConstructor(Class; Object...) regression
	affectsVersions:3.5;3.6
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1350?filter=allopenissues
	TimeZone.getTimeZone() in FastDateParser causes resource contention
	affectsVersions:3.6
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1355?filter=allopenissues
	org.apache.commons.lang3.time.FastDateParser should use toUpperCase(Locale)
	affectsVersions:3.6
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1357?filter=allopenissues
	ExceptionUtils.getThrowableList() is using deprecated ExceptionUtils.getCause()
	affectsVersions:3.6
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1361?filter=allopenissues
	ExceptionUtils#getRootCause(Throwable t) should return t if no lower level cause exists
	affectsVersions:3.6
	https://issues.apache.org/jira/projects/LANG/issues/LANG-1364?filter=allopenissues




Sincerely~
FDU Software Engineering Lab
Feb 15th,2019




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)