You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pinot.apache.org by GitBox <gi...@apache.org> on 2019/01/07 01:53:29 UTC
[GitHub] FDU-SE-LAB opened a new issue #3649: Your project linkedin/pinot is
using buggy third-party libraries [WARNING]
FDU-SE-LAB opened a new issue #3649: Your project linkedin/pinot is using buggy third-party libraries [WARNING]
URL: https://github.com/apache/incubator-pinot/issues/3649
Hi, there!
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information.
1 org.apache.httpcomponents httpclient (contrib/pinot-druid-benchmark/pom.xml)
version: 4.5.1
Jira issues:
Add convenience methods to fluent API class Request
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1696?filter=allopenissues
GET request should support body
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1703?filter=allopenissues
Delete obsolete clone method
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1709?filter=allopenissues
NTLMEngineImpl.Type1Message not thread safe but declared as a constant
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1715?filter=allopenissues
HttpClient 4.5.1 may perform multiple requests on the same connection despite having "Connection: close" header.
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1723?filter=allopenissues
The deprecated SSLSocketFactory does not contain the SNI fix found in the SSLConnectionSocketFactory class
affectsVersions:4.4.1;4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1726?filter=allopenissues
org.apache.http.impl.client.AbstractHttpClient#createClientConnectionManager Does not account for context class loader
affectsVersions:4.4.1;4.5;4.5.1;4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1727?filter=allopenissues
Malformed path not handled well
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1803?filter=allopenissues
NTLM authentication error: Unexpected state: MSG_TYPE3_GENERATED
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1882?filter=allopenissues
2 org.apache.httpcomponents httpclient (thirdeye/pom.xml)
version: 4.5.2
Jira issues:
org.apache.http.impl.client.AbstractHttpClient#createClientConnectionManager Does not account for context class loader
affectsVersions:4.4.1;4.5;4.5.1;4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1727?filter=allopenissues
Memory Leak in OSGi support
affectsVersions:4.4.1;4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1749?filter=allopenissues
SystemDefaultRoutePlanner: Possible null pointer dereference
affectsVersions:4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1766?filter=allopenissues
Null pointer dereference in EofSensorInputStream and ResponseEntityProxy
affectsVersions:4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1767?filter=allopenissues
[OSGi] WeakList needs to support "clear" method
affectsVersions:4.5.2;5.0 Alpha1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1772?filter=allopenissues
[OSGi] HttpProxyConfigurationActivator does not unregister HttpClientBuilderFactory
affectsVersions:4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1773?filter=allopenissues
Why is Retry around Redirect and not the other way round
affectsVersions:4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1800?filter=allopenissues
3 org.apache.httpcomponents httpclient (pom in maven central)
version: 4.5.3
Jira issues:
Possible bug in URIBuilder
affectsVersions:4.5.3
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1831?filter=allopenissues
RuntimeException from WindowsNegotiateScheme: Unexpected token
affectsVersions:4.5.3
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1833?filter=allopenissues
DefaultServiceUnavailableRetryStrategy does not respect HttpEntity#isRepeatable
affectsVersions:4.5.3
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1865?filter=allopenissues
connection should revert to SocketConfig's soTimeout
affectsVersions:4.5.3
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1879?filter=allopenissues
NTLM authentication against ntlm.herokuapp.com
affectsVersions:4.5.3
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1881?filter=allopenissues
connection leak issue when OutOfMemory
affectsVersions:4.5.3;4.5.4;4.5.5
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1924?filter=allopenissues
org.apache.http.conn.ssl.SSLSocketFactory no longer throws ConnectTimeoutException
affectsVersions:4.5.3
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1940?filter=allopenissues
4 commons-logging commons-logging (pom.xml)
version: 1.2
Jira issues:
BufferedReader is not closed properly
affectsVersions:1.1.1;1.2
https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-163?filter=allopenissues
5 commons-cli commons-cli (pom.xml)
version: 1.2
Jira issues:
Unable to select a pure long option in a group
affectsVersions:1.0;1.1;1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-182?filter=allopenissues
Clear the selection from the groups before parsing
affectsVersions:1.0;1.1;1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-183?filter=allopenissues
Commons CLI incorrectly stripping leading and trailing quotes
affectsVersions:1.1;1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-185?filter=allopenissues
Coding error: OptionGroup.setSelected causes java.lang.NullPointerException
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-191?filter=allopenissues
StringIndexOutOfBoundsException in HelpFormatter.findWrapPos
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-193?filter=allopenissues
HelpFormatter strips leading whitespaces in the footer
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-207?filter=allopenissues
OptionBuilder only has static methods; yet many return an OptionBuilder instance
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-224?filter=allopenissues
Unable to properly require options
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-230?filter=allopenissues
OptionValidator Implementation Does Not Agree With JavaDoc
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-241?filter=allopenissues
6 commons-cli commons-cli (thirdeye/pom.xml)
version: 1.3
Jira issues:
LongOpt falsely detected as ambiguous
affectsVersions:1.3
https://issues.apache.org/jira/projects/CLI/issues/CLI-252?filter=allopenissues
7 commons-io commons-io (thirdeye/pom.xml,pom.xml)
version: 2.4
Jira issues:
IOUtils copyLarge() and skip() methods are performance hogs
affectsVersions:2.3;2.4
https://issues.apache.org/jira/projects/IO/issues/IO-355?filter=allopenissues
CharSequenceInputStream#reset() behaves incorrectly in case when buffer size is not dividable by data size
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-356?filter=allopenissues
[Tailer] InterruptedException while the thead is sleeping is silently ignored
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-357?filter=allopenissues
IOUtils.contentEquals* methods returns false if input1 == input2; should return true
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-362?filter=allopenissues
Apache Commons - standard links for documents are failing
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-369?filter=allopenissues
FileUtils.sizeOfDirectoryAsBigInteger can overflow
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-390?filter=allopenissues
Regression in FileUtils.readFileToString from 2.0.1
affectsVersions:2.1;2.2;2.3;2.4
https://issues.apache.org/jira/projects/IO/issues/IO-453?filter=allopenissues
Correct exception message in FileUtils.getFile(File; String...)
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-479?filter=allopenissues
org.apache.commons.io.FileUtils#waitFor waits too long
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-481?filter=allopenissues
FilenameUtils should handle embedded null bytes
affectsVersions:2.4
https://issues.apache.org/jira/projects/IO/issues/IO-484?filter=allopenissues
Exceptions are suppressed incorrectly when copying files.
affectsVersions:2.4;2.5
https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues
8 org.slf4j slf4j-api (thirdeye/pom.xml)
version: 1.7.12
Jira issues:
Initializing org.slf4j.helpers.Util fails if SecurityManager denies "createSecurityManager"
affectsVersions:1.7.12
https://jira.qos.ch/projects/SLF4J/issues/SLF4J-324?filter=allopenissues
jul-to-slf4j inconsistent message format
affectsVersions:1.7.12
https://jira.qos.ch/projects/SLF4J/issues/SLF4J-337?filter=allopenissues
9 org.apache.commons commons-lang3 (thirdeye/pom.xml)
version: 3.0
Jira issues:
Depend on JDK 1.5+
affectsVersions:3.0
https://issues.apache.org/jira/projects/LANG/issues/LANG-11?filter=allopenissues
ContextedRuntimeException no longer an 'unchecked' exception
affectsVersions:3.0
https://issues.apache.org/jira/projects/LANG/issues/LANG-602?filter=allopenissues
Some Entitys like Ö are not matched properly against its ISO8859-1 representation
affectsVersions:3.0
https://issues.apache.org/jira/projects/LANG/issues/LANG-658?filter=allopenissues
EntityArrays typo: {"\u2122"; "−"}; // minus sign; U+2212 ISOtech
affectsVersions:3.0
https://issues.apache.org/jira/projects/LANG/issues/LANG-659?filter=allopenissues
StringEscapeUtils.escapeXml(input) outputs wrong results when an input contains characters in Supplementary Planes.
affectsVersions:3.0
https://issues.apache.org/jira/projects/LANG/issues/LANG-720?filter=allopenissues
The CHAR_ARRAY cache in CharUtils duplicates the cache in java.lang.Character
affectsVersions:3.0
https://issues.apache.org/jira/projects/LANG/issues/LANG-734?filter=allopenissues
CharUtils static final array CHAR_STRING is not needed to compute CHAR_STRING_ARRAY
affectsVersions:3.0
https://issues.apache.org/jira/projects/LANG/issues/LANG-736?filter=allopenissues
NumberUtils does not handle upper-case hex: 0X and -0X
affectsVersions:3.0;3.0.1
https://issues.apache.org/jira/projects/LANG/issues/LANG-746?filter=allopenissues
NumberUtils#createNumber() returns positive BigDecimal when negative Float is expected
affectsVersions:3.x
https://issues.apache.org/jira/projects/LANG/issues/LANG-1087?filter=allopenissues
10 org.apache.commons commons-lang3 (pom.xml)
version: 3.5
Jira issues:
DateFormatUtilsTest.testSMTP depends on the default Locale
affectsVersions:3.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-1126?filter=allopenissues
Multiple calls of org.apache.commons.lang3.concurrent.LazyInitializer.initialize() are possible
affectsVersions:3.4;3.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-1144?filter=allopenissues
Performance regression due to cyclic hashCode guard
affectsVersions:3.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-1229?filter=allopenissues
StrBuilder#replaceAll ArrayIndexOutOfBoundsException
affectsVersions:3.2.1;3.4;3.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-1276?filter=allopenissues
NullPointerException in FastDateParser$TimeZoneStrategy
affectsVersions:3.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-1285?filter=allopenissues
RandomStringUtils random method can overflow and return characters outside of specified range
affectsVersions:3.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-1286?filter=allopenissues
RandomStringUtils#random can enter infinite loop if end parameter is to small
affectsVersions:3.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-1287?filter=allopenissues
WordUtils.wrap throws StringIndexOutOfBoundsException
affectsVersions:3.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-1292?filter=allopenissues
MethodUtils.invokeMethod throws ArrayStoreException if using varargs arguments and smaller types than the method defines
affectsVersions:3.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-1310?filter=allopenissues
MultilineRecursiveToStringStyle StackOverflowError when object is an array
affectsVersions:3.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-1319?filter=allopenissues
LocaleUtils#toLocale does not support language followed by UN M.49 numeric-3 area code followed by variant
affectsVersions:3.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-1320?filter=allopenissues
ConstructorUtils.invokeConstructor(Class; Object...) regression
affectsVersions:3.5;3.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1350?filter=allopenissues
11 commons-lang commons-lang (thirdeye/pom.xml,pom.xml)
version: 2.6
Jira issues:
Remove unnecessary synchronization from registry lookup in EqualsBuilder and HashCodeBuilder
affectsVersions:2.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1230?filter=allopenissues
LocaleUtils - DCL idiom is not thread-safe
affectsVersions:2.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-803?filter=allopenissues
Exception when combining custom and choice format in ExtendedMessageFormat
affectsVersions:2.5;2.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-917?filter=allopenissues
Sincerely~
FDU Software Engineering Lab
Jan 7th,2019
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pinot.apache.org
For additional commands, e-mail: dev-help@pinot.apache.org