pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] FDU-SE-LAB opened a new issue #3316: Your project apache/incubator-pulsar is using buggy third-party libraries [WARNING]
Date Mon, 07 Jan 2019 02:11:40 GMT
FDU-SE-LAB opened a new issue #3316: Your project apache/incubator-pulsar is using buggy third-party
libraries [WARNING]
URL: https://github.com/apache/pulsar/issues/3316
 
 
   Hi, there!
   We are a research team working on third-party library analysis. We have found that some
widely-used third-party libraries in your project have major/critical bugs, which will degrade
the quality of your project. We highly recommend you to update those libraries to new versions.
   
   We have attached the buggy third-party libraries and corresponding jira issue links below
for you to have more detailed information.
     1  org.apache.httpcomponents httpclient (pom.xml)
     version: 4.5.5
   
     Jira issues:
     connection leak issue when OutOfMemory
     affectsVersions:4.5.3;4.5.4;4.5.5
     https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1924?filter=allopenissues
   
   
   
   
     2  commons-logging commons-logging (pulsar-client/pom.xml)
     version: 1.1.1
   
     Jira issues:
     Unit tests fail on linux with java16
     affectsVersions:1.1.1
     https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-117?filter=allopenissues
     deadlock on re-registration of logger
     affectsVersions:1.1.1
     https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-119?filter=allopenissues
     Potential missing privileged block for class loader
     affectsVersions:1.1.1
     https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-130?filter=allopenissues
     Log4JLogger uses deprecated static members of Priority such as INFO
     affectsVersions:1.1.1
     https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-142?filter=allopenissues
     LogFactory/LogFactoryImpl ingore Throwable
     affectsVersions:1.1.1
     https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-144?filter=allopenissues
     LogFactory.nullClassLoaderFactory is not properly synchronized
     affectsVersions:1.1.1
     https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-146?filter=allopenissues
     SimpleLog.log - unsafe update of shortLogName
     affectsVersions:1.1.1
     https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-147?filter=allopenissues
     BufferedReader is not closed properly
     affectsVersions:1.1.1;1.2
     https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-163?filter=allopenissues
   
   
   
   
     3  commons-io commons-io (pom.xml)
     version: 2.5
   
     Jira issues:
     ant test fails - resources missing from test classpath
     affectsVersions:2.5
     https://issues.apache.org/jira/projects/IO/issues/IO-451?filter=allopenissues
     Exceptions are suppressed incorrectly when copying files.
     affectsVersions:2.4;2.5
     https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues
     ThresholdingOutputStream.thresholdReached() results in FileNotFoundException
     affectsVersions:2.5
     https://issues.apache.org/jira/projects/IO/issues/IO-512?filter=allopenissues
     Tailer.run race condition runaway logging
     affectsVersions:2.5
     https://issues.apache.org/jira/projects/IO/issues/IO-528?filter=allopenissues
     Thread bug in FileAlterationMonitor#stop(int)
     affectsVersions:2.5
     https://issues.apache.org/jira/projects/IO/issues/IO-535?filter=allopenissues
     2.5 ExceptionInInitializerError
     affectsVersions:2.5
     https://issues.apache.org/jira/projects/IO/issues/IO-536?filter=allopenissues
   
   
   
   
     4  commons-codec commons-codec (pom.xml)
     version: 1.10
   
     Jira issues:
     Bug in HW rule in Soundex
     affectsVersions:1.10
     https://issues.apache.org/jira/projects/CODEC/issues/CODEC-199?filter=allopenissues
     Charsets Javadoc breaks build when using Java 8
     affectsVersions:1.10
     https://issues.apache.org/jira/projects/CODEC/issues/CODEC-207?filter=allopenissues
     Javadoc for SHA-224 DigestUtils methods should mention Java 1.8.0 restriction instead
of 1.4.0
     affectsVersions:1.10
     https://issues.apache.org/jira/projects/CODEC/issues/CODEC-209?filter=allopenissues
     Don't deprecate Charsets Charset constants in favor of Java 7's java.nio.charset.StandardCharsets
     affectsVersions:1.10
     https://issues.apache.org/jira/projects/CODEC/issues/CODEC-219?filter=allopenissues
     HmacUtils.updateHmac calls reset() unnecessarily
     affectsVersions:1.10
     https://issues.apache.org/jira/projects/CODEC/issues/CODEC-221?filter=allopenissues
     InputStream not closed
     affectsVersions:1.10;1.11
     https://issues.apache.org/jira/projects/CODEC/issues/CODEC-225?filter=allopenissues
     StringUtils.newStringxxx(null) should return null; not NPE
     affectsVersions:1.10
     https://issues.apache.org/jira/projects/CODEC/issues/CODEC-229?filter=allopenissues
     URLCodec.WWW_FORM_URL should be private
     affectsVersions:1.10
     https://issues.apache.org/jira/projects/CODEC/issues/CODEC-230?filter=allopenissues
     StringUtils.equals(CharSequence cs1; CharSequence cs2) can fail with String Index OBE
     affectsVersions:1.10
     https://issues.apache.org/jira/projects/CODEC/issues/CODEC-231?filter=allopenissues
     URLCodec is neither immutable nor threadsafe
     affectsVersions:1.10
     https://issues.apache.org/jira/projects/CODEC/issues/CODEC-232?filter=allopenissues
   
   
   
   
     5  org.apache.logging.log4j log4j-core (pom.xml)
     version: 2.10.0
   
     Jira issues:
     Curly braces in parameters are treated as placeholders
     affectsVersions:2.8.2;2.9.0;2.10.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2032?filter=allopenissues
     Remove Log4J API dependency on Management APIs
     affectsVersions:2.9.1;2.10.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2126?filter=allopenissues
     Log4j2 throws NoClassDefFoundError in Java 9
     affectsVersions:2.10.0;2.11.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2129?filter=allopenissues
     ThreadContext map is cleared => entries are only available for one log event
     affectsVersions:2.10.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2158?filter=allopenissues
     Objects held in SortedArrayStringMap cannot be filtered during serialization
     affectsVersions:2.10.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2163?filter=allopenissues
     NullPointerException at org.apache.logging.log4j.util.Activator.loadProvider(Activator.java:81)
in log4j 2.10.0
     affectsVersions:2.10.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2182?filter=allopenissues
     MarkerFilter onMismatch invalid attribute in .properties
     affectsVersions:2.10.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2202?filter=allopenissues
     Configuration builder classes should look for "onMismatch"; not "onMisMatch".
     affectsVersions:2.4;2.4.1;2.5;2.6;2.6.1;2.6.2;2.7;2.8;2.8.1;2.8.2;2.9.0;2.10.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2219?filter=allopenissues
     Empty Automatic-Module-Name Header
     affectsVersions:2.10.0;2.11.0;3.0.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2254?filter=allopenissues
     ConcurrentModificationException from org.apache.logging.log4j.status.StatusLogger.<clinit>(StatusLogger.java:71)
     affectsVersions:2.10.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2276?filter=allopenissues
     Allow SystemPropertiesPropertySource to run with a SecurityManager that rejects system
property access
     affectsVersions:2.10.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2279?filter=allopenissues
     ParserConfigurationException when using Log4j with oracle.xml.jaxp.JXDocumentBuilderFactory
     affectsVersions:2.10.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2283?filter=allopenissues
     Log4j 2.10+not working with SLF4J 1.8 in OSGI environment
     affectsVersions:2.10.0;2.11.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2305?filter=allopenissues
     fix the CacheEntry map in ThrowableProxy#toExtendedStackTrace to be put and gotten with
same key
     affectsVersions:2.6.2;2.7;2.8;2.8.1;2.8.2;2.9.0;2.9.1;2.10.0;2.11.0
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2389?filter=allopenissues
     NullPointerException when closing never used RollingRandomAccessFileAppender
     affectsVersions:2.10.0;2.11.1
     https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2418?filter=allopenissues
   
   
   
   
     6  org.apache.commons commons-lang3 (pulsar-io/hdfs2/pom.xml,pulsar-io/elastic-search/pom.xml,pom.xml)
     version: 3.4
   
     Jira issues:
     TypeUtils.ParameterizedType#equals doesn't work with wildcard types
     affectsVersions:3.3.2;3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1114?filter=allopenissues
     DateUtilsTest.testLang530 fails for some timezones
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1116?filter=allopenissues
     StringUtils.stripAccents from "Ł" and "ł"
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1120?filter=allopenissues
     JsonToStringStyle doesn't handle chars and objects correctly
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1128?filter=allopenissues
     ReflectionToStringBuilder doesn't throw IllegalArgumentException when the constructor's
object param is null
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1132?filter=allopenissues
     StrLookup.systemPropertiesLookup() no longer reacts on changes on system properties
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1141?filter=allopenissues
     StringUtils#capitalize: Javadoc says toTitleCase; code uses toUpperCase
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1142?filter=allopenissues
     Multiple calls of org.apache.commons.lang3.concurrent.LazyInitializer.initialize() are
possible
     affectsVersions:3.4;3.5
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1144?filter=allopenissues
     EnumUtils *BitVector issue with more than 32 values Enum
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1147?filter=allopenissues
     StringUtils#equals fails with Index OOBE on non-Strings with identical leading prefix
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1162?filter=allopenissues
     There are no tests for CharSequenceUtils.regionMatches
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1163?filter=allopenissues
     ArrayUtils.removeAll(Object array; int... indices) should do the clone; not its callers
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1178?filter=allopenissues
     TypeUtils.isAssignable throws NullPointerException when fromType has type variables and
toType generic superclass specifies type variable
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1190?filter=allopenissues
     FastDateFormat does not support the week-year component (uppercase 'Y')
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1192?filter=allopenissues
     ordinalIndexOf("abc"; "ab"; 1) gives incorrect answer of -1 (correct answer should be
0)
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1193?filter=allopenissues
     Fix implementation of StringUtils.getJaroWinklerDistance()
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1199?filter=allopenissues
     parseDateStrictly does't pass specified locale
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1202?filter=allopenissues
     ClassUtils.getClass(ClassLoader; String) fails for "void"
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1214?filter=allopenissues
     NumberUtils.isNumber bug
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1216?filter=allopenissues
     FastDateFormat doesn't respect summer daylight in localized strings
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1219?filter=allopenissues
     StringUtils#normalizeSpace does not trim the string anymore
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1226?filter=allopenissues
     DiffBuilder: Add null check on fieldName when appending Object or Object[]
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1232?filter=allopenissues
     FastDatePrinter Memory allocation regression
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1248?filter=allopenissues
     SerializationUtils.ClassLoaderAwareObjectInputStream should use static initializer to
initialize primitiveTypes map.
     affectsVersions:3.2;3.3;3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1251?filter=allopenissues
     NumberUtils.isNumber and NumberUtils.createNumber resolve inconsistently
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1252?filter=allopenissues
     ArrayUtils.contains returns false for instances of subtypes
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1261?filter=allopenissues
     CompareToBuilder.append(Object;Object;Comparator) method is too big to be inlined
     affectsVersions:3.4
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1262?filter=allopenissues
     StrBuilder#replaceAll ArrayIndexOutOfBoundsException
     affectsVersions:3.2.1;3.4;3.5
     https://issues.apache.org/jira/projects/LANG/issues/LANG-1276?filter=allopenissues
   
   
   
   
   Sincerely~
   FDU Software Engineering Lab
   Jan 7th,2019

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message