[GitHub] FDU-SE-LAB opened a new issue #3119: Your project apache/cloudstack is using buggy third-party libraries [WARNING]

GitBox Sun, 06 Jan 2019 18:39:48 -0800

FDU-SE-LAB opened a new issue #3119: Your project apache/cloudstack is using 
buggy third-party libraries [WARNING]
URL: https://github.com/apache/cloudstack/issues/3119
 
 
   Hi, there!
   We are a research team working on third-party library analysis. We have 
found that some widely-used third-party libraries in your project have 
major/critical bugs, which will degrade the quality of your project. We highly 
recommend you to update those libraries to new versions.    
   We have attached the buggy third-party libraries and corresponding jira 
issue links below for you to have more detailed information.
     1  org.apache.httpcomponents httpclient (pom.xml)
     version: 4.5.4
   
     Jira issues:
     evictExpiredConnections does not work as intended
     affectsVersions:4.5.4;5.0 Alpha3
     
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1835?filter=allopenissues
     NullPointerException in SystemDefaultCredentialsProvider.getCredentials 
when AuthScope.orgin is null
     affectsVersions:4.5.4
     
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1888?filter=allopenissues
     Inspecting the Redirect inside a RedirectStrategy mutates the 
RedirectLocations array
     affectsVersions:4.5.4
     
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1893?filter=allopenissues
     connection leak issue when OutOfMemory
     affectsVersions:4.5.3;4.5.4;4.5.5
     
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1924?filter=allopenissues
   
   
   
   
     2  commons-io commons-io (pom.xml)
     version: 2.6
   
     Jira issues:
     .gitattributes not correctly applied
     affectsVersions:2.6
     
https://issues.apache.org/jira/projects/IO/issues/IO-516?filter=allopenissues
     FilenameUtils.normalize should verify hostname syntax in UNC path
     affectsVersions:2.6
     
https://issues.apache.org/jira/projects/IO/issues/IO-559?filter=allopenissues
     Missing Javadoc in FilenameUtils causing Travis-CI build to fail
     affectsVersions:2.6
     
https://issues.apache.org/jira/projects/IO/issues/IO-570?filter=allopenissues
   
   
   
   
     3  commons-codec commons-codec (pom.xml)
     version: 1.11
   
     Jira issues:
     InputStream not closed
     affectsVersions:1.10;1.11
     
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-225?filter=allopenissues
   
   
   
   
     4  commons-lang commons-lang (pom.xml)
     version: 2.6
   
     Jira issues:
     Remove unnecessary synchronization from registry lookup in EqualsBuilder 
and HashCodeBuilder
     affectsVersions:2.6
     
https://issues.apache.org/jira/projects/LANG/issues/LANG-1230?filter=allopenissues
     LocaleUtils - DCL idiom is not thread-safe
     affectsVersions:2.6
     
https://issues.apache.org/jira/projects/LANG/issues/LANG-803?filter=allopenissues
     Exception when combining custom and choice format in ExtendedMessageFormat
     affectsVersions:2.5;2.6
     
https://issues.apache.org/jira/projects/LANG/issues/LANG-917?filter=allopenissues
   
   
   
   
     5  org.apache.commons commons-lang3 (pom.xml)
     version: 3.6
   
     Jira issues:
     StackOverflowError on TypeUtils.toString(...) for a generic return type of 
Enum.valueOf
     affectsVersions:3.6
     
https://issues.apache.org/jira/projects/LANG/issues/LANG-1348?filter=allopenissues
     EqualsBuilder#isRegistered: swappedPair construction bug
     affectsVersions:3.6
     
https://issues.apache.org/jira/projects/LANG/issues/LANG-1349?filter=allopenissues
     ConstructorUtils.invokeConstructor(Class; Object...) regression
     affectsVersions:3.5;3.6
     
https://issues.apache.org/jira/projects/LANG/issues/LANG-1350?filter=allopenissues
     TimeZone.getTimeZone() in FastDateParser causes resource contention
     affectsVersions:3.6
     
https://issues.apache.org/jira/projects/LANG/issues/LANG-1355?filter=allopenissues
     org.apache.commons.lang3.time.FastDateParser should use toUpperCase(Locale)
     affectsVersions:3.6
     
https://issues.apache.org/jira/projects/LANG/issues/LANG-1357?filter=allopenissues
     ExceptionUtils.getThrowableList() is using deprecated 
ExceptionUtils.getCause()
     affectsVersions:3.6
     
https://issues.apache.org/jira/projects/LANG/issues/LANG-1361?filter=allopenissues
     ExceptionUtils#getRootCause(Throwable t) should return t if no lower level 
cause exists
     affectsVersions:3.6
     
https://issues.apache.org/jira/projects/LANG/issues/LANG-1364?filter=allopenissues
   
   
   
   
   Sincerely~
   FDU Software Engineering Lab
   Jan 7th,2019


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] FDU-SE-LAB opened a new issue #3119: Your project apache/cloudstack is using buggy third-party libraries [WARNING]

Reply via email to