FDU-SE-LAB opened a new issue #3119: Your project apache/cloudstack is using buggy third-party libraries [WARNING] URL: https://github.com/apache/cloudstack/issues/3119 Hi, there! We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions. We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. 1 org.apache.httpcomponents httpclient (pom.xml) version: 4.5.4 Jira issues: evictExpiredConnections does not work as intended affectsVersions:4.5.4;5.0 Alpha3 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1835?filter=allopenissues NullPointerException in SystemDefaultCredentialsProvider.getCredentials when AuthScope.orgin is null affectsVersions:4.5.4 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1888?filter=allopenissues Inspecting the Redirect inside a RedirectStrategy mutates the RedirectLocations array affectsVersions:4.5.4 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1893?filter=allopenissues connection leak issue when OutOfMemory affectsVersions:4.5.3;4.5.4;4.5.5 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1924?filter=allopenissues 2 commons-io commons-io (pom.xml) version: 2.6 Jira issues: .gitattributes not correctly applied affectsVersions:2.6 https://issues.apache.org/jira/projects/IO/issues/IO-516?filter=allopenissues FilenameUtils.normalize should verify hostname syntax in UNC path affectsVersions:2.6 https://issues.apache.org/jira/projects/IO/issues/IO-559?filter=allopenissues Missing Javadoc in FilenameUtils causing Travis-CI build to fail affectsVersions:2.6 https://issues.apache.org/jira/projects/IO/issues/IO-570?filter=allopenissues 3 commons-codec commons-codec (pom.xml) version: 1.11 Jira issues: InputStream not closed affectsVersions:1.10;1.11 https://issues.apache.org/jira/projects/CODEC/issues/CODEC-225?filter=allopenissues 4 commons-lang commons-lang (pom.xml) version: 2.6 Jira issues: Remove unnecessary synchronization from registry lookup in EqualsBuilder and HashCodeBuilder affectsVersions:2.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1230?filter=allopenissues LocaleUtils - DCL idiom is not thread-safe affectsVersions:2.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-803?filter=allopenissues Exception when combining custom and choice format in ExtendedMessageFormat affectsVersions:2.5;2.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-917?filter=allopenissues 5 org.apache.commons commons-lang3 (pom.xml) version: 3.6 Jira issues: StackOverflowError on TypeUtils.toString(...) for a generic return type of Enum.valueOf affectsVersions:3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1348?filter=allopenissues EqualsBuilder#isRegistered: swappedPair construction bug affectsVersions:3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1349?filter=allopenissues ConstructorUtils.invokeConstructor(Class; Object...) regression affectsVersions:3.5;3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1350?filter=allopenissues TimeZone.getTimeZone() in FastDateParser causes resource contention affectsVersions:3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1355?filter=allopenissues org.apache.commons.lang3.time.FastDateParser should use toUpperCase(Locale) affectsVersions:3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1357?filter=allopenissues ExceptionUtils.getThrowableList() is using deprecated ExceptionUtils.getCause() affectsVersions:3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1361?filter=allopenissues ExceptionUtils#getRootCause(Throwable t) should return t if no lower level cause exists affectsVersions:3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1364?filter=allopenissues Sincerely~ FDU Software Engineering Lab Jan 7th,2019
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services