[
https://issues.apache.org/jira/browse/HADOOP-16113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16769496#comment-16769496
]
Anu Engineer commented on HADOOP-16113:
---------------------------------------
bq. Ozone team to upgrade log4j 2 and then tell us how we went,
Will do;
> Your project apache/hadoop is using buggy third-party libraries [WARNING]
> -------------------------------------------------------------------------
>
> Key: HADOOP-16113
> URL: https://issues.apache.org/jira/browse/HADOOP-16113
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Kaifeng Huang
> Priority: Major
>
> Hi, there!
> We are a research team working on third-party library analysis. We have
> found that some widely-used third-party libraries in your project have
> major/critical bugs, which will degrade the quality of your project. We
> highly recommend you to update those libraries to new versions.
> We have attached the buggy third-party libraries and corresponding jira
> issue links below for you to have more detailed information.
> 1. org.apache.logging.log4j log4j-core(hadoop-hdds/common/pom.xml)
> version: 2.11.0
> Jira issues:
> Log4j2 throws NoClassDefFoundError in Java 9
> affectsVersions:2.10.0,2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2129?filter=allopenissues
> Empty Automatic-Module-Name Header
> affectsVersions:2.10.0,2.11.0,3.0.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2254?filter=allopenissues
> gc-free mixed async loging loses parameter values after the first
> appender
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2301?filter=allopenissues
> Log4j 2.10+not working with SLF4J 1.8 in OSGI environment
> affectsVersions:2.10.0,2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2305?filter=allopenissues
> AsyncQueueFullMessageUtil causes unparsable message output
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2318?filter=allopenissues
> AbstractLogger NPE hides actual cause when getFormat returns null
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2320?filter=allopenissues
> AsyncLogger without specifying a level always uses ERROR
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2321?filter=allopenissues
> Errors thrown in formatting may stop background threads
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2333?filter=allopenissues
> JsonLayout not working with AsyncLoggerContextSelector in 2.11.0
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2341?filter=allopenissues
> Typo in log4j-api Activator
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2343?filter=allopenissues
> PropertiesUtil.reload() might throw NullPointerException
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2355?filter=allopenissues
> NameAbbreviator skips first fragments
> affectsVersions:2.11.0,2.11.1
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2365?filter=allopenissues
> Outputs wrong message when used within overridden Throwable method
> affectsVersions:2.8.1,2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2368?filter=allopenissues
> StringBuilder escapeJson performs unnecessary Memory Allocations
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2373?filter=allopenissues
> fix the CacheEntry map in ThrowableProxy#toExtendedStackTrace to be put
> and gotten with same key
> affectsVersions:2.6.2,2.7,2.8,2.8.1,2.8.2,2.9.0,2.9.1,2.10.0,2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2389?filter=allopenissues
> Fix incorrect links in Log4j web documentation.
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2390?filter=allopenissues
> 2. org.apache.httpcomponents httpclient(hadoop-project/pom.xml)
> version: 4.5.2
> Jira issues:
>
> org.apache.http.impl.client.AbstractHttpClient#createClientConnectionManager
> Does not account for context class loader
> affectsVersions:4.4.1;4.5;4.5.1;4.5.2
>
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1727?filter=allopenissues
> Memory Leak in OSGi support
> affectsVersions:4.4.1;4.5.2
>
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1749?filter=allopenissues
> SystemDefaultRoutePlanner: Possible null pointer dereference
> affectsVersions:4.5.2
>
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1766?filter=allopenissues
> Null pointer dereference in EofSensorInputStream and ResponseEntityProxy
> affectsVersions:4.5.2
>
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1767?filter=allopenissues
> [OSGi] WeakList needs to support "clear" method
> affectsVersions:4.5.2;5.0 Alpha1
>
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1772?filter=allopenissues
> [OSGi] HttpProxyConfigurationActivator does not unregister
> HttpClientBuilderFactory
> affectsVersions:4.5.2
>
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1773?filter=allopenissues
> Why is Retry around Redirect and not the other way round
> affectsVersions:4.5.2
>
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1800?filter=allopenissues
> 3. commons-cli commons-cli(hadoop-project/pom.xml)
> version: 1.2
> Jira issues:
> Unable to select a pure long option in a group
> affectsVersions:1.0;1.1;1.2
>
> https://issues.apache.org/jira/projects/CLI/issues/CLI-182?filter=allopenissues
> Clear the selection from the groups before parsing
> affectsVersions:1.0;1.1;1.2
>
> https://issues.apache.org/jira/projects/CLI/issues/CLI-183?filter=allopenissues
> Commons CLI incorrectly stripping leading and trailing quotes
> affectsVersions:1.1;1.2
>
> https://issues.apache.org/jira/projects/CLI/issues/CLI-185?filter=allopenissues
> Coding error: OptionGroup.setSelected causes
> java.lang.NullPointerException
> affectsVersions:1.2
>
> https://issues.apache.org/jira/projects/CLI/issues/CLI-191?filter=allopenissues
> StringIndexOutOfBoundsException in HelpFormatter.findWrapPos
> affectsVersions:1.2
>
> https://issues.apache.org/jira/projects/CLI/issues/CLI-193?filter=allopenissues
> HelpFormatter strips leading whitespaces in the footer
> affectsVersions:1.2
>
> https://issues.apache.org/jira/projects/CLI/issues/CLI-207?filter=allopenissues
> OptionBuilder only has static methods; yet many return an OptionBuilder
> instance
> affectsVersions:1.2
>
> https://issues.apache.org/jira/projects/CLI/issues/CLI-224?filter=allopenissues
> Unable to properly require options
> affectsVersions:1.2
>
> https://issues.apache.org/jira/projects/CLI/issues/CLI-230?filter=allopenissues
> OptionValidator Implementation Does Not Agree With JavaDoc
> affectsVersions:1.2
>
> https://issues.apache.org/jira/projects/CLI/issues/CLI-241?filter=allopenissues
> 4. commons-io commons-io(hadoop-project/pom.xml)
> version: 2.5
> Jira issues:
> ant test fails - resources missing from test classpath
> affectsVersions:2.5
>
> https://issues.apache.org/jira/projects/IO/issues/IO-451?filter=allopenissues
> Exceptions are suppressed incorrectly when copying files.
> affectsVersions:2.4;2.5
>
> https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues
> ThresholdingOutputStream.thresholdReached() results in
> FileNotFoundException
> affectsVersions:2.5
>
> https://issues.apache.org/jira/projects/IO/issues/IO-512?filter=allopenissues
> Tailer.run race condition runaway logging
> affectsVersions:2.5
>
> https://issues.apache.org/jira/projects/IO/issues/IO-528?filter=allopenissues
> Thread bug in FileAlterationMonitor#stop(int)
> affectsVersions:2.5
>
> https://issues.apache.org/jira/projects/IO/issues/IO-535?filter=allopenissues
> 2.5 ExceptionInInitializerError
> affectsVersions:2.5
>
> https://issues.apache.org/jira/projects/IO/issues/IO-536?filter=allopenissues
> 5. commons-codec commons-codec(hadoop-project/pom.xml)
> version: 1.11
> Jira issues:
> InputStream not closed
> affectsVersions:1.10;1.11
>
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-225?filter=allopenissues
> 6. org.apache.commons commons-lang3(hadoop-project/pom.xml)
> version: 3.7
> Jira issues:
> NPE from SystemUtils.isJavaVersionAtLeast under Java 11 EA
> affectsVersions:3.7
>
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1384?filter=allopenissues
> WordUtils.wrap throws StringIndexOutOfBoundsException when wrapLength
> is Integer.MAX_VALUE
> affectsVersions:3.7
>
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1397?filter=allopenissues
> Sincerely~
> FDU Software Engineering Lab
> Feb 15th,2019
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
