Kaifeng Huang created TIKA-2828:
-----------------------------------
Summary: Your project apache/tika is using buggy third-party
libraries [WARNING]
Key: TIKA-2828
URL: https://issues.apache.org/jira/browse/TIKA-2828
Project: Tika
Issue Type: Bug
Reporter: Kaifeng Huang
Hi, there!
We are a research team working on third-party library analysis. We have
found that some widely-used third-party libraries in your project have
major/critical bugs, which will degrade the quality of your project. We highly
recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira
issue links below for you to have more detailed information.
1. commons-codec commons-codec
version: 1.11
Jira issues:
InputStream not closed
affectsVersions:1.10,1.11
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-225?filter=allopenissues
2. org.apache.httpcomponents httpclient
version: 4.5.6
Jira issues:
Support relatively new HTTP 308 redirect - RFC7538
affectsVersions:3.1 (end of life),4.5.6
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1946?filter=allopenissues
3. commons-io commons-io
version: 2.6
Jira issues:
.gitattributes not correctly applied
affectsVersions:2.6
https://issues.apache.org/jira/projects/IO/issues/IO-516?filter=allopenissues
FilenameUtils.normalize should verify hostname syntax in UNC path
affectsVersions:2.6
https://issues.apache.org/jira/projects/IO/issues/IO-559?filter=allopenissues
Missing Javadoc in FilenameUtils causing Travis-CI build to fail
affectsVersions:2.6
https://issues.apache.org/jira/projects/IO/issues/IO-570?filter=allopenissues
Sincerely~
FDU Software Engineering Lab
Feb 15th, 2019
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
