[jira] [Created] (HBASE-21912) Your project apache/hbase is using buggy third-party libraries [WARNING]

Kaifeng Huang (JIRA) Fri, 15 Feb 2019 00:11:44 -0800

Kaifeng Huang created HBASE-21912:
-------------------------------------

             Summary: Your project apache/hbase is using buggy third-party 
libraries [WARNING]
                 Key: HBASE-21912
                 URL: https://issues.apache.org/jira/browse/HBASE-21912
             Project: HBase
          Issue Type: Bug
            Reporter: Kaifeng Huang




Hi, there!

    We are a research team working on third-party library analysis. We have 
found that some widely-used third-party libraries in your project have 
major/critical bugs, which will degrade the quality of your project. We highly 
recommend you to update those libraries to new versions.

    We have attached the buggy third-party libraries and corresponding jira 
issue links below for you to have more detailed information.

        1. commons-logging commons-logging(pom.xml)
        version: 1.2

        Jira issues:
        BufferedReader is not closed properly
        affectsVersions:1.1.1,1.2
        
https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-163?filter=allopenissues


        2. org.apache.httpcomponents httpclient(pom.xml)
        version: 4.5.3

        Jira issues:
        Possible bug in URIBuilder
        affectsVersions:4.5.3
        
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1831?filter=allopenissues
        RuntimeException from WindowsNegotiateScheme: Unexpected token
        affectsVersions:4.5.3
        
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1833?filter=allopenissues
        DefaultServiceUnavailableRetryStrategy does not respect 
HttpEntity#isRepeatable
        affectsVersions:4.5.3
        
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1865?filter=allopenissues
        connection should revert to SocketConfig's soTimeout
        affectsVersions:4.5.3
        
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1879?filter=allopenissues
        NTLM authentication against ntlm.herokuapp.com
        affectsVersions:4.5.3
        
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1881?filter=allopenissues
        connection leak issue when OutOfMemory
        affectsVersions:4.5.3;4.5.4;4.5.5
        
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1924?filter=allopenissues
        org.apache.http.conn.ssl.SSLSocketFactory no longer throws 
ConnectTimeoutException
        affectsVersions:4.5.3
        
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1940?filter=allopenissues


        3. commons-io commons-io(pom.xml)
        version: 2.5

        Jira issues:
        ant test fails - resources missing from test classpath
        affectsVersions:2.5
        
https://issues.apache.org/jira/projects/IO/issues/IO-451?filter=allopenissues
        Exceptions are suppressed incorrectly when copying files.
        affectsVersions:2.4;2.5
        
https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues
        ThresholdingOutputStream.thresholdReached() results in 
FileNotFoundException
        affectsVersions:2.5
        
https://issues.apache.org/jira/projects/IO/issues/IO-512?filter=allopenissues
        Tailer.run race condition runaway logging
        affectsVersions:2.5
        
https://issues.apache.org/jira/projects/IO/issues/IO-528?filter=allopenissues
        Thread bug in FileAlterationMonitor#stop(int)
        affectsVersions:2.5
        
https://issues.apache.org/jira/projects/IO/issues/IO-535?filter=allopenissues
        2.5 ExceptionInInitializerError
        affectsVersions:2.5
        
https://issues.apache.org/jira/projects/IO/issues/IO-536?filter=allopenissues


        4. commons-codec commons-codec(pom.xml)
        version: 1.10

        Jira issues:
        Bug in HW rule in Soundex
        affectsVersions:1.10
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-199?filter=allopenissues
        Charsets Javadoc breaks build when using Java 8
        affectsVersions:1.10
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-207?filter=allopenissues
        Javadoc for SHA-224 DigestUtils methods should mention Java 1.8.0 
restriction instead of 1.4.0
        affectsVersions:1.10
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-209?filter=allopenissues
        Don't deprecate Charsets Charset constants in favor of Java 7's 
java.nio.charset.StandardCharsets
        affectsVersions:1.10
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-219?filter=allopenissues
        HmacUtils.updateHmac calls reset() unnecessarily
        affectsVersions:1.10
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-221?filter=allopenissues
        InputStream not closed
        affectsVersions:1.10;1.11
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-225?filter=allopenissues
        StringUtils.newStringxxx(null) should return null; not NPE
        affectsVersions:1.10
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-229?filter=allopenissues
        URLCodec.WWW_FORM_URL should be private
        affectsVersions:1.10
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-230?filter=allopenissues
        StringUtils.equals(CharSequence cs1; CharSequence cs2) can fail with 
String Index OBE
        affectsVersions:1.10
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-231?filter=allopenissues
        URLCodec is neither immutable nor threadsafe
        affectsVersions:1.10
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-232?filter=allopenissues


        5. org.apache.commons commons-lang3(pom.xml)
        version: 3.6

        Jira issues:
        StackOverflowError on TypeUtils.toString(...) for a generic return type 
of Enum.valueOf
        affectsVersions:3.6
        
https://issues.apache.org/jira/projects/LANG/issues/LANG-1348?filter=allopenissues
        EqualsBuilder#isRegistered: swappedPair construction bug
        affectsVersions:3.6
        
https://issues.apache.org/jira/projects/LANG/issues/LANG-1349?filter=allopenissues
        ConstructorUtils.invokeConstructor(Class; Object...) regression
        affectsVersions:3.5;3.6
        
https://issues.apache.org/jira/projects/LANG/issues/LANG-1350?filter=allopenissues
        TimeZone.getTimeZone() in FastDateParser causes resource contention
        affectsVersions:3.6
        
https://issues.apache.org/jira/projects/LANG/issues/LANG-1355?filter=allopenissues
        org.apache.commons.lang3.time.FastDateParser should use 
toUpperCase(Locale)
        affectsVersions:3.6
        
https://issues.apache.org/jira/projects/LANG/issues/LANG-1357?filter=allopenissues
        ExceptionUtils.getThrowableList() is using deprecated 
ExceptionUtils.getCause()
        affectsVersions:3.6
        
https://issues.apache.org/jira/projects/LANG/issues/LANG-1361?filter=allopenissues
        ExceptionUtils#getRootCause(Throwable t) should return t if no lower 
level cause exists
        affectsVersions:3.6
        
https://issues.apache.org/jira/projects/LANG/issues/LANG-1364?filter=allopenissues




Sincerely~
FDU Software Engineering Lab
Feb 15th,2019




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (HBASE-21912) Your project apache/hbase is using buggy third-party libraries [WARNING]

Reply via email to