[jira] [Created] (TINKERPOP-2160) Your project tinkerpop/blueprints is using buggy third-party libraries [WARNING]

Fri, 15 Feb 2019 00:13:16 -0800 

Kaifeng Huang created TINKERPOP-2160:
----------------------------------------

             Summary:  Your project tinkerpop/blueprints is using buggy 
third-party libraries [WARNING]
                 Key: TINKERPOP-2160
                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2160
             Project: TinkerPop
          Issue Type: Bug
            Reporter: Kaifeng Huang



Hi, there!

    We are a research team working on third-party library analysis. We have 
found that some widely-used third-party libraries in your project have 
major/critical bugs, which will degrade the quality of your project. We highly 
recommend you to update those libraries to new versions.

    We have attached the buggy third-party libraries and corresponding jira 
issue links below for you to have more detailed information.

        1. commons-logging commons-logging(blueprints-core/pom.xml)
        version: 1.1.1

        Jira issues:
        Unit tests fail on linux with java16
        affectsVersions:1.1.1
        
https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-117?filter=allopenissues
        deadlock on re-registration of logger
        affectsVersions:1.1.1
        
https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-119?filter=allopenissues
        Potential missing privileged block for class loader
        affectsVersions:1.1.1
        
https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-130?filter=allopenissues
        Log4JLogger uses deprecated static members of Priority such as INFO
        affectsVersions:1.1.1
        
https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-142?filter=allopenissues
        LogFactory/LogFactoryImpl ingore Throwable
        affectsVersions:1.1.1
        
https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-144?filter=allopenissues
        LogFactory.nullClassLoaderFactory is not properly synchronized
        affectsVersions:1.1.1
        
https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-146?filter=allopenissues
        SimpleLog.log - unsafe update of shortLogName
        affectsVersions:1.1.1
        
https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-147?filter=allopenissues
        BufferedReader is not closed properly
        affectsVersions:1.1.1;1.2
        
https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-163?filter=allopenissues


        2. commons-codec commons-codec(blueprints-rexster-graph/pom.xml)
        version: 1.4

        Jira issues:
        Base64InputStream#read(byte[]) incorrectly returns 0 at end of any 
stream which is multiple of 3 bytes long
        affectsVersions:1.4
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-101?filter=allopenissues
        ArrayIndexOutOfBoundsException when doing multiple reads() on encoding 
Base64InputStream
        affectsVersions:1.4
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-105?filter=allopenissues
        org.apache.commons.codec.net.URLCodec.ESCAPE_CHAR isn't final but 
should be
        affectsVersions:1.2;1.3;1.4
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-111?filter=allopenissues
        org.apache.commons.codec.language.RefinedSoundex.US_ENGLISH_MAPPING 
should be package protected MALICIOUS_CODE
        affectsVersions:1.4
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-113?filter=allopenissues
        org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING should be 
package protected MALICIOUS_CODE
        affectsVersions:1.4
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-114?filter=allopenissues
        Caverphone encodes names starting and ending with "mb" incorrectly.
        affectsVersions:1.4
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-117?filter=allopenissues
        All links to fixed bugs in the "Changes Report" 
http://commons.apache.org/codec/changes-report.html point nowhere; e.g. 
http://issues.apache.org/jira/browse/34157. Looks as if all JIRA tickets were 
renumbered.
        affectsVersions:1.1;1.2;1.3;1.4
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-76?filter=allopenissues
        Regression:  Base64.encode(chunk=true) has bug when input length is 
multiple of 76
        affectsVersions:1.4
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-80?filter=allopenissues
        new Base64().encode() appends a CRLF; and chunks results into 76 
character lines
        affectsVersions:1.4
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-89?filter=allopenissues
        Base64 encode() method is no longer thread-safe; breaking clients using 
it as a shared BinaryEncoder
        affectsVersions:1.4
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-96?filter=allopenissues
        Base64 default constructor behaviour changed to enable chunking in 1.4
        affectsVersions:1.4
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-97?filter=allopenissues
        Base64InputStream causes NullPointerException on some input
        affectsVersions:1.4
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-98?filter=allopenissues
        Base64.encodeBase64String() shouldn't chunk
        affectsVersions:1.4
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-99?filter=allopenissues


        




Sincerely~
FDU Software Engineering Lab
Feb 15th,2019



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to