[jira] [Created] (TINKERPOP-2162) Your project apache/tinkerpop is using buggy third-party libraries [WARNING]

Kaifeng Huang (JIRA) Fri, 15 Feb 2019 01:51:11 -0800

Kaifeng Huang created TINKERPOP-2162:
----------------------------------------


             Summary: Your project apache/tinkerpop is using buggy third-party 
libraries [WARNING]
                 Key: TINKERPOP-2162
                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2162
             Project: TinkerPop
          Issue Type: Bug
            Reporter: Kaifeng Huang



Hi, there!

    We are a research team working on third-party library analysis. We have 
found that some widely-used third-party libraries in your project have 
major/critical bugs, which will degrade the quality of your project. We highly 
recommend you to update those libraries to new versions.

    We have attached the buggy third-party libraries and corresponding jira 
issue links below for you to have more detailed information.

        1. org.slf4j slf4j-api
        version: 1.7.12

        Jira issues:
        Initializing org.slf4j.helpers.Util fails if SecurityManager denies 
"createSecurityManager"
        affectsVersions:1.7.12
        https://jira.qos.ch/projects/SLF4J/issues/SLF4J-324?filter=allopenissues
        jul-to-slf4j inconsistent message format
        affectsVersions:1.7.12
        https://jira.qos.ch/projects/SLF4J/issues/SLF4J-337?filter=allopenissues


        2. org.apache.httpcomponents httpclient
        version: 4.5.5

        Jira issues:
        connection leak issue when OutOfMemory
        affectsVersions:4.5.3;4.5.4;4.5.5
        
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1924?filter=allopenissues


        3. commons-io commons-io
        version: 2.4

        Jira issues:
        IOUtils copyLarge() and skip() methods are performance hogs
        affectsVersions:2.3;2.4
        
https://issues.apache.org/jira/projects/IO/issues/IO-355?filter=allopenissues
        CharSequenceInputStream#reset() behaves incorrectly in case when buffer 
size is not dividable by data size
        affectsVersions:2.4
        
https://issues.apache.org/jira/projects/IO/issues/IO-356?filter=allopenissues
        [Tailer] InterruptedException while the thead is sleeping is silently 
ignored
        affectsVersions:2.4
        
https://issues.apache.org/jira/projects/IO/issues/IO-357?filter=allopenissues
        IOUtils.contentEquals* methods returns false if input1 == input2; 
should return true
        affectsVersions:2.4
        
https://issues.apache.org/jira/projects/IO/issues/IO-362?filter=allopenissues
        Apache Commons - standard links for documents are failing
        affectsVersions:2.4
        
https://issues.apache.org/jira/projects/IO/issues/IO-369?filter=allopenissues
        FileUtils.sizeOfDirectoryAsBigInteger can overflow
        affectsVersions:2.4
        
https://issues.apache.org/jira/projects/IO/issues/IO-390?filter=allopenissues
        Regression in FileUtils.readFileToString from 2.0.1
        affectsVersions:2.1;2.2;2.3;2.4
        
https://issues.apache.org/jira/projects/IO/issues/IO-453?filter=allopenissues
        Correct exception message in FileUtils.getFile(File; String...)
        affectsVersions:2.4
        
https://issues.apache.org/jira/projects/IO/issues/IO-479?filter=allopenissues
        org.apache.commons.io.FileUtils#waitFor waits too long
        affectsVersions:2.4
        
https://issues.apache.org/jira/projects/IO/issues/IO-481?filter=allopenissues
        FilenameUtils should handle embedded null bytes
        affectsVersions:2.4
        
https://issues.apache.org/jira/projects/IO/issues/IO-484?filter=allopenissues
        Exceptions are suppressed incorrectly when copying files.
        affectsVersions:2.4;2.5
        
https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues


        4. commons-codec commons-codec
        version: 1.6

        Jira issues:
        QuotedPrintableCodec does not support soft line break per the 
'quoted-printable' example on Wikipedia
        affectsVersions:1.5;1.6
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-121?filter=allopenissues
        BeiderMorseEncoder OOM issues
        affectsVersions:1.6
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-132?filter=allopenissues
        BeiderMorse phonetic filter give uncertain results 
        affectsVersions:1.6
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-147?filter=allopenissues
        DigestUtils.getDigest(String) looses the orginal exception
        affectsVersions:1.6
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-152?filter=allopenissues
        DigestUtils.getDigest(String) should throw IllegalArgumentException 
instead of RuntimeException
        affectsVersions:1.6
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-155?filter=allopenissues
        DigestUtils: add APIs named after standard alg name SHA-1
        affectsVersions:1.6
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-156?filter=allopenissues
        BaseNCodecOutputStream only supports writing EOF on close()
        affectsVersions:1.6
        
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-183?filter=allopenissues


        5. org.slf4j jcl-over-slf4j
        version: 1.7.21

        Jira issues:
        Cannot re-initialize the SimpleLogger anymore.
        affectsVersions:1.7.21
        https://jira.qos.ch/projects/SLF4J/issues/SLF4J-370?filter=allopenissues
        Marker lost in EventRecodingLogger
        affectsVersions:1.7.21
        https://jira.qos.ch/projects/SLF4J/issues/SLF4J-379?filter=allopenissues
        Support for JCL 1.2
        affectsVersions:1.7.21
        https://jira.qos.ch/projects/SLF4J/issues/SLF4J-383?filter=allopenissues


        6. org.slf4j slf4j-api
        version: 1.7.21

        Jira issues:
        Cannot re-initialize the SimpleLogger anymore.
        affectsVersions:1.7.21
        https://jira.qos.ch/projects/SLF4J/issues/SLF4J-370?filter=allopenissues
        Marker lost in EventRecodingLogger
        affectsVersions:1.7.21
        https://jira.qos.ch/projects/SLF4J/issues/SLF4J-379?filter=allopenissues
        Support for JCL 1.2
        affectsVersions:1.7.21
        https://jira.qos.ch/projects/SLF4J/issues/SLF4J-383?filter=allopenissues


        7. commons-lang commons-lang
        version: 2.6

        Jira issues:
        Remove unnecessary synchronization from registry lookup in 
EqualsBuilder and HashCodeBuilder
        affectsVersions:2.6
        
https://issues.apache.org/jira/projects/LANG/issues/LANG-1230?filter=allopenissues
        LocaleUtils - DCL idiom is not thread-safe
        affectsVersions:2.6
        
https://issues.apache.org/jira/projects/LANG/issues/LANG-803?filter=allopenissues
        Exception when combining custom and choice format in 
ExtendedMessageFormat
        affectsVersions:2.5;2.6
        
https://issues.apache.org/jira/projects/LANG/issues/LANG-917?filter=allopenissues


        8. org.apache.commons commons-lang3
        version: 3.3.1

        Jira issues:
        NumberUtils#createNumber() returns positive BigDecimal when negative 
Float is expected
        affectsVersions:3.x
        
https://issues.apache.org/jira/projects/LANG/issues/LANG-1087?filter=allopenissues




Sincerely~
FDU Software Engineering Lab
Feb 15th, 2019




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (TINKERPOP-2162) Your project apache/tinkerpop is using buggy third-party libraries [WARNING]

Reply via email to