[jira] [Commented] (DL-212) Your project twitter/distributedlog is using buggy third-party libraries [WARNING]

Kaifeng Huang (JIRA) Mon, 07 Jan 2019 22:36:13 -0800


    [ 
https://issues.apache.org/jira/browse/DL-212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16736796#comment-16736796
 ]


Kaifeng Huang commented on DL-212:
----------------------------------

ask for closing the issue for incomplete bug information.

> Your project twitter/distributedlog is using buggy third-party libraries 
> [WARNING]
> ----------------------------------------------------------------------------------
>
>                 Key: DL-212
>                 URL: https://issues.apache.org/jira/browse/DL-212
>             Project: DistributedLog
>          Issue Type: Bug
>            Reporter: Kaifeng Huang
>            Priority: Minor
>
> Hi, there!
> We are a research team working on third-party library analysis. We have found 
> that some widely-used third-party libraries in your project have 
> major/critical bugs, which will degrade the quality of your project. We 
> highly recommend you to update those libraries to new versions.    
> We have attached the buggy third-party libraries and corresponding jira issue 
> links below for you to have more detailed information.
>       1  commons-cli commons-cli (distributedlog-core/pom.xml)
>       version: 1.1
>       Jira issues:
>       CLI_1_BRANCH build.xml doesn't work
>       affectsVersions:1.1
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-129?filter=allopenissues
>       MissingOptionException.getMessage() changed from CLI 1.0 > 1.1
>       affectsVersions:1.1
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-149?filter=allopenissues
>       Incomplete usage documentation about Java property option
>       affectsVersions:1.0;1.1
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-154?filter=allopenissues
>       infinite loop in the wrapping code of HelpFormatter
>       affectsVersions:1.1
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-162?filter=allopenissues
>       PosixParser keeps bursting tokens even if a non option character is 
> found
>       affectsVersions:1.1
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-163?filter=allopenissues
>       PosixParser ignores unrecognized tokens starting with '-'
>       affectsVersions:1.1
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-164?filter=allopenissues
>       PosixParser keeps processing tokens after a non unrecognized long option
>       affectsVersions:1.1
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-165?filter=allopenissues
>       Unable to select a pure long option in a group
>       affectsVersions:1.0;1.1;1.2
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-182?filter=allopenissues
>       Clear the selection from the groups before parsing
>       affectsVersions:1.0;1.1;1.2
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-183?filter=allopenissues
>       Negative arguments should take the priority over numerical options
>       affectsVersions:1.1
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-184?filter=allopenissues
>       Commons CLI incorrectly stripping leading and trailing quotes
>       affectsVersions:1.1;1.2
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-185?filter=allopenissues
>       Standard help text will not show mandatory arguments for first option
>       affectsVersions:1.1
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-186?filter=allopenissues
>       2  commons-codec commons-codec (distributedlog-protocol/pom.xml)
>       version: 1.6
>       Jira issues:
>       QuotedPrintableCodec does not support soft line break per the 
> 'quoted-printable' example on Wikipedia
>       affectsVersions:1.5;1.6
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-121?filter=allopenissues
>       BeiderMorseEncoder OOM issues
>       affectsVersions:1.6
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-132?filter=allopenissues
>       BeiderMorse phonetic filter give uncertain results 
>       affectsVersions:1.6
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-147?filter=allopenissues
>       DigestUtils.getDigest(String) looses the orginal exception
>       affectsVersions:1.6
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-152?filter=allopenissues
>       DigestUtils.getDigest(String) should throw IllegalArgumentException 
> instead of RuntimeException
>       affectsVersions:1.6
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-155?filter=allopenissues
>       DigestUtils: add APIs named after standard alg name SHA-1
>       affectsVersions:1.6
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-156?filter=allopenissues
>       BaseNCodecOutputStream only supports writing EOF on close()
>       affectsVersions:1.6
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-183?filter=allopenissues
>       3  org.apache.commons commons-lang3 
> (distributedlog-core/pom.xml,distributedlog-client/pom.xml)
>       version: 3.3.2
>       Jira issues:
>       ISO 8601 misspelled throughout the Javadocs
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1001?filter=allopenissues
>       Several predefined ISO FastDateFormats in DateFormatUtils are incorrect
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1002?filter=allopenissues
>       DurationFormatUtils are not able to handle negative durations/periods
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1003?filter=allopenissues
>       DurationFormatUtils#formatDurationHMS implementation does not 
> correspond to Javadoc and vice versa
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1004?filter=allopenissues
>       NumberUtils.createNumber(final String str)  Precision will be lost
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1018?filter=allopenissues
>       Javadoc for EqualsBuilder.reflectionEquals() is unclear
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1035?filter=allopenissues
>       NumberUtils#isNumber() returns false for "+2" and true for "-2"
>       affectsVersions:3.1;3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1038?filter=allopenissues
>       Javadoc for NumberUtils.isNumber() are not clear enough
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1040?filter=allopenissues
>       Fix MethodUtilsTest so it does not depend on JDK method ordering
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1041?filter=allopenissues
>       StrSubstitutor.replaceSystemProperties does not work consistently
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1055?filter=allopenissues
>       NumberUtils.isNumber assumes number starting with Zero is octal
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1060?filter=allopenissues
>       FastDateParser error - timezones not handled correctly
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1061?filter=allopenissues
>       Wrong formating of time zones with daylight saving time in 
> FastDatePrinter
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1092?filter=allopenissues
>       TypeUtils.ParameterizedType#equals doesn't work with wildcard types
>       affectsVersions:3.3.2;3.4
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1114?filter=allopenissues
>       Fix bug with stripping spaces on last line in WordUtils.wrap() 
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-995?filter=allopenissues
>       FastDateFormat is case sensitive
>       affectsVersions:3.3.2
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-996?filter=allopenissues
>       NumberUtils#createNumber() returns positive BigDecimal when negative 
> Float is expected
>       affectsVersions:3.x
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1087?filter=allopenissues
>       4  commons-lang commons-lang (distributedlog-protocol/pom.xml)
>       version: 2.6
>       Jira issues:
>       Remove unnecessary synchronization from registry lookup in 
> EqualsBuilder and HashCodeBuilder
>       affectsVersions:2.6
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1230?filter=allopenissues
>       LocaleUtils - DCL idiom is not thread-safe
>       affectsVersions:2.6
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-803?filter=allopenissues
>       Exception when combining custom and choice format in 
> ExtendedMessageFormat
>       affectsVersions:2.5;2.6
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-917?filter=allopenissues
> Sincerely~
> FDU Software Engineering Lab
> [email protected]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (DL-212) Your project twitter/distributedlog is using buggy third-party libraries [WARNING]

Reply via email to