Kaifeng Huang created DL-213:
--------------------------------
Summary: Your project twitter/distributedlog is using buggy
third-party libraries [WARNING]
Key: DL-213
URL: https://issues.apache.org/jira/browse/DL-213
Project: DistributedLog
Issue Type: Bug
Reporter: Kaifeng Huang
Hi, there!
We are a research team working on third-party library analysis. We have
found that some widely-used third-party libraries in your project have
major/critical bugs, which will degrade the quality of your project. We highly
recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira
issue links below for you to have more detailed information.
1. commons-cli commons-cli
version: 1.1
Jira issues:
CLI_1_BRANCH build.xml doesn't work
affectsVersions:1.1
https://issues.apache.org/jira/projects/CLI/issues/CLI-129?filter=allopenissues
MissingOptionException.getMessage() changed from CLI 1.0 > 1.1
affectsVersions:1.1
https://issues.apache.org/jira/projects/CLI/issues/CLI-149?filter=allopenissues
Incomplete usage documentation about Java property option
affectsVersions:1.0;1.1
https://issues.apache.org/jira/projects/CLI/issues/CLI-154?filter=allopenissues
infinite loop in the wrapping code of HelpFormatter
affectsVersions:1.1
https://issues.apache.org/jira/projects/CLI/issues/CLI-162?filter=allopenissues
PosixParser keeps bursting tokens even if a non option character is
found
affectsVersions:1.1
https://issues.apache.org/jira/projects/CLI/issues/CLI-163?filter=allopenissues
PosixParser ignores unrecognized tokens starting with '-'
affectsVersions:1.1
https://issues.apache.org/jira/projects/CLI/issues/CLI-164?filter=allopenissues
PosixParser keeps processing tokens after a non unrecognized long option
affectsVersions:1.1
https://issues.apache.org/jira/projects/CLI/issues/CLI-165?filter=allopenissues
Unable to select a pure long option in a group
affectsVersions:1.0;1.1;1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-182?filter=allopenissues
Clear the selection from the groups before parsing
affectsVersions:1.0;1.1;1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-183?filter=allopenissues
Negative arguments should take the priority over numerical options
affectsVersions:1.1
https://issues.apache.org/jira/projects/CLI/issues/CLI-184?filter=allopenissues
Commons CLI incorrectly stripping leading and trailing quotes
affectsVersions:1.1;1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-185?filter=allopenissues
Standard help text will not show mandatory arguments for first option
affectsVersions:1.1
https://issues.apache.org/jira/projects/CLI/issues/CLI-186?filter=allopenissues
2. commons-codec commons-codec
version: 1.6
Jira issues:
QuotedPrintableCodec does not support soft line break per the
'quoted-printable' example on Wikipedia
affectsVersions:1.5;1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-121?filter=allopenissues
BeiderMorseEncoder OOM issues
affectsVersions:1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-132?filter=allopenissues
BeiderMorse phonetic filter give uncertain results
affectsVersions:1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-147?filter=allopenissues
DigestUtils.getDigest(String) looses the orginal exception
affectsVersions:1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-152?filter=allopenissues
DigestUtils.getDigest(String) should throw IllegalArgumentException
instead of RuntimeException
affectsVersions:1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-155?filter=allopenissues
DigestUtils: add APIs named after standard alg name SHA-1
affectsVersions:1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-156?filter=allopenissues
BaseNCodecOutputStream only supports writing EOF on close()
affectsVersions:1.6
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-183?filter=allopenissues
3. org.apache.commons commons-lang3
version: 3.3.2
Jira issues:
ISO 8601 misspelled throughout the Javadocs
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-1001?filter=allopenissues
Several predefined ISO FastDateFormats in DateFormatUtils are incorrect
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-1002?filter=allopenissues
DurationFormatUtils are not able to handle negative durations/periods
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-1003?filter=allopenissues
DurationFormatUtils#formatDurationHMS implementation does not
correspond to Javadoc and vice versa
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-1004?filter=allopenissues
NumberUtils.createNumber(final String str) Precision will be lost
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-1018?filter=allopenissues
Javadoc for EqualsBuilder.reflectionEquals() is unclear
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-1035?filter=allopenissues
NumberUtils#isNumber() returns false for "+2" and true for "-2"
affectsVersions:3.1;3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-1038?filter=allopenissues
Javadoc for NumberUtils.isNumber() are not clear enough
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-1040?filter=allopenissues
Fix MethodUtilsTest so it does not depend on JDK method ordering
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-1041?filter=allopenissues
StrSubstitutor.replaceSystemProperties does not work consistently
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-1055?filter=allopenissues
NumberUtils.isNumber assumes number starting with Zero is octal
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-1060?filter=allopenissues
FastDateParser error - timezones not handled correctly
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-1061?filter=allopenissues
Wrong formating of time zones with daylight saving time in
FastDatePrinter
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-1092?filter=allopenissues
TypeUtils.ParameterizedType#equals doesn't work with wildcard types
affectsVersions:3.3.2;3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1114?filter=allopenissues
Fix bug with stripping spaces on last line in WordUtils.wrap()
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-995?filter=allopenissues
FastDateFormat is case sensitive
affectsVersions:3.3.2
https://issues.apache.org/jira/projects/LANG/issues/LANG-996?filter=allopenissues
NumberUtils#createNumber() returns positive BigDecimal when negative
Float is expected
affectsVersions:3.x
https://issues.apache.org/jira/projects/LANG/issues/LANG-1087?filter=allopenissues
4. commons-lang commons-lang
version: 2.6
Jira issues:
Remove unnecessary synchronization from registry lookup in
EqualsBuilder and HashCodeBuilder
affectsVersions:2.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-1230?filter=allopenissues
LocaleUtils - DCL idiom is not thread-safe
affectsVersions:2.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-803?filter=allopenissues
Exception when combining custom and choice format in
ExtendedMessageFormat
affectsVersions:2.5;2.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-917?filter=allopenissues
Sincerely~
FDU Software Engineering Lab
Feb 15th, 2019
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
