[jira] [Commented] (HBASE-21912) Your project apache/hbase is using buggy third-party libraries [WARNING]

Fri, 15 Feb 2019 01:04:47 -0800 


    [ 
https://issues.apache.org/jira/browse/HBASE-21912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16769095#comment-16769095
 ] 

Duo Zhang commented on HBASE-21912:
-----------------------------------

Thanks a lot. We will try to clean up or upgrade the dependencies. At least for 
2.x branches we have switched to use slf4j so I do not think we still need to 
depend on commons-logging.

> Your project apache/hbase is using buggy third-party libraries [WARNING]
> ------------------------------------------------------------------------
>
>                 Key: HBASE-21912
>                 URL: https://issues.apache.org/jira/browse/HBASE-21912
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Kaifeng Huang
>            Priority: Major
>
> Hi, there!
>     We are a research team working on third-party library analysis. We have 
> found that some widely-used third-party libraries in your project have 
> major/critical bugs, which will degrade the quality of your project. We 
> highly recommend you to update those libraries to new versions.
>     We have attached the buggy third-party libraries and corresponding jira 
> issue links below for you to have more detailed information.
>       1. commons-logging commons-logging(pom.xml)
>       version: 1.2
>       Jira issues:
>       BufferedReader is not closed properly
>       affectsVersions:1.1.1,1.2
>       
> https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-163?filter=allopenissues
>       2. org.apache.httpcomponents httpclient(pom.xml)
>       version: 4.5.3
>       Jira issues:
>       Possible bug in URIBuilder
>       affectsVersions:4.5.3
>       
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1831?filter=allopenissues
>       RuntimeException from WindowsNegotiateScheme: Unexpected token
>       affectsVersions:4.5.3
>       
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1833?filter=allopenissues
>       DefaultServiceUnavailableRetryStrategy does not respect 
> HttpEntity#isRepeatable
>       affectsVersions:4.5.3
>       
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1865?filter=allopenissues
>       connection should revert to SocketConfig's soTimeout
>       affectsVersions:4.5.3
>       
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1879?filter=allopenissues
>       NTLM authentication against ntlm.herokuapp.com
>       affectsVersions:4.5.3
>       
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1881?filter=allopenissues
>       connection leak issue when OutOfMemory
>       affectsVersions:4.5.3;4.5.4;4.5.5
>       
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1924?filter=allopenissues
>       org.apache.http.conn.ssl.SSLSocketFactory no longer throws 
> ConnectTimeoutException
>       affectsVersions:4.5.3
>       
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1940?filter=allopenissues
>       3. commons-io commons-io(pom.xml)
>       version: 2.5
>       Jira issues:
>       ant test fails - resources missing from test classpath
>       affectsVersions:2.5
>       
> https://issues.apache.org/jira/projects/IO/issues/IO-451?filter=allopenissues
>       Exceptions are suppressed incorrectly when copying files.
>       affectsVersions:2.4;2.5
>       
> https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues
>       ThresholdingOutputStream.thresholdReached() results in 
> FileNotFoundException
>       affectsVersions:2.5
>       
> https://issues.apache.org/jira/projects/IO/issues/IO-512?filter=allopenissues
>       Tailer.run race condition runaway logging
>       affectsVersions:2.5
>       
> https://issues.apache.org/jira/projects/IO/issues/IO-528?filter=allopenissues
>       Thread bug in FileAlterationMonitor#stop(int)
>       affectsVersions:2.5
>       
> https://issues.apache.org/jira/projects/IO/issues/IO-535?filter=allopenissues
>       2.5 ExceptionInInitializerError
>       affectsVersions:2.5
>       
> https://issues.apache.org/jira/projects/IO/issues/IO-536?filter=allopenissues
>       4. commons-codec commons-codec(pom.xml)
>       version: 1.10
>       Jira issues:
>       Bug in HW rule in Soundex
>       affectsVersions:1.10
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-199?filter=allopenissues
>       Charsets Javadoc breaks build when using Java 8
>       affectsVersions:1.10
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-207?filter=allopenissues
>       Javadoc for SHA-224 DigestUtils methods should mention Java 1.8.0 
> restriction instead of 1.4.0
>       affectsVersions:1.10
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-209?filter=allopenissues
>       Don't deprecate Charsets Charset constants in favor of Java 7's 
> java.nio.charset.StandardCharsets
>       affectsVersions:1.10
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-219?filter=allopenissues
>       HmacUtils.updateHmac calls reset() unnecessarily
>       affectsVersions:1.10
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-221?filter=allopenissues
>       InputStream not closed
>       affectsVersions:1.10;1.11
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-225?filter=allopenissues
>       StringUtils.newStringxxx(null) should return null; not NPE
>       affectsVersions:1.10
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-229?filter=allopenissues
>       URLCodec.WWW_FORM_URL should be private
>       affectsVersions:1.10
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-230?filter=allopenissues
>       StringUtils.equals(CharSequence cs1; CharSequence cs2) can fail with 
> String Index OBE
>       affectsVersions:1.10
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-231?filter=allopenissues
>       URLCodec is neither immutable nor threadsafe
>       affectsVersions:1.10
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-232?filter=allopenissues
>       5. org.apache.commons commons-lang3(pom.xml)
>       version: 3.6
>       Jira issues:
>       StackOverflowError on TypeUtils.toString(...) for a generic return type 
> of Enum.valueOf
>       affectsVersions:3.6
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1348?filter=allopenissues
>       EqualsBuilder#isRegistered: swappedPair construction bug
>       affectsVersions:3.6
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1349?filter=allopenissues
>       ConstructorUtils.invokeConstructor(Class; Object...) regression
>       affectsVersions:3.5;3.6
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1350?filter=allopenissues
>       TimeZone.getTimeZone() in FastDateParser causes resource contention
>       affectsVersions:3.6
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1355?filter=allopenissues
>       org.apache.commons.lang3.time.FastDateParser should use 
> toUpperCase(Locale)
>       affectsVersions:3.6
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1357?filter=allopenissues
>       ExceptionUtils.getThrowableList() is using deprecated 
> ExceptionUtils.getCause()
>       affectsVersions:3.6
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1361?filter=allopenissues
>       ExceptionUtils#getRootCause(Throwable t) should return t if no lower 
> level cause exists
>       affectsVersions:3.6
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1364?filter=allopenissues
> Sincerely~
> FDU Software Engineering Lab
> Feb 15th,2019



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to