Hi, there! We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. 1. org.apache.logging.log4j log4j-core(pom.xml) version: 2.11.1 Jira issues: NameAbbreviator skips first fragments affectsVersions:2.11.0,2.11.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2365?filter=allopenissues Predeployment of PersistenceUnit that using Log4j as session logger failed (#198) affectsVersions:2.11.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2397?filter=allopenissues Exceptions are added to all columns when a JDBC Appender's ColumnMapping uses a Pattern affectsVersions:2.11.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2413?filter=allopenissues NullPointerException when closing never used RollingRandomAccessFileAppender affectsVersions:2.10.0,2.11.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2418?filter=allopenissues AbstractAppender.setHandler(null) should not set a null ErrorHandler affectsVersions:3.0.0,2.11.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2441?filter=allopenissues ErrorHandler should be invoked with the failing LogEvent when possible affectsVersions:3.0.0,2.11.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2444?filter=allopenissues RollingRandomAccessFileManager ignores new file patterns from programmatic reconfiguration affectsVersions:2.11.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2457?filter=allopenissues ColumnMapping literal not working affectsVersions:2.11.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2466?filter=allopenissues org.apache.log4j.SimpleLayout and ConsoleAppender missing in log4j-1.2-api affectsVersions:2.11.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2476?filter=allopenissues BasicContextSelector cannot be used in a OSGI application affectsVersions:2.11.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2482?filter=allopenissues 2. org.apache.httpcomponents httpclient(dubbo-dependencies-bom/pom.xml) version: 4.5.3 Jira issues: Possible bug in URIBuilder affectsVersions:4.5.3 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1831?filter=allopenissues RuntimeException from WindowsNegotiateScheme: Unexpected token affectsVersions:4.5.3 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1833?filter=allopenissues DefaultServiceUnavailableRetryStrategy does not respect HttpEntity#isRepeatable affectsVersions:4.5.3 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1865?filter=allopenissues connection should revert to SocketConfig's soTimeout affectsVersions:4.5.3 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1879?filter=allopenissues NTLM authentication against ntlm.herokuapp.com affectsVersions:4.5.3 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1881?filter=allopenissues connection leak issue when OutOfMemory affectsVersions:4.5.3;4.5.4;4.5.5 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1924?filter=allopenissues org.apache.http.conn.ssl.SSLSocketFactory no longer throws ConnectTimeoutException affectsVersions:4.5.3 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1940?filter=allopenissues 3. commons-logging commons-logging(dubbo-dependencies-bom/pom.xml) version: 1.2 Jira issues: BufferedReader is not closed properly affectsVersions:1.1.1;1.2 https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-163?filter=allopenissues Sincerely~ FDU Software Engineering Lab Jan 7th,2019 [ Full content available at: https://github.com/apache/incubator-dubbo/issues/3164 ] This message was relayed via gitbox.apache.org for [email protected]
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
