Kaifeng Huang created SLF4J-454:
-----------------------------------
Summary: Your project qos-ch/slf4j is using buggy third-party
libraries [WARNING]
Key: SLF4J-454
URL: https://jira.qos.ch/browse/SLF4J-454
Project: SLF4J
Issue Type: Bug
Environment: Hi, there!
We are a research team working on third-party library analysis. We have found
that some widely-used third-party libraries in your project have major/critical
bugs, which will degrade the quality of your project. We highly recommend you
to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue
links below for you to have more detailed information.
1. commons-lang commons-lang
version: 2.4
Jira issues:
Fix case-insensitive string handling
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-432?filter=allopenissues
StringEscapeUtils.escapeHTML() does not escape chars (0x00-0x20)
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-439?filter=allopenissues
DateUtils.round doesn't work correct for Calendar.AM_PM
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-440?filter=allopenissues
Lower Ascii Characters don't get encoded by Entities.java
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-448?filter=allopenissues
Issue in HashCodeBuilder which only shows up under high load multi-threaded
usage.
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-459?filter=allopenissues
Ant build file does not include ReflectTestSuite
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-463?filter=allopenissues
EqualsBuilder and HashCodeBuilder treat java.math.BigDecimal inconsistantly
and break general contract of hashCode
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-467?filter=allopenissues
JDK 1.5 build/runtime failure on LANG-393 (EqualsBuilder)
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-468?filter=allopenissues
ExtendedMessageFormat: OutOfMemory with custom format registry and a pattern
containing single quotes
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-477?filter=allopenissues
parseDate cannot parse ISO8601 dates produced by FastDateFormat
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-530?filter=allopenissues
DateFormatUtils.format does not correctly change Calendar TimeZone in certain
situations
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-538?filter=allopenissues
StringUtils replaceEach - Bug or Missing Documentation
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-552?filter=allopenissues
Javadoc wrong for StringUtils startsWith; startsWithIgnoreCase; endsWith and
endsWithIgnoreCase
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-557?filter=allopenissues
HashCodeBuilder reflectionAppend creates unnecessary copy of excludeFields
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-575?filter=allopenissues
ExceptionUtils uses mutable lock target
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-584?filter=allopenissues
ClassUtils.toClass(Object[]) throws NPE on null array element
affectsVersions:2.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-587?filter=allopenissues
Sincerely~
FDU Software Engineering Lab
Feb 15th, 2019
Reporter: Kaifeng Huang
Assignee: SLF4J developers list
--
This message was sent by Atlassian JIRA
(v7.3.1#73012)
_______________________________________________
slf4j-dev mailing list
slf4j-dev@qos.ch
http://mailman.qos.ch/mailman/listinfo/slf4j-dev
