FDU-SE-LAB opened a new issue #3652: Your project linkedin/pinot is using buggy third-party libraries [WARNING] URL: https://github.com/apache/incubator-pinot/issues/3652 Hi, there! We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions. We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. 1 org.apache.httpcomponents httpclient (contrib/pinot-druid-benchmark/pom.xml) version: 4.5.1 Jira issues: Add convenience methods to fluent API class Request affectsVersions:4.5.1 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1696?filter=allopenissues GET request should support body affectsVersions:4.5.1 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1703?filter=allopenissues Delete obsolete clone method affectsVersions:4.5.1 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1709?filter=allopenissues NTLMEngineImpl.Type1Message not thread safe but declared as a constant affectsVersions:4.5.1 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1715?filter=allopenissues HttpClient 4.5.1 may perform multiple requests on the same connection despite having "Connection: close" header. affectsVersions:4.5.1 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1723?filter=allopenissues The deprecated SSLSocketFactory does not contain the SNI fix found in the SSLConnectionSocketFactory class affectsVersions:4.4.1;4.5.1 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1726?filter=allopenissues org.apache.http.impl.client.AbstractHttpClient#createClientConnectionManager Does not account for context class loader affectsVersions:4.4.1;4.5;4.5.1;4.5.2 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1727?filter=allopenissues Malformed path not handled well affectsVersions:4.5.1 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1803?filter=allopenissues NTLM authentication error: Unexpected state: MSG_TYPE3_GENERATED affectsVersions:4.5.1 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1882?filter=allopenissues 2 org.apache.httpcomponents httpclient (thirdeye/pom.xml) version: 4.5.2 Jira issues: org.apache.http.impl.client.AbstractHttpClient#createClientConnectionManager Does not account for context class loader affectsVersions:4.4.1;4.5;4.5.1;4.5.2 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1727?filter=allopenissues Memory Leak in OSGi support affectsVersions:4.4.1;4.5.2 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1749?filter=allopenissues SystemDefaultRoutePlanner: Possible null pointer dereference affectsVersions:4.5.2 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1766?filter=allopenissues Null pointer dereference in EofSensorInputStream and ResponseEntityProxy affectsVersions:4.5.2 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1767?filter=allopenissues [OSGi] WeakList needs to support "clear" method affectsVersions:4.5.2;5.0 Alpha1 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1772?filter=allopenissues [OSGi] HttpProxyConfigurationActivator does not unregister HttpClientBuilderFactory affectsVersions:4.5.2 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1773?filter=allopenissues Why is Retry around Redirect and not the other way round affectsVersions:4.5.2 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1800?filter=allopenissues 3 org.apache.httpcomponents httpclient (pom in maven central) version: 4.5.3 Jira issues: Possible bug in URIBuilder affectsVersions:4.5.3 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1831?filter=allopenissues RuntimeException from WindowsNegotiateScheme: Unexpected token affectsVersions:4.5.3 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1833?filter=allopenissues DefaultServiceUnavailableRetryStrategy does not respect HttpEntity#isRepeatable affectsVersions:4.5.3 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1865?filter=allopenissues connection should revert to SocketConfig's soTimeout affectsVersions:4.5.3 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1879?filter=allopenissues NTLM authentication against ntlm.herokuapp.com affectsVersions:4.5.3 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1881?filter=allopenissues connection leak issue when OutOfMemory affectsVersions:4.5.3;4.5.4;4.5.5 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1924?filter=allopenissues org.apache.http.conn.ssl.SSLSocketFactory no longer throws ConnectTimeoutException affectsVersions:4.5.3 https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1940?filter=allopenissues 4 commons-logging commons-logging (pom.xml) version: 1.2 Jira issues: BufferedReader is not closed properly affectsVersions:1.1.1;1.2 https://issues.apache.org/jira/projects/LOGGING/issues/LOGGING-163?filter=allopenissues 5 commons-cli commons-cli (pom.xml) version: 1.2 Jira issues: Unable to select a pure long option in a group affectsVersions:1.0;1.1;1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-182?filter=allopenissues Clear the selection from the groups before parsing affectsVersions:1.0;1.1;1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-183?filter=allopenissues Commons CLI incorrectly stripping leading and trailing quotes affectsVersions:1.1;1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-185?filter=allopenissues Coding error: OptionGroup.setSelected causes java.lang.NullPointerException affectsVersions:1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-191?filter=allopenissues StringIndexOutOfBoundsException in HelpFormatter.findWrapPos affectsVersions:1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-193?filter=allopenissues HelpFormatter strips leading whitespaces in the footer affectsVersions:1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-207?filter=allopenissues OptionBuilder only has static methods; yet many return an OptionBuilder instance affectsVersions:1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-224?filter=allopenissues Unable to properly require options affectsVersions:1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-230?filter=allopenissues OptionValidator Implementation Does Not Agree With JavaDoc affectsVersions:1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-241?filter=allopenissues 6 commons-cli commons-cli (thirdeye/pom.xml) version: 1.3 Jira issues: LongOpt falsely detected as ambiguous affectsVersions:1.3 https://issues.apache.org/jira/projects/CLI/issues/CLI-252?filter=allopenissues 7 commons-io commons-io (thirdeye/pom.xml,pom.xml) version: 2.4 Jira issues: IOUtils copyLarge() and skip() methods are performance hogs affectsVersions:2.3;2.4 https://issues.apache.org/jira/projects/IO/issues/IO-355?filter=allopenissues CharSequenceInputStream#reset() behaves incorrectly in case when buffer size is not dividable by data size affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-356?filter=allopenissues [Tailer] InterruptedException while the thead is sleeping is silently ignored affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-357?filter=allopenissues IOUtils.contentEquals* methods returns false if input1 == input2; should return true affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-362?filter=allopenissues Apache Commons - standard links for documents are failing affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-369?filter=allopenissues FileUtils.sizeOfDirectoryAsBigInteger can overflow affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-390?filter=allopenissues Regression in FileUtils.readFileToString from 2.0.1 affectsVersions:2.1;2.2;2.3;2.4 https://issues.apache.org/jira/projects/IO/issues/IO-453?filter=allopenissues Correct exception message in FileUtils.getFile(File; String...) affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-479?filter=allopenissues org.apache.commons.io.FileUtils#waitFor waits too long affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-481?filter=allopenissues FilenameUtils should handle embedded null bytes affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-484?filter=allopenissues Exceptions are suppressed incorrectly when copying files. affectsVersions:2.4;2.5 https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues 8 org.slf4j slf4j-api (thirdeye/pom.xml) version: 1.7.12 Jira issues: Initializing org.slf4j.helpers.Util fails if SecurityManager denies "createSecurityManager" affectsVersions:1.7.12 https://jira.qos.ch/projects/SLF4J/issues/SLF4J-324?filter=allopenissues jul-to-slf4j inconsistent message format affectsVersions:1.7.12 https://jira.qos.ch/projects/SLF4J/issues/SLF4J-337?filter=allopenissues 9 org.apache.commons commons-lang3 (thirdeye/pom.xml) version: 3.0 Jira issues: Depend on JDK 1.5+ affectsVersions:3.0 https://issues.apache.org/jira/projects/LANG/issues/LANG-11?filter=allopenissues ContextedRuntimeException no longer an 'unchecked' exception affectsVersions:3.0 https://issues.apache.org/jira/projects/LANG/issues/LANG-602?filter=allopenissues Some Entitys like Ö are not matched properly against its ISO8859-1 representation affectsVersions:3.0 https://issues.apache.org/jira/projects/LANG/issues/LANG-658?filter=allopenissues EntityArrays typo: {"\u2122"; "−"}; // minus sign; U+2212 ISOtech affectsVersions:3.0 https://issues.apache.org/jira/projects/LANG/issues/LANG-659?filter=allopenissues StringEscapeUtils.escapeXml(input) outputs wrong results when an input contains characters in Supplementary Planes. affectsVersions:3.0 https://issues.apache.org/jira/projects/LANG/issues/LANG-720?filter=allopenissues The CHAR_ARRAY cache in CharUtils duplicates the cache in java.lang.Character affectsVersions:3.0 https://issues.apache.org/jira/projects/LANG/issues/LANG-734?filter=allopenissues CharUtils static final array CHAR_STRING is not needed to compute CHAR_STRING_ARRAY affectsVersions:3.0 https://issues.apache.org/jira/projects/LANG/issues/LANG-736?filter=allopenissues NumberUtils does not handle upper-case hex: 0X and -0X affectsVersions:3.0;3.0.1 https://issues.apache.org/jira/projects/LANG/issues/LANG-746?filter=allopenissues NumberUtils#createNumber() returns positive BigDecimal when negative Float is expected affectsVersions:3.x https://issues.apache.org/jira/projects/LANG/issues/LANG-1087?filter=allopenissues 10 org.apache.commons commons-lang3 (pom.xml) version: 3.5 Jira issues: DateFormatUtilsTest.testSMTP depends on the default Locale affectsVersions:3.5 https://issues.apache.org/jira/projects/LANG/issues/LANG-1126?filter=allopenissues Multiple calls of org.apache.commons.lang3.concurrent.LazyInitializer.initialize() are possible affectsVersions:3.4;3.5 https://issues.apache.org/jira/projects/LANG/issues/LANG-1144?filter=allopenissues Performance regression due to cyclic hashCode guard affectsVersions:3.5 https://issues.apache.org/jira/projects/LANG/issues/LANG-1229?filter=allopenissues StrBuilder#replaceAll ArrayIndexOutOfBoundsException affectsVersions:3.2.1;3.4;3.5 https://issues.apache.org/jira/projects/LANG/issues/LANG-1276?filter=allopenissues NullPointerException in FastDateParser$TimeZoneStrategy affectsVersions:3.5 https://issues.apache.org/jira/projects/LANG/issues/LANG-1285?filter=allopenissues RandomStringUtils random method can overflow and return characters outside of specified range affectsVersions:3.5 https://issues.apache.org/jira/projects/LANG/issues/LANG-1286?filter=allopenissues RandomStringUtils#random can enter infinite loop if end parameter is to small affectsVersions:3.5 https://issues.apache.org/jira/projects/LANG/issues/LANG-1287?filter=allopenissues WordUtils.wrap throws StringIndexOutOfBoundsException affectsVersions:3.5 https://issues.apache.org/jira/projects/LANG/issues/LANG-1292?filter=allopenissues MethodUtils.invokeMethod throws ArrayStoreException if using varargs arguments and smaller types than the method defines affectsVersions:3.5 https://issues.apache.org/jira/projects/LANG/issues/LANG-1310?filter=allopenissues MultilineRecursiveToStringStyle StackOverflowError when object is an array affectsVersions:3.5 https://issues.apache.org/jira/projects/LANG/issues/LANG-1319?filter=allopenissues LocaleUtils#toLocale does not support language followed by UN M.49 numeric-3 area code followed by variant affectsVersions:3.5 https://issues.apache.org/jira/projects/LANG/issues/LANG-1320?filter=allopenissues ConstructorUtils.invokeConstructor(Class; Object...) regression affectsVersions:3.5;3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1350?filter=allopenissues 11 commons-lang commons-lang (thirdeye/pom.xml,pom.xml) version: 2.6 Jira issues: Remove unnecessary synchronization from registry lookup in EqualsBuilder and HashCodeBuilder affectsVersions:2.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1230?filter=allopenissues LocaleUtils - DCL idiom is not thread-safe affectsVersions:2.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-803?filter=allopenissues Exception when combining custom and choice format in ExtendedMessageFormat affectsVersions:2.5;2.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-917?filter=allopenissues Sincerely~ FDU Software Engineering Lab Jan 7th,2019
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@pinot.apache.org For additional commands, e-mail: dev-h...@pinot.apache.org
