[ https://issues.apache.org/jira/browse/CALCITE-2849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Risden closed CALCITE-2849. --------------------------------- Resolution: Invalid Fix Version/s: (was: 1.19.0) Closing as invalid since no response to questions. > Your project apache/calcite is using buggy third-party libraries [WARNING] > -------------------------------------------------------------------------- > > Key: CALCITE-2849 > URL: https://issues.apache.org/jira/browse/CALCITE-2849 > Project: Calcite > Issue Type: Bug > Reporter: Kaifeng Huang > Priority: Minor > > Hi, there! > We are a research team working on third-party library analysis. We have > found that some widely-used third-party libraries in your project have > major/critical bugs, which will degrade the quality of your project. We > highly recommend you to update those libraries to new versions. > We have attached the buggy third-party libraries and corresponding jira > issue links below for you to have more detailed information. > 1. org.apache.httpcomponents httpclient > version: 4.5.6 > Jira issues: > Support relatively new HTTP 308 redirect - RFC7538 > affectsVersions:3.1 (end of life),4.5.6 > > https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1946?filter=allopenissues > 2. org.apache.commons commons-lang3 > version: 3.8 > Jira issues: > Restore BundleSymbolicName / regression in version 3.8.0 > affectsVersions:3.8 > > https://issues.apache.org/jira/projects/LANG/issues/LANG-1419?filter=allopenissues > 3. commons-io commons-io > version: 2.4 > Jira issues: > IOUtils copyLarge() and skip() methods are performance hogs > affectsVersions:2.3;2.4 > > https://issues.apache.org/jira/projects/IO/issues/IO-355?filter=allopenissues > CharSequenceInputStream#reset() behaves incorrectly in case when buffer > size is not dividable by data size > affectsVersions:2.4 > > https://issues.apache.org/jira/projects/IO/issues/IO-356?filter=allopenissues > [Tailer] InterruptedException while the thead is sleeping is silently > ignored > affectsVersions:2.4 > > https://issues.apache.org/jira/projects/IO/issues/IO-357?filter=allopenissues > IOUtils.contentEquals* methods returns false if input1 == input2; > should return true > affectsVersions:2.4 > > https://issues.apache.org/jira/projects/IO/issues/IO-362?filter=allopenissues > Apache Commons - standard links for documents are failing > affectsVersions:2.4 > > https://issues.apache.org/jira/projects/IO/issues/IO-369?filter=allopenissues > FileUtils.sizeOfDirectoryAsBigInteger can overflow > affectsVersions:2.4 > > https://issues.apache.org/jira/projects/IO/issues/IO-390?filter=allopenissues > Regression in FileUtils.readFileToString from 2.0.1 > affectsVersions:2.1;2.2;2.3;2.4 > > https://issues.apache.org/jira/projects/IO/issues/IO-453?filter=allopenissues > Correct exception message in FileUtils.getFile(File; String...) > affectsVersions:2.4 > > https://issues.apache.org/jira/projects/IO/issues/IO-479?filter=allopenissues > org.apache.commons.io.FileUtils#waitFor waits too long > affectsVersions:2.4 > > https://issues.apache.org/jira/projects/IO/issues/IO-481?filter=allopenissues > FilenameUtils should handle embedded null bytes > affectsVersions:2.4 > > https://issues.apache.org/jira/projects/IO/issues/IO-484?filter=allopenissues > Exceptions are suppressed incorrectly when copying files. > affectsVersions:2.4;2.5 > > https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues > 4. org.apache.logging.log4j log4j-core > version: 2.11.0 > Jira issues: > Log4j2 throws NoClassDefFoundError in Java 9 > affectsVersions:2.10.0;2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2129?filter=allopenissues > Empty Automatic-Module-Name Header > affectsVersions:2.10.0;2.11.0;3.0.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2254?filter=allopenissues > gc-free mixed async loging loses parameter values after the first > appender > affectsVersions:2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2301?filter=allopenissues > Log4j 2.10+not working with SLF4J 1.8 in OSGI environment > affectsVersions:2.10.0;2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2305?filter=allopenissues > AsyncQueueFullMessageUtil causes unparsable message output > affectsVersions:2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2318?filter=allopenissues > AbstractLogger NPE hides actual cause when getFormat returns null > affectsVersions:2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2320?filter=allopenissues > AsyncLogger without specifying a level always uses ERROR > affectsVersions:2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2321?filter=allopenissues > Errors thrown in formatting may stop background threads > affectsVersions:2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2333?filter=allopenissues > JsonLayout not working with AsyncLoggerContextSelector in 2.11.0 > affectsVersions:2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2341?filter=allopenissues > Typo in log4j-api Activator > affectsVersions:2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2343?filter=allopenissues > PropertiesUtil.reload() might throw NullPointerException > affectsVersions:2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2355?filter=allopenissues > NameAbbreviator skips first fragments > affectsVersions:2.11.0;2.11.1 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2365?filter=allopenissues > Outputs wrong message when used within overridden Throwable method > affectsVersions:2.8.1;2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2368?filter=allopenissues > StringBuilder escapeJson performs unnecessary Memory Allocations > affectsVersions:2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2373?filter=allopenissues > fix the CacheEntry map in ThrowableProxy#toExtendedStackTrace to be put > and gotten with same key > affectsVersions:2.6.2;2.7;2.8;2.8.1;2.8.2;2.9.0;2.9.1;2.10.0;2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2389?filter=allopenissues > Fix incorrect links in Log4j web documentation. > affectsVersions:2.11.0 > > https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2390?filter=allopenissues > 5. org.apache.commons commons-lang3 > version: 3.2 > Jira issues: > SerializationUtils.ClassLoaderAwareObjectInputStream should use static > initializer to initialize primitiveTypes map. > affectsVersions:3.2;3.3;3.4 > > https://issues.apache.org/jira/projects/LANG/issues/LANG-1251?filter=allopenissues > Build fails with test failures when building with JDK 8 > affectsVersions:3.2 > > https://issues.apache.org/jira/projects/LANG/issues/LANG-938?filter=allopenissues > Test DurationFormatUtilsTest.testEdgeDuration fails in JDK 1.6; 1.7 and > 1.8; BRST time zone > affectsVersions:3.1;3.2;3.2.1 > > https://issues.apache.org/jira/projects/LANG/issues/LANG-943?filter=allopenissues > Exception while using ExtendedMessageFormat and escaping braces > affectsVersions:3.2;3.2.1 > > https://issues.apache.org/jira/projects/LANG/issues/LANG-948?filter=allopenissues > org.apache.commons.lang3.reflect.FieldUtils.removeFinalModifier(Field) > does not clean up after itself > affectsVersions:3.2;3.2.1 > > https://issues.apache.org/jira/projects/LANG/issues/LANG-961?filter=allopenissues > NumberUtils#createNumber() returns positive BigDecimal when negative > Float is expected > affectsVersions:3.x > > https://issues.apache.org/jira/projects/LANG/issues/LANG-1087?filter=allopenissues > Sincerely~ > FDU Software Engineering Lab > Feb 15th,2019 -- This message was sent by Atlassian JIRA (v7.6.3#76005)