[
https://issues.apache.org/jira/browse/CALCITE-2849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Risden closed CALCITE-2849.
---------------------------------
Resolution: Invalid
Fix Version/s: (was: 1.19.0)
Closing as invalid since no response to questions.
> Your project apache/calcite is using buggy third-party libraries [WARNING]
> --------------------------------------------------------------------------
>
> Key: CALCITE-2849
> URL: https://issues.apache.org/jira/browse/CALCITE-2849
> Project: Calcite
> Issue Type: Bug
> Reporter: Kaifeng Huang
> Priority: Minor
>
> Hi, there!
> We are a research team working on third-party library analysis. We have
> found that some widely-used third-party libraries in your project have
> major/critical bugs, which will degrade the quality of your project. We
> highly recommend you to update those libraries to new versions.
> We have attached the buggy third-party libraries and corresponding jira
> issue links below for you to have more detailed information.
> 1. org.apache.httpcomponents httpclient
> version: 4.5.6
> Jira issues:
> Support relatively new HTTP 308 redirect - RFC7538
> affectsVersions:3.1 (end of life),4.5.6
>
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1946?filter=allopenissues
> 2. org.apache.commons commons-lang3
> version: 3.8
> Jira issues:
> Restore BundleSymbolicName / regression in version 3.8.0
> affectsVersions:3.8
>
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1419?filter=allopenissues
> 3. commons-io commons-io
> version: 2.4
> Jira issues:
> IOUtils copyLarge() and skip() methods are performance hogs
> affectsVersions:2.3;2.4
>
> https://issues.apache.org/jira/projects/IO/issues/IO-355?filter=allopenissues
> CharSequenceInputStream#reset() behaves incorrectly in case when buffer
> size is not dividable by data size
> affectsVersions:2.4
>
> https://issues.apache.org/jira/projects/IO/issues/IO-356?filter=allopenissues
> [Tailer] InterruptedException while the thead is sleeping is silently
> ignored
> affectsVersions:2.4
>
> https://issues.apache.org/jira/projects/IO/issues/IO-357?filter=allopenissues
> IOUtils.contentEquals* methods returns false if input1 == input2;
> should return true
> affectsVersions:2.4
>
> https://issues.apache.org/jira/projects/IO/issues/IO-362?filter=allopenissues
> Apache Commons - standard links for documents are failing
> affectsVersions:2.4
>
> https://issues.apache.org/jira/projects/IO/issues/IO-369?filter=allopenissues
> FileUtils.sizeOfDirectoryAsBigInteger can overflow
> affectsVersions:2.4
>
> https://issues.apache.org/jira/projects/IO/issues/IO-390?filter=allopenissues
> Regression in FileUtils.readFileToString from 2.0.1
> affectsVersions:2.1;2.2;2.3;2.4
>
> https://issues.apache.org/jira/projects/IO/issues/IO-453?filter=allopenissues
> Correct exception message in FileUtils.getFile(File; String...)
> affectsVersions:2.4
>
> https://issues.apache.org/jira/projects/IO/issues/IO-479?filter=allopenissues
> org.apache.commons.io.FileUtils#waitFor waits too long
> affectsVersions:2.4
>
> https://issues.apache.org/jira/projects/IO/issues/IO-481?filter=allopenissues
> FilenameUtils should handle embedded null bytes
> affectsVersions:2.4
>
> https://issues.apache.org/jira/projects/IO/issues/IO-484?filter=allopenissues
> Exceptions are suppressed incorrectly when copying files.
> affectsVersions:2.4;2.5
>
> https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues
> 4. org.apache.logging.log4j log4j-core
> version: 2.11.0
> Jira issues:
> Log4j2 throws NoClassDefFoundError in Java 9
> affectsVersions:2.10.0;2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2129?filter=allopenissues
> Empty Automatic-Module-Name Header
> affectsVersions:2.10.0;2.11.0;3.0.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2254?filter=allopenissues
> gc-free mixed async loging loses parameter values after the first
> appender
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2301?filter=allopenissues
> Log4j 2.10+not working with SLF4J 1.8 in OSGI environment
> affectsVersions:2.10.0;2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2305?filter=allopenissues
> AsyncQueueFullMessageUtil causes unparsable message output
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2318?filter=allopenissues
> AbstractLogger NPE hides actual cause when getFormat returns null
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2320?filter=allopenissues
> AsyncLogger without specifying a level always uses ERROR
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2321?filter=allopenissues
> Errors thrown in formatting may stop background threads
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2333?filter=allopenissues
> JsonLayout not working with AsyncLoggerContextSelector in 2.11.0
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2341?filter=allopenissues
> Typo in log4j-api Activator
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2343?filter=allopenissues
> PropertiesUtil.reload() might throw NullPointerException
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2355?filter=allopenissues
> NameAbbreviator skips first fragments
> affectsVersions:2.11.0;2.11.1
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2365?filter=allopenissues
> Outputs wrong message when used within overridden Throwable method
> affectsVersions:2.8.1;2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2368?filter=allopenissues
> StringBuilder escapeJson performs unnecessary Memory Allocations
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2373?filter=allopenissues
> fix the CacheEntry map in ThrowableProxy#toExtendedStackTrace to be put
> and gotten with same key
> affectsVersions:2.6.2;2.7;2.8;2.8.1;2.8.2;2.9.0;2.9.1;2.10.0;2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2389?filter=allopenissues
> Fix incorrect links in Log4j web documentation.
> affectsVersions:2.11.0
>
> https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2390?filter=allopenissues
> 5. org.apache.commons commons-lang3
> version: 3.2
> Jira issues:
> SerializationUtils.ClassLoaderAwareObjectInputStream should use static
> initializer to initialize primitiveTypes map.
> affectsVersions:3.2;3.3;3.4
>
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1251?filter=allopenissues
> Build fails with test failures when building with JDK 8
> affectsVersions:3.2
>
> https://issues.apache.org/jira/projects/LANG/issues/LANG-938?filter=allopenissues
> Test DurationFormatUtilsTest.testEdgeDuration fails in JDK 1.6; 1.7 and
> 1.8; BRST time zone
> affectsVersions:3.1;3.2;3.2.1
>
> https://issues.apache.org/jira/projects/LANG/issues/LANG-943?filter=allopenissues
> Exception while using ExtendedMessageFormat and escaping braces
> affectsVersions:3.2;3.2.1
>
> https://issues.apache.org/jira/projects/LANG/issues/LANG-948?filter=allopenissues
> org.apache.commons.lang3.reflect.FieldUtils.removeFinalModifier(Field)
> does not clean up after itself
> affectsVersions:3.2;3.2.1
>
> https://issues.apache.org/jira/projects/LANG/issues/LANG-961?filter=allopenissues
> NumberUtils#createNumber() returns positive BigDecimal when negative
> Float is expected
> affectsVersions:3.x
>
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1087?filter=allopenissues
> Sincerely~
> FDU Software Engineering Lab
> Feb 15th,2019
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
