Kaifeng Huang created FLUME-3318:
------------------------------------
Summary: Your project cloudera/flume is using buggy third-party
libraries [WARNING]
Key: FLUME-3318
URL: https://issues.apache.org/jira/browse/FLUME-3318
Project: Flume
Issue Type: Bug
Reporter: Kaifeng Huang
Hi, there!
We are a research team working on third-party library analysis. We have
found that some widely-used third-party libraries in your project have
major/critical bugs, which will degrade the quality of your project. We highly
recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira
issue links below for you to have more detailed information.
1. commons-cli commons-cli
version: 1.2
Jira issues:
Unable to select a pure long option in a group
affectsVersions:1.0;1.1;1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-182?filter=allopenissues
Clear the selection from the groups before parsing
affectsVersions:1.0;1.1;1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-183?filter=allopenissues
Commons CLI incorrectly stripping leading and trailing quotes
affectsVersions:1.1;1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-185?filter=allopenissues
Coding error: OptionGroup.setSelected causes
java.lang.NullPointerException
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-191?filter=allopenissues
StringIndexOutOfBoundsException in HelpFormatter.findWrapPos
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-193?filter=allopenissues
HelpFormatter strips leading whitespaces in the footer
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-207?filter=allopenissues
OptionBuilder only has static methods; yet many return an OptionBuilder
instance
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-224?filter=allopenissues
Unable to properly require options
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-230?filter=allopenissues
OptionValidator Implementation Does Not Agree With JavaDoc
affectsVersions:1.2
https://issues.apache.org/jira/projects/CLI/issues/CLI-241?filter=allopenissues
2. commons-collections commons-collections
version: 3.1
Jira issues:
[collections] CircularFifoBuffer not really Serializable
affectsVersions:3.1
https://issues.apache.org/jira/projects/COLLECTIONS/issues/COLLECTIONS-122?filter=allopenissues
Inconsistent Javadoc comment and code for synchronizedMap(Map) in
org.apache.commons.collections.MapUtils
affectsVersions:3.0;3.1;3.2
https://issues.apache.org/jira/projects/COLLECTIONS/issues/COLLECTIONS-384?filter=allopenissues
[collections] FastArrayList iterator method throwing
ConcurrentModificationException in 'fast' mode
affectsVersions:3.1
https://issues.apache.org/jira/projects/COLLECTIONS/issues/COLLECTIONS-59?filter=allopenissues
3. commons-codec commons-codec
version: 1.3
Jira issues:
[codec] Using US_ENGLISH static in Soundex causes NPE
affectsVersions:1.3
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-10?filter=allopenissues
org.apache.commons.codec.net.URLCodec.ESCAPE_CHAR isn't final but
should be
affectsVersions:1.2;1.3;1.4
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-111?filter=allopenissues
[codec] Base64.isArrayByteBase64() throws an
ArrayIndexOutOfBoundsException for negative octets.
affectsVersions:1.3
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-22?filter=allopenissues
[codec] Source tarball spews files all over the place
affectsVersions:1.3
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-6?filter=allopenissues
Base64.encodeBase64() throws NegativeArraySizeException on large files
affectsVersions:1.3
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-61?filter=allopenissues
Fix case-insensitive string handling
affectsVersions:1.3
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-65?filter=allopenissues
Make string2byte conversions indepedent of platform default encoding
affectsVersions:1.3
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-73?filter=allopenissues
All links to fixed bugs in the "Changes Report"
http://commons.apache.org/codec/changes-report.html point nowhere; e.g.
http://issues.apache.org/jira/browse/34157. Looks as if all JIRA tickets were
renumbered.
affectsVersions:1.1;1.2;1.3;1.4
https://issues.apache.org/jira/projects/CODEC/issues/CODEC-76?filter=allopenissues
4. commons-lang commons-lang
version: 2.5
Jira issues:
Testing with JDK 1.7
affectsVersions:2.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-593?filter=allopenissues
Some StringUtils methods should take an int character instead of char
to use String API features.
affectsVersions:2.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-608?filter=allopenissues
SystemUtils.getJavaVersionAsFloat throws
StringIndexOutOfBoundsException on Android runtime/Dalvik VM
affectsVersions:2.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-624?filter=allopenissues
NumberUtils createNumber throws a StringIndexOutOfBoundsException when
argument containing "e" and "E" is passed in
affectsVersions:2.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-638?filter=allopenissues
FastDateFormat.format() outputs incorrect week of year because locale
isn't respected
affectsVersions:2.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-645?filter=allopenissues
Exception when combining custom and choice format in
ExtendedMessageFormat
affectsVersions:2.5;2.6
https://issues.apache.org/jira/projects/LANG/issues/LANG-917?filter=allopenissues
Sincerely~
FDU Software Engineering Lab
Feb 15th, 2019
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
