[jira] [Closed] (FLUME-3318) Your project cloudera/flume is using buggy third-party libraries [WARNING]

Ralph Goers (Jira) Fri, 07 Oct 2022 23:47:08 -0700


     [ 
https://issues.apache.org/jira/browse/FLUME-3318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ralph Goers closed FLUME-3318.
------------------------------

> Your project cloudera/flume is using buggy third-party libraries [WARNING]
> --------------------------------------------------------------------------
>
>                 Key: FLUME-3318
>                 URL: https://issues.apache.org/jira/browse/FLUME-3318
>             Project: Flume
>          Issue Type: Bug
>            Reporter: Kaifeng Huang
>            Priority: Major
>             Fix For: 1.10.0
>
>
> Hi, there!
>     We are a research team working on third-party library analysis. We have 
> found that some widely-used third-party libraries in your project have 
> major/critical bugs, which will degrade the quality of your project. We 
> highly recommend you to update those libraries to new versions.
>     We have attached the buggy third-party libraries and corresponding jira 
> issue links below for you to have more detailed information.
>       1. commons-cli commons-cli
>       version: 1.2
>       Jira issues:
>       Unable to select a pure long option in a group
>       affectsVersions:1.0;1.1;1.2
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-182?filter=allopenissues
>       Clear the selection from the groups before parsing
>       affectsVersions:1.0;1.1;1.2
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-183?filter=allopenissues
>       Commons CLI incorrectly stripping leading and trailing quotes
>       affectsVersions:1.1;1.2
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-185?filter=allopenissues
>       Coding error: OptionGroup.setSelected causes 
> java.lang.NullPointerException
>       affectsVersions:1.2
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-191?filter=allopenissues
>       StringIndexOutOfBoundsException in HelpFormatter.findWrapPos
>       affectsVersions:1.2
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-193?filter=allopenissues
>       HelpFormatter strips leading whitespaces in the footer
>       affectsVersions:1.2
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-207?filter=allopenissues
>       OptionBuilder only has static methods; yet many return an OptionBuilder 
> instance
>       affectsVersions:1.2
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-224?filter=allopenissues
>       Unable to properly require options
>       affectsVersions:1.2
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-230?filter=allopenissues
>       OptionValidator Implementation Does Not Agree With JavaDoc
>       affectsVersions:1.2
>       
> https://issues.apache.org/jira/projects/CLI/issues/CLI-241?filter=allopenissues
>       2. commons-collections commons-collections
>       version: 3.1
>       Jira issues:
>       [collections] CircularFifoBuffer not really Serializable
>       affectsVersions:3.1
>       
> https://issues.apache.org/jira/projects/COLLECTIONS/issues/COLLECTIONS-122?filter=allopenissues
>       Inconsistent Javadoc comment and code for synchronizedMap(Map) in 
> org.apache.commons.collections.MapUtils
>       affectsVersions:3.0;3.1;3.2
>       
> https://issues.apache.org/jira/projects/COLLECTIONS/issues/COLLECTIONS-384?filter=allopenissues
>       [collections] FastArrayList iterator method throwing 
> ConcurrentModificationException in 'fast' mode
>       affectsVersions:3.1
>       
> https://issues.apache.org/jira/projects/COLLECTIONS/issues/COLLECTIONS-59?filter=allopenissues
>       3. commons-codec commons-codec
>       version: 1.3
>       Jira issues:
>       [codec] Using US_ENGLISH static in Soundex causes NPE
>       affectsVersions:1.3
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-10?filter=allopenissues
>       org.apache.commons.codec.net.URLCodec.ESCAPE_CHAR isn't final but 
> should be
>       affectsVersions:1.2;1.3;1.4
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-111?filter=allopenissues
>       [codec] Base64.isArrayByteBase64() throws an 
> ArrayIndexOutOfBoundsException for negative octets.
>       affectsVersions:1.3
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-22?filter=allopenissues
>       [codec] Source tarball spews files all over the place
>       affectsVersions:1.3
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-6?filter=allopenissues
>       Base64.encodeBase64() throws NegativeArraySizeException on large files
>       affectsVersions:1.3
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-61?filter=allopenissues
>       Fix case-insensitive string handling
>       affectsVersions:1.3
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-65?filter=allopenissues
>       Make string2byte conversions indepedent of platform default encoding
>       affectsVersions:1.3
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-73?filter=allopenissues
>       All links to fixed bugs in the "Changes Report" 
> http://commons.apache.org/codec/changes-report.html point nowhere; e.g. 
> http://issues.apache.org/jira/browse/34157. Looks as if all JIRA tickets were 
> renumbered.
>       affectsVersions:1.1;1.2;1.3;1.4
>       
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-76?filter=allopenissues
>       4. commons-lang commons-lang
>       version: 2.5
>       Jira issues:
>       Testing with JDK 1.7
>       affectsVersions:2.5
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-593?filter=allopenissues
>       Some StringUtils methods should take an int character instead of char 
> to use String API features.
>       affectsVersions:2.5
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-608?filter=allopenissues
>       SystemUtils.getJavaVersionAsFloat throws 
> StringIndexOutOfBoundsException on Android runtime/Dalvik VM
>       affectsVersions:2.5
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-624?filter=allopenissues
>       NumberUtils createNumber throws a StringIndexOutOfBoundsException when 
> argument containing "e" and "E" is passed in
>       affectsVersions:2.5
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-638?filter=allopenissues
>       FastDateFormat.format() outputs incorrect week of year because locale 
> isn't respected
>       affectsVersions:2.5
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-645?filter=allopenissues
>       Exception when combining custom and choice format in 
> ExtendedMessageFormat
>       affectsVersions:2.5;2.6
>       
> https://issues.apache.org/jira/projects/LANG/issues/LANG-917?filter=allopenissues
> Sincerely~
> FDU Software Engineering Lab
> Feb 15th, 2019



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Closed] (FLUME-3318) Your project cloudera/flume is using buggy third-party libraries [WARNING]

Reply via email to