---------- Forwarded message --------- From: FDU-SE-LAB <notificati...@github.com> Date: Sun, Jan 6, 2019 at 8:33 PM Subject: [apache/bookkeeper] Your project apache/bookkeeper is using buggy third-party libraries [WARNING] (#1896) To: apache/bookkeeper <bookkee...@noreply.github.com> Cc: Subscribed <subscri...@noreply.github.com>
Hi, there! We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions. We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. 1 commons-cli commons-cli (pom.xml) version: 1.2 Jira issues: Unable to select a pure long option in a group affectsVersions:1.0;1.1;1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-182?filter=allopenissues Clear the selection from the groups before parsing affectsVersions:1.0;1.1;1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-183?filter=allopenissues Commons CLI incorrectly stripping leading and trailing quotes affectsVersions:1.1;1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-185?filter=allopenissues Coding error: OptionGroup.setSelected causes java.lang.NullPointerException affectsVersions:1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-191?filter=allopenissues StringIndexOutOfBoundsException in HelpFormatter.findWrapPos affectsVersions:1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-193?filter=allopenissues HelpFormatter strips leading whitespaces in the footer affectsVersions:1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-207?filter=allopenissues OptionBuilder only has static methods; yet many return an OptionBuilder instance affectsVersions:1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-224?filter=allopenissues Unable to properly require options affectsVersions:1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-230?filter=allopenissues OptionValidator Implementation Does Not Agree With JavaDoc affectsVersions:1.2 https://issues.apache.org/jira/projects/CLI/issues/CLI-241?filter=allopenissues 2 commons-io commons-io (pom.xml) version: 2.4 Jira issues: IOUtils copyLarge() and skip() methods are performance hogs affectsVersions:2.3;2.4 https://issues.apache.org/jira/projects/IO/issues/IO-355?filter=allopenissues CharSequenceInputStream#reset() behaves incorrectly in case when buffer size is not dividable by data size affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-356?filter=allopenissues [Tailer] InterruptedException while the thead is sleeping is silently ignored affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-357?filter=allopenissues IOUtils.contentEquals* methods returns false if input1 == input2; should return true affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-362?filter=allopenissues Apache Commons - standard links for documents are failing affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-369?filter=allopenissues FileUtils.sizeOfDirectoryAsBigInteger can overflow affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-390?filter=allopenissues Regression in FileUtils.readFileToString from 2.0.1 affectsVersions:2.1;2.2;2.3;2.4 https://issues.apache.org/jira/projects/IO/issues/IO-453?filter=allopenissues Correct exception message in FileUtils.getFile(File; String...) affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-479?filter=allopenissues org.apache.commons.io.FileUtils#waitFor waits too long affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-481?filter=allopenissues FilenameUtils should handle embedded null bytes affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-484?filter=allopenissues Exceptions are suppressed incorrectly when copying files. affectsVersions:2.4;2.5 https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues 3 commons-codec commons-codec (pom.xml) version: 1.6 Jira issues: QuotedPrintableCodec does not support soft line break per the 'quoted-printable' example on Wikipedia affectsVersions:1.5;1.6 https://issues.apache.org/jira/projects/CODEC/issues/CODEC-121?filter=allopenissues BeiderMorseEncoder OOM issues affectsVersions:1.6 https://issues.apache.org/jira/projects/CODEC/issues/CODEC-132?filter=allopenissues BeiderMorse phonetic filter give uncertain results affectsVersions:1.6 https://issues.apache.org/jira/projects/CODEC/issues/CODEC-147?filter=allopenissues DigestUtils.getDigest(String) looses the orginal exception affectsVersions:1.6 https://issues.apache.org/jira/projects/CODEC/issues/CODEC-152?filter=allopenissues DigestUtils.getDigest(String) should throw IllegalArgumentException instead of RuntimeException affectsVersions:1.6 https://issues.apache.org/jira/projects/CODEC/issues/CODEC-155?filter=allopenissues DigestUtils: add APIs named after standard alg name SHA-1 affectsVersions:1.6 https://issues.apache.org/jira/projects/CODEC/issues/CODEC-156?filter=allopenissues BaseNCodecOutputStream only supports writing EOF on close() affectsVersions:1.6 https://issues.apache.org/jira/projects/CODEC/issues/CODEC-183?filter=allopenissues 4 commons-lang commons-lang (pom.xml) version: 2.6 Jira issues: Remove unnecessary synchronization from registry lookup in EqualsBuilder and HashCodeBuilder affectsVersions:2.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1230?filter=allopenissues LocaleUtils - DCL idiom is not thread-safe affectsVersions:2.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-803?filter=allopenissues Exception when combining custom and choice format in ExtendedMessageFormat affectsVersions:2.5;2.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-917?filter=allopenissues 5 org.apache.commons commons-lang3 (pom.xml) version: 3.6 Jira issues: StackOverflowError on TypeUtils.toString(...) for a generic return type of Enum.valueOf affectsVersions:3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1348?filter=allopenissues EqualsBuilder#isRegistered: swappedPair construction bug affectsVersions:3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1349?filter=allopenissues ConstructorUtils.invokeConstructor(Class; Object...) regression affectsVersions:3.5;3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1350?filter=allopenissues TimeZone.getTimeZone() in FastDateParser causes resource contention affectsVersions:3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1355?filter=allopenissues org.apache.commons.lang3.time.FastDateParser should use toUpperCase(Locale) affectsVersions:3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1357?filter=allopenissues ExceptionUtils.getThrowableList() is using deprecated ExceptionUtils.getCause() affectsVersions:3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1361?filter=allopenissues ExceptionUtils#getRootCause(Throwable t) should return t if no lower level cause exists affectsVersions:3.6 https://issues.apache.org/jira/projects/LANG/issues/LANG-1364?filter=allopenissues Sincerely~ FDU Software Engineering Lab Jan 7th,2019 — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <https://github.com/apache/bookkeeper/issues/1896>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAChrq_m-gzAn0huRMRn1DMdgvnd-0ZPks5vAs4wgaJpZM4Zy2Po> . -- Jvrao --- First they ignore you, then they laugh at you, then they fight you, then you win. - Mahatma Gandhi
