Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Your project impetus-opensource Kundera is using buggy third-party libraries [WARNING] #1033

Open
FDUSELAB2 opened this issue Mar 14, 2019 · 0 comments
Open

Your project impetus-opensource Kundera is using buggy third-party libraries [WARNING] #1033

FDUSELAB2 opened this issue Mar 14, 2019 · 0 comments

Comments

@FDUSELAB2
Copy link

Hi, there!

We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.

We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. We have analyzed the api call related to the following libraries and found one library that is using the API call that might invoke buggy methods in the library of the history.

  1. commons-lang commons-lang
    version: 2.4
    API call in your project:org.apache.commons.lang.builder.HashCodeBuilder.toIdentityHashCodeInteger(Object)

Jira issues:
StringEscapeUtils.escapeJava(String) escapes '/' characters
version:2.4
Fix case-insensitive string handling
version:2.4
StringEscapeUtils.escapeHTML() does not escape chars (0x00-0x20)
version:2.4
DateUtils.round doesn't work correct for Calendar.AM_PM
version:2.4
Lower Ascii Characters don't get encoded by Entities.java
version:2.4
Issue in HashCodeBuilder which only shows up under high load multi-threaded usage.
version:2.4
Ant build file does not include ReflectTestSuite
version:2.4
EqualsBuilder and HashCodeBuilder treat java.math.BigDecimal inconsistantly and break general contract of hashCode
version:2.4
JDK 1.5 build/runtime failure on LANG-393 (EqualsBuilder)
version:2.4
ExtendedMessageFormat: OutOfMemory with custom format registry and a pattern containing single quotes
version:2.4
parseDate cannot parse ISO8601 dates produced by FastDateFormat
version:2.4
DateFormatUtils.format does not correctly change Calendar TimeZone in certain situations
version:2.4
StringUtils replaceEach - Bug or Missing Documentation
version:2.4
Javadoc wrong for StringUtils startsWith; startsWithIgnoreCase; endsWith and endsWithIgnoreCase
version:2.4
HashCodeBuilder reflectionAppend creates unnecessary copy of excludeFields
version:2.4
ExceptionUtils uses mutable lock target
version:2.4
ClassUtils.toClass(Object[]) throws NPE on null array element
version:2.4
StringUtils lastIndexOf(String str; char searchChar; int startPos) not working
version:2.4
2. org.apache.httpcomponents httpclient
version: 4.2.6
Jira issues:
ClientConnectionManager should honor context classloader
version:4.2.6
3. commons-logging commons-logging
version: 1.1.1
Jira issues:
Unit tests fail on linux with java16
version:1.1.1
deadlock on re-registration of logger
version:1.1.1
Potential missing privileged block for class loader
version:1.1.1
Log4JLogger uses deprecated static members of Priority such as INFO
version:1.1.1
LogFactory/LogFactoryImpl ingore Throwable
version:1.1.1
LogFactory.nullClassLoaderFactory is not properly synchronized
version:1.1.1
SimpleLog.log - unsafe update of shortLogName
version:1.1.1
BufferedReader is not closed properly
version:1.1.1;1.2
4. commons-io commons-io
version: 2.4
Jira issues:
IOUtils copyLarge() and skip() methods are performance hogs
version:2.3;2.4
CharSequenceInputStream#reset() behaves incorrectly in case when buffer size is not dividable by data size
version:2.4
[Tailer] InterruptedException while the thead is sleeping is silently ignored
version:2.4
IOUtils.contentEquals* methods returns false if input1 == input2; should return true
version:2.4
Apache Commons - standard links for documents are failing
version:2.4
Links are broken on User Guide....
version:2.4
FileUtils.sizeOfDirectoryAsBigInteger can overflow
version:2.4
Regression in FileUtils.readFileToString from 2.0.1
version:2.1;2.2;2.3;2.4
Correct exception message in FileUtils.getFile(File; String...)
version:2.4
org.apache.commons.io.FileUtils#waitFor waits too long
version:2.4
getPrefixLength return -1 if unix file contains colon
version:2.4
FilenameUtils should handle embedded null bytes
version:2.4
Exceptions are suppressed incorrectly when copying files.
version:2.4;2.5
5. commons-codec commons-codec
version: 1.2
Jira issues:
org.apache.commons.codec.net.URLCodec.ESCAPE_CHAR isn't final but should be
version:1.2;1.3;1.4
Change name of urldecode and urlencode in URLCodec
version:1.2
Provide a package.html for org/apache/commons/codec/net
version:1.2
[codec] Alterations to Binary.java and its unit test for 1.3 release
version:1.2
[Codec] Default URL encoding logic broken
version:1.2
Base64 chunked encoding not compliant with RFC 2045 section 2.1 CRLF
version:1.2
[codec] Hex converts illegal characters to 255
version:1.2
All links to fixed bugs in the "Changes Report" http://commons.apache.org/codec/changes-report.html point nowhere; e.g. http://issues.apache.org/jira/browse/34157. Looks as if all JIRA tickets were renumbered.
version:1.1;1.2;1.3;1.4
6. commons-codec commons-codec
version: 1.8
Jira issues:
Beider Morse does not close Scanners used to read config files.
version:1.8

Sincerely~
FDU Software Engineering Lab
Marth 14th,2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@FDUSELAB2