You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. We have analyzed the api call related to the following libraries and found one library that is using the API call that might invoke buggy methods in the library of the history.
org.apache.httpcomponents httpclient
version: 4.2.3
API call in your project:org.apache.http.conn.ssl.SSLSocketFactory.createDefaultSSLContext()
Hi, there!
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. We have analyzed the api call related to the following libraries and found one library that is using the API call that might invoke buggy methods in the library of the history.
version: 4.2.3
API call in your project:org.apache.http.conn.ssl.SSLSocketFactory.createDefaultSSLContext()
Jira issues:
GzipDecompressingEntity does not release InputStream when an IOException occurs while reading the Gzip header
version:4.2.2;4.2.3
Unable to shutdown executor service used by AsynchronousValidator
version:4.2.3
FileNotFoundException on Cached Variant
version:4.2.3;4.2.4;4.3 Beta1
HttpClient -> local address binding does not work correctly
version:4.2.3
Certificate verification rejects IPv6 addresses which are not String-equal
version:4.2.3
SSLSocketFactory.createSystemSSLContext causes java.security.UnrecoverableKeyException: Password verification failed
version:4.2.2;4.2.3;4.2.4;4.3 Alpha1;4.3 Beta1;4.3 Final
SSL handshake exceptions are hidden from application
version:4.2.3
2. commons-logging commons-logging
version: 1.1.1
Jira issues:
Unit tests fail on linux with java16
version:1.1.1
deadlock on re-registration of logger
version:1.1.1
Potential missing privileged block for class loader
version:1.1.1
Log4JLogger uses deprecated static members of Priority such as INFO
version:1.1.1
LogFactory/LogFactoryImpl ingore Throwable
version:1.1.1
LogFactory.nullClassLoaderFactory is not properly synchronized
version:1.1.1
SimpleLog.log - unsafe update of shortLogName
version:1.1.1
BufferedReader is not closed properly
version:1.1.1;1.2
3. commons-io commons-io
version: 2.3
Jira issues:
What should happen in FileUtils.sizeOf[Directory] when an overflow takes place?
version:2.3
FileUtils.writeLines uses unbuffered IO
version:2.3
BOMInputStream wrongly detects UTF-32LE_BOM files as UTF-16LE_BOM files in method getBOM()
version:2.3
Commons IO Tailer does not respect UTF-8 Charset
version:2.3
IOUtils copyLarge() and skip() methods are performance hogs
version:2.3;2.4
Regression in FileUtils.readFileToString from 2.0.1
version:2.1;2.2;2.3;2.4
4. commons-codec commons-codec
version: 1.6
Jira issues:
QuotedPrintableCodec does not support soft line break per the 'quoted-printable' example on Wikipedia
version:1.5;1.6
BeiderMorseEncoder OOM issues
version:1.6
BeiderMorse phonetic filter give uncertain results
version:1.6
DigestUtils.getDigest(String) looses the orginal exception
version:1.6
DigestUtils.getDigest(String) should throw IllegalArgumentException instead of RuntimeException
version:1.6
DigestUtils: add APIs named after standard alg name SHA-1
version:1.6
BaseNCodecOutputStream only supports writing EOF on close()
version:1.6
5. org.apache.commons commons-lang3
version: 3.1
Jira issues:
NumberUtils#isNumber() returns false for "+2" and true for "-2"
version:3.1;3.3.2
NumberUtils.createNumber() behaves inconsistently with NumberUtils.isNumber()
version:3.1
TypeUtils.getTypeArguments() misses type arguments for partially-assigned classes
version:3.1
TypeUtilsTest contains incorrect type assignability assertion due to lost/skipped type variable information during the decision process
version:3.1
SerializationUtils throws ClassNotFoundException when cloning primitive classes
version:3.1
SystemUtils.IS_OS_WINDOWS_2008; VISTA are incorrect
version:3.1
LocaleUtils - unnecessary recursive call in SyncAvoid class
version:3.1
RandomStringUtils.random(count; 0; 0; false; false; universe; random) always throws java.lang.ArrayIndexOutOfBoundsException
version:2.5;2.6;3.1
StringUtils.join() endIndex; bugged for loop
version:3.1
StringUtils.equalsIgnoreCase doesn't check string reference equality
version:3.1
[Method|Constructor]Utils.invoke*(*; Object... args) variants cannot handle null values
version:3.1
Add org.apache.commons.lang3.SystemUtils.IS_OS_WINDOWS_8
version:3.1
NumberUtils#createNumber - bad behaviour for leading "--"
version:3.1
FastDateParser does not handle non-ASCII digits correctly
version:3.1
FastDateParser does not handle non-Gregorian calendars properly
version:3.1
FastDateFormat and FastDatePrinter generates Date objects wastefully
version:3.1
LocaleUtils.toLocale does not parse strings starting with an underscore
version:3.1
LocaleUtils test fails with new Locale "ja_JP_JP_#u-ca-japanese" of JDK7
version:3.1
LookupTranslator accepts CharSequence as input; but fails to work with implementations other than String
version:3.1
CLONE - DateFormatUtils.format does not correctly change Calendar TimeZone in certain situations
version:3.1
Add ArrayUtils#nullToEmpty(Class<?>[])
version:3.1
BooleanUtils.xor(boolean...) produces wrong results
version:3.1
Test DurationFormatUtilsTest.testEdgeDuration fails in JDK 1.6; 1.7 and 1.8; BRST time zone
version:3.1;3.2;3.2.1
Fragments are wrong by 1 day when using fragment YEAR or MONTH
version:3.1
NumberUtils#createNumber() returns positive BigDecimal when negative Float is expected
version:3.x
Sincerely~
FDU Software Engineering Lab
Marth 14th,2019
The text was updated successfully, but these errors were encountered: