You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. We have analyzed the api call related to the following libraries and found one library that is using the API call that might invoke buggy methods in the library of the history.
org.apache.httpcomponents httpclient
version: 4.2.3
API call in your project:org.apache.http.conn.ssl.SSLSocketFactory.createDefaultSSLContext()
Hi, there!
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. We have analyzed the api call related to the following libraries and found one library that is using the API call that might invoke buggy methods in the library of the history.
version: 4.2.3
API call in your project:org.apache.http.conn.ssl.SSLSocketFactory.createDefaultSSLContext()
Jira issues:
GzipDecompressingEntity does not release InputStream when an IOException occurs while reading the Gzip header
Unable to shutdown executor service used by AsynchronousValidator
FileNotFoundException on Cached Variant
HttpClient -> local address binding does not work correctly
Certificate verification rejects IPv6 addresses which are not String-equal
SSLSocketFactory.createSystemSSLContext causes java.security.UnrecoverableKeyException: Password verification failed
SSL handshake exceptions are hidden from application
2. commons-logging commons-logging
version: 1.1.1
Jira issues:
Unit tests fail on linux with java16
deadlock on re-registration of logger
Potential missing privileged block for class loader
Log4JLogger uses deprecated static members of Priority such as INFO
LogFactory/LogFactoryImpl ingore Throwable
LogFactory.nullClassLoaderFactory is not properly synchronized
SimpleLog.log - unsafe update of shortLogName
BufferedReader is not closed properly
3. commons-cli commons-cli
version: 1.2
Jira issues:
Unable to select a pure long option in a group
Clear the selection from the groups before parsing
Commons CLI incorrectly stripping leading and trailing quotes
Coding error: OptionGroup.setSelected causes java.lang.NullPointerException
StringIndexOutOfBoundsException in HelpFormatter.findWrapPos
HelpFormatter strips leading whitespaces in the footer
OptionBuilder only has static methods; yet many return an OptionBuilder instance
Unable to properly require options
Download link gives HTTP/1.1 403 Forbidden
OptionValidator Implementation Does Not Agree With JavaDoc
4. commons-io commons-io
version: 2.4
Jira issues:
IOUtils copyLarge() and skip() methods are performance hogs
CharSequenceInputStream#reset() behaves incorrectly in case when buffer size is not dividable by data size
[Tailer] InterruptedException while the thead is sleeping is silently ignored
IOUtils.contentEquals* methods returns false if input1 == input2; should return true
Apache Commons - standard links for documents are failing
Links are broken on User Guide....
FileUtils.sizeOfDirectoryAsBigInteger can overflow
Regression in FileUtils.readFileToString from 2.0.1
Correct exception message in FileUtils.getFile(File; String...)
org.apache.commons.io.FileUtils#waitFor waits too long
getPrefixLength return -1 if unix file contains colon
FilenameUtils should handle embedded null bytes
Exceptions are suppressed incorrectly when copying files.
Sincerely~
FDU Software Engineering Lab
Marth 14th,2019
The text was updated successfully, but these errors were encountered: