Buggy dependencies #838
Comments
|
I would like to try my hand at resolving this issue |
|
Ok @Kevinyl3, the issue is yours |
|
I have checked through all the dependencies in all the pom.xml's
Overall it seems that the dependencies listed in this issue have either all already been upgraded past their buggy versions, or have been removed from the project altogether. This issue may be able to marked as resolved as it is. |
|
Thanks for checking! I too think that we are now able to close this issue. @all-contributors please add @Kevinyl3 for review |
|
I've put up a pull request to add @Kevinyl3! 🎉 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, there!
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information.
1 org.apache.httpcomponents httpclient (pom in maven central)
version: 4.5.1
Jira issues:
Add convenience methods to fluent API class Request
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1696?filter=allopenissues
GET request should support body
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1703?filter=allopenissues
Delete obsolete clone method
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1709?filter=allopenissues
NTLMEngineImpl.Type1Message not thread safe but declared as a constant
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1715?filter=allopenissues
HttpClient 4.5.1 may perform multiple requests on the same connection despite having "Connection: close" header.
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1723?filter=allopenissues
The deprecated SSLSocketFactory does not contain the SNI fix found in the SSLConnectionSocketFactory class
affectsVersions:4.4.1;4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1726?filter=allopenissues
org.apache.http.impl.client.AbstractHttpClient#createClientConnectionManager Does not account for context class loader
affectsVersions:4.4.1;4.5;4.5.1;4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1727?filter=allopenissues
Malformed path not handled well
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1803?filter=allopenissues
NTLM authentication error: Unexpected state: MSG_TYPE3_GENERATED
affectsVersions:4.5.1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1882?filter=allopenissues
2 org.apache.httpcomponents httpclient (pom.xml)
version: 4.5.2
Jira issues:
org.apache.http.impl.client.AbstractHttpClient#createClientConnectionManager Does not account for context class loader
affectsVersions:4.4.1;4.5;4.5.1;4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1727?filter=allopenissues
Memory Leak in OSGi support
affectsVersions:4.4.1;4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1749?filter=allopenissues
SystemDefaultRoutePlanner: Possible null pointer dereference
affectsVersions:4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1766?filter=allopenissues
Null pointer dereference in EofSensorInputStream and ResponseEntityProxy
affectsVersions:4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1767?filter=allopenissues
[OSGi] WeakList needs to support "clear" method
affectsVersions:4.5.2;5.0 Alpha1
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1772?filter=allopenissues
[OSGi] HttpProxyConfigurationActivator does not unregister HttpClientBuilderFactory
affectsVersions:4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1773?filter=allopenissues
Why is Retry around Redirect and not the other way round
affectsVersions:4.5.2
https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1800?filter=allopenissues
3 org.slf4j slf4j-api (pom.xml)
version: 1.7.21
Jira issues:
Cannot re-initialize the SimpleLogger anymore.
affectsVersions:1.7.21
https://jira.qos.ch/projects/SLF4J/issues/SLF4J-370?filter=allopenissues
Marker lost in EventRecodingLogger
affectsVersions:1.7.21
https://jira.qos.ch/projects/SLF4J/issues/SLF4J-379?filter=allopenissues
Support for JCL 1.2
affectsVersions:1.7.21
https://jira.qos.ch/projects/SLF4J/issues/SLF4J-383?filter=allopenissues
4 ch.qos.logback logback-classic (pom.xml)
version: 1.1.7
Jira issues:
SMTPAppender configuration error since Logback 1.1.7
affectsVersions:1.1.7
https://jira.qos.ch/projects/LOGBACK/issues/LOGBACK-1158?filter=allopenissues
Don't swallow Errors
affectsVersions:1.1.6;1.1.7
https://jira.qos.ch/projects/LOGBACK/issues/LOGBACK-1159?filter=allopenissues
Incorrect "contains multiple setters for the same property" error output for bridge methods
affectsVersions:1.1.7
https://jira.qos.ch/projects/LOGBACK/issues/LOGBACK-1164?filter=allopenissues
MDCFilter crashes with NPE when value is not set
affectsVersions:1.1.7
https://jira.qos.ch/projects/LOGBACK/issues/LOGBACK-1165?filter=allopenissues
totalSizeCap not work as expected
affectsVersions:1.1.7
https://jira.qos.ch/projects/LOGBACK/issues/LOGBACK-1166?filter=allopenissues
Log file handle/descriptor not closed/released after WAR file redeploy
affectsVersions:1.1.6;1.1.7
https://jira.qos.ch/projects/LOGBACK/issues/LOGBACK-1170?filter=allopenissues
FilenamePattern used to TimeBasedArchiveRemover is limited for 999 files
affectsVersions:1.1.7
https://jira.qos.ch/projects/LOGBACK/issues/LOGBACK-1175?filter=allopenissues
SizeAndTimeBasedFNATP should not start in the absence of maxFileSize property
affectsVersions:1.1.7
https://jira.qos.ch/projects/LOGBACK/issues/LOGBACK-1176?filter=allopenissues
RollingFileAppender throws UnsupportedOperationEx after elapsed period
affectsVersions:1.1.7
https://jira.qos.ch/projects/LOGBACK/issues/LOGBACK-1181?filter=allopenissues
scanPeriod attribute is required by logback-classic for auto-reload to work
affectsVersions:1.1.7
https://jira.qos.ch/projects/LOGBACK/issues/LOGBACK-1194?filter=allopenissues
RollingFileAppender generating a large numbers of .tmp files
affectsVersions:1.1.7
https://jira.qos.ch/projects/LOGBACK/issues/LOGBACK-1238?filter=allopenissues
Allow leading zeros in %i pattern
affectsVersions:1.1.7
https://jira.qos.ch/projects/LOGBACK/issues/LOGBACK-1248?filter=allopenissues
Sincerely~
FDU Software Engineering Lab
Jan 7th,2019
The text was updated successfully, but these errors were encountered: