[jira] [Created] (FLINK-11621) Your project apache/flink is using buggy third-party libraries [WARNING]
Locked
[jira] [Created] (FLINK-11621) Your project apache/flink is using buggy third-party libraries [WARNING]
 
|
Kaifeng Huang created FLINK-11621:
------------------------------------- Summary: Your project apache/flink is using buggy third-party libraries [WARNING] Key: FLINK-11621 URL: https://issues.apache.org/jira/browse/FLINK-11621 Project: Flink Issue Type: Bug Reporter: Kaifeng Huang Hi, there! We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions. We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. 1. org.apache.logging.log4j log4j-core version: 2.9.1 Jira issues: Nested pattern layout options broken affectsVersions:2.4.1,2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1216?filter=allopenissues Messages appear out of order in log file (was: Log4j2 log file not reflecting application log function calls) affectsVersions:2.8.2,2.9.0,2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2031?filter=allopenissues ServiceConfigurationError in Tomcat when Log4j is used as the logging implementation affectsVersions:2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2055?filter=allopenissues Can't set monitorInterval for composite XML configuration. affectsVersions:2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2068?filter=allopenissues Log4j-config.xsd should make AppenderRef optional for each Logger element affectsVersions:2.9.0,2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2073?filter=allopenissues The console appender should say why it cannot load JAnsi affectsVersions:2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2074?filter=allopenissues Property log4j.skipJansi should have a default of true affectsVersions:2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2087?filter=allopenissues Log4j respects the configured "log4j2.is.webapp" property affectsVersions:2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2091?filter=allopenissues LevelMixIn class for Jackson is coded incorrectly affectsVersions:2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2100?filter=allopenissues non-string value MapMessage ClassCastException affectsVersions:2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2101?filter=allopenissues MapMessage JSON encoding should escape keys and values affectsVersions:2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2102?filter=allopenissues MapMessage should support both StringBuilderFormattable and MultiformatMessage affectsVersions:2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2107?filter=allopenissues Json escaping does not properly escape newlines and other control characters affectsVersions:2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2120?filter=allopenissues Remove Log4J API dependency on Management APIs affectsVersions:2.9.1,2.10.0 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2126?filter=allopenissues MutableLogEvent instances get reused before flushing when using a NoSql Appender with a bufferSize affectsVersions:2.9.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2140?filter=allopenissues fix the CacheEntry map in ThrowableProxy#toExtendedStackTrace to be put and gotten with same key affectsVersions:2.6.2,2.7,2.8,2.8.1,2.8.2,2.9.0,2.9.1,2.10.0,2.11.0 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2389?filter=allopenissues 2. commons-cli commons-cli version: 1.3.1 Jira issues: Optional argument picking up next regular option as its argument affectsVersions:1.3.1 https://issues.apache.org/jira/projects/CLI/issues/CLI-265?filter=allopenissues HelpFormatter#setOptionComparator(null) doesn't display the values in inserted order affectsVersions:1.3.1 https://issues.apache.org/jira/projects/CLI/issues/CLI-266?filter=allopenissues 3. commons-io commons-io version: 2.4 Jira issues: IOUtils copyLarge() and skip() methods are performance hogs affectsVersions:2.3;2.4 https://issues.apache.org/jira/projects/IO/issues/IO-355?filter=allopenissues CharSequenceInputStream#reset() behaves incorrectly in case when buffer size is not dividable by data size affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-356?filter=allopenissues [Tailer] InterruptedException while the thead is sleeping is silently ignored affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-357?filter=allopenissues IOUtils.contentEquals* methods returns false if input1 == input2; should return true affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-362?filter=allopenissues Apache Commons - standard links for documents are failing affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-369?filter=allopenissues FileUtils.sizeOfDirectoryAsBigInteger can overflow affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-390?filter=allopenissues Regression in FileUtils.readFileToString from 2.0.1 affectsVersions:2.1;2.2;2.3;2.4 https://issues.apache.org/jira/projects/IO/issues/IO-453?filter=allopenissues Correct exception message in FileUtils.getFile(File; String...) affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-479?filter=allopenissues org.apache.commons.io.FileUtils#waitFor waits too long affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-481?filter=allopenissues FilenameUtils should handle embedded null bytes affectsVersions:2.4 https://issues.apache.org/jira/projects/IO/issues/IO-484?filter=allopenissues Exceptions are suppressed incorrectly when copying files. affectsVersions:2.4;2.5 https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues 4. org.apache.logging.log4j log4j-core version: 2.7 Jira issues: ClassCastException at shutdown with JUL: casting SimpleLogger to Logger affectsVersions:2.6.2;2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1618?filter=allopenissues OSGi support is broken in Log4j2 2.7 affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1637?filter=allopenissues RollingFileAppender with CronTriggeringPolicy broken? affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1640?filter=allopenissues DefaultShutdownCallbackRegistry can throw a NoClassDefFoundError affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1642?filter=allopenissues CronTriggeringPolicy breaks awefully when using "reconfigure" of LoggerContext affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1649?filter=allopenissues CronTriggeringPolicy uses wrong naming and produces NPE affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1653?filter=allopenissues 2.7 - ThreadContextAccess.getThreadContextMap NPE when specifying BasicContextSelector affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1658?filter=allopenissues Some LogEvents may not carry a Throwable (Use Message.getThrowable() in log(Message) methods) affectsVersions:2.5;2.6;2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1676?filter=allopenissues Logger using LocalizedMessageFactory prints key instead of message affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1682?filter=allopenissues NPE in ThrowableProxy when resolving stack in Java EE/OSGi environment affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1687?filter=allopenissues Message parameter array elements are set to null during logging in garbage-free mode affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1688?filter=allopenissues StringBuilderFormattable Messages should used cached formatted message if it exists affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1719?filter=allopenissues RollingFileAppender's filePattern not reloaded when using monitorInterval affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1725?filter=allopenissues SslSocketManager should respect connectTimeoutMillis affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1731?filter=allopenissues SslSocketManagerFactory might leak Sockets when certain startup errors occur affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1734?filter=allopenissues Update Jackson from 2.8.4 to 2.8.5 affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1735?filter=allopenissues TcpSocketManagerFactory might leak Sockets when certain startup errors occur affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1736?filter=allopenissues Add CronTriggeringPolicy programmatically leads to NPE affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1740?filter=allopenissues CompositeConfiguration does not add filters to appenderRefs affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1743?filter=allopenissues Custom logger Generate tool should not require log4j-api dependency affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1744?filter=allopenissues RollingFile appender prevents a stand alone application to terminate for as long as 60 sec affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1748?filter=allopenissues Adds xmlns in schema and some other tags affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1756?filter=allopenissues JsonLayout Throwing Exceptions And Producing Broken Logs affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1769?filter=allopenissues Eliminate the use of the ExecutorServices in the LoggerContext affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1780?filter=allopenissues API Version is incorrect affectsVersions:2.6;2.6.1;2.6.2;2.7;2.8;2.8.1 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1836?filter=allopenissues AsyncLogger and message formatting (ConcurrentModificationException) affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1914?filter=allopenissues Configurations with multiple root loggers should fail loudly affectsVersions:2.0;2.1;2.2;2.3;2.4;2.5;2.6;2.7;2.8 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1954?filter=allopenissues TcpSocketServer does not replace any “{}” in message affectsVersions:2.6.2;2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1969?filter=allopenissues Log4J JUL Bridge and RMI Security Manager causes access denied ("java.util.logging.LoggingPermission" "control") affectsVersions:2.7;2.8.2 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-1987?filter=allopenissues No compression when using a separate drive in Linux affectsVersions:2.7 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2012?filter=allopenissues Configuration builder classes should look for "onMismatch"; not "onMisMatch". affectsVersions:2.4;2.4.1;2.5;2.6;2.6.1;2.6.2;2.7;2.8;2.8.1;2.8.2;2.9.0;2.10.0 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2219?filter=allopenissues fix the CacheEntry map in ThrowableProxy#toExtendedStackTrace to be put and gotten with same key affectsVersions:2.6.2;2.7;2.8;2.8.1;2.8.2;2.9.0;2.9.1;2.10.0;2.11.0 https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-2389?filter=allopenissues 5. org.apache.commons commons-lang3 version: 3.3.2 Jira issues: ISO 8601 misspelled throughout the Javadocs affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-1001?filter=allopenissues Several predefined ISO FastDateFormats in DateFormatUtils are incorrect affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-1002?filter=allopenissues DurationFormatUtils are not able to handle negative durations/periods affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-1003?filter=allopenissues DurationFormatUtils#formatDurationHMS implementation does not correspond to Javadoc and vice versa affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-1004?filter=allopenissues NumberUtils.createNumber(final String str) Precision will be lost affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-1018?filter=allopenissues Javadoc for EqualsBuilder.reflectionEquals() is unclear affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-1035?filter=allopenissues NumberUtils#isNumber() returns false for "+2" and true for "-2" affectsVersions:3.1;3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-1038?filter=allopenissues Javadoc for NumberUtils.isNumber() are not clear enough affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-1040?filter=allopenissues Fix MethodUtilsTest so it does not depend on JDK method ordering affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-1041?filter=allopenissues StrSubstitutor.replaceSystemProperties does not work consistently affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-1055?filter=allopenissues NumberUtils.isNumber assumes number starting with Zero is octal affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-1060?filter=allopenissues FastDateParser error - timezones not handled correctly affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-1061?filter=allopenissues Wrong formating of time zones with daylight saving time in FastDatePrinter affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-1092?filter=allopenissues TypeUtils.ParameterizedType#equals doesn't work with wildcard types affectsVersions:3.3.2;3.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-1114?filter=allopenissues Fix bug with stripping spaces on last line in WordUtils.wrap() affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-995?filter=allopenissues FastDateFormat is case sensitive affectsVersions:3.3.2 https://issues.apache.org/jira/projects/LANG/issues/LANG-996?filter=allopenissues NumberUtils#createNumber() returns positive BigDecimal when negative Float is expected affectsVersions:3.x https://issues.apache.org/jira/projects/LANG/issues/LANG-1087?filter=allopenissues Sincerely~ FDU Software Engineering Lab Feb 15th, 2019 -- This message was sent by Atlassian JIRA (v7.6.3#76005) |
«
Return to (DEPRECATED) Apache Flink Mailing List archive.
|
1 view|%1 views
| Free forum by Nabble | Edit this page |