This repository has been archived by the owner on Jul 3, 2020. It is now read-only.
Your project OAuth-Apis apis is using buggy third-party libraries [WARNING] #114
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi, there!
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. We have analyzed the api call related to the following libraries and found one library that is using the API call that might invoke buggy methods in the library of the history.
version: 1.4
API call in your project:org.apache.commons.codec.binary.Base64.setInitialBuffer(byte[],int,int)
Jira issues:
Base64InputStream#read(byte[]) incorrectly returns 0 at end of any stream which is multiple of 3 bytes long
version:1.4
ArrayIndexOutOfBoundsException when doing multiple reads() on encoding Base64InputStream
version:1.4
Base64 encoding issue for larger avi files
version:1.4
org.apache.commons.codec.net.URLCodec.ESCAPE_CHAR isn't final but should be
version:1.2;1.3;1.4
org.apache.commons.codec.language.RefinedSoundex.US_ENGLISH_MAPPING should be package protected MALICIOUS_CODE
version:1.4
org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING should be package protected MALICIOUS_CODE
version:1.4
Caverphone encodes names starting and ending with "mb" incorrectly.
version:1.4
All links to fixed bugs in the "Changes Report" http://commons.apache.org/codec/changes-report.html point nowhere; e.g. http://issues.apache.org/jira/browse/34157. Looks as if all JIRA tickets were renumbered.
version:1.1;1.2;1.3;1.4
Regression: Base64.encode(chunk=true) has bug when input length is multiple of 76
version:1.4
DigestUtils: MD5 checksum is not calculated correctly on linux64-platforms
version:1.3;1.4
new Base64().encode() appends a CRLF; and chunks results into 76 character lines
version:1.4
Base64 encode() method is no longer thread-safe; breaking clients using it as a shared BinaryEncoder
version:1.4
Base64 default constructor behaviour changed to enable chunking in 1.4
version:1.4
Base64InputStream causes NullPointerException on some input
version:1.4
Base64.encodeBase64String() shouldn't chunk
version:1.4
2. commons-io commons-io
version: 2.0.1
Jira issues:
ClassLoaderObjectInputStream does not handle Proxy classes
version:2.0.1
FileSystemUtils.freeSpaceKb throws exception for Windows volumes with no visible files.
version:2.0.1
FileUtils.copyFile() throws IOException when copying large files to a shared directory (on Windows)
version:2.0.1
Tailer returning partial lines when reaching EOF before EOL
version:2.0.1
ReaderInputStream enters infinite loop when it encounters an unmappable character
version:2.0.1
getPrefixLength returns null if filename has leading slashes
version:2.0.1;2.1
ClassLoaderObjectInputStream does not handle primitive typed members
version:2.0.1
version: 1.0.6
Jira issues:
insertFromJNDI does not use Property substitution
version:1.0.6
joranconfigurator fails if used in applet
version:1.0.6;1.0.7
Failed to get local hostname
version:1.0.6;1.0.7
Leaking jdbc pool connection
version:1.0.6;1.0.7;1.0.8;1.0.9
version: 2.6
Jira issues:
Remove unnecessary synchronization from registry lookup in EqualsBuilder and HashCodeBuilder
version:2.6
LocaleUtils - DCL idiom is not thread-safe
version:2.6
RandomStringUtils.random(count; 0; 0; false; false; universe; random) always throws java.lang.ArrayIndexOutOfBoundsException
version:2.5;2.6;3.1
Exception when combining custom and choice format in ExtendedMessageFormat
version:2.5;2.6
Sincerely~
FDU Software Engineering Lab
Marth 14th,2019
The text was updated successfully, but these errors were encountered: