-
Bug
-
Resolution: Done
-
Critical
-
None
-
None
-
2019 Week 11-13, 2019 Week 14-16
-
NEW
-
NEW
Michael, please upgrade these 4 dependencies to their latest and greatest version, as long as the major version doesn't change (I don't think any have released a new major version). If you run into any compilation issues anywhere in kie, feel free to ping me and we'll take a look. - Geoffrey
Original text:
Hi, there!
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information.
1. commons-io commons-io
version: 2.5
Jira issues:
ant test fails - resources missing from test classpath
affectsVersions:2.5
https://issues.apache.org/jira/projects/IO/issues/IO-451?filter=allopenissues
Exceptions are suppressed incorrectly when copying files.
affectsVersions:2.4;2.5
https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues
ThresholdingOutputStream.thresholdReached() results in FileNotFoundException
affectsVersions:2.5
https://issues.apache.org/jira/projects/IO/issues/IO-512?filter=allopenissues
Tailer.run race condition runaway logging
affectsVersions:2.5
https://issues.apache.org/jira/projects/IO/issues/IO-528?filter=allopenissues
Thread bug in FileAlterationMonitor#stop(int)
affectsVersions:2.5
https://issues.apache.org/jira/projects/IO/issues/IO-535?filter=allopenissues
2.5 ExceptionInInitializerError
affectsVersions:2.5
https://issues.apache.org/jira/projects/IO/issues/IO-536?filter=allopenissues
2. ch.qos.logback logback-classic
version: 1.2.3
Jira issues:
missing log files and log entries when using SizeAndTimeBasedRollingPolicy
affectsVersions:1.2.3
https://jira.qos.ch/projects/LOGBACK/issues/LOGBACK-1361?filter=allopenissues
3. org.apache.commons commons-lang3
version: 3.4
Jira issues:
TypeUtils.ParameterizedType#equals doesn't work with wildcard types
affectsVersions:3.3.2;3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1114?filter=allopenissues
DateUtilsTest.testLang530 fails for some timezones
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1116?filter=allopenissues
StringUtils.stripAccents from "Ł" and "ł"
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1120?filter=allopenissues
JsonToStringStyle doesn't handle chars and objects correctly
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1128?filter=allopenissues
ReflectionToStringBuilder doesn't throw IllegalArgumentException when the constructor's object param is null
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1132?filter=allopenissues
StrLookup.systemPropertiesLookup() no longer reacts on changes on system properties
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1141?filter=allopenissues
StringUtils#capitalize: Javadoc says toTitleCase; code uses toUpperCase
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1142?filter=allopenissues
Multiple calls of org.apache.commons.lang3.concurrent.LazyInitializer.initialize() are possible
affectsVersions:3.4;3.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-1144?filter=allopenissues
EnumUtils *BitVector issue with more than 32 values Enum
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1147?filter=allopenissues
StringUtils#equals fails with Index OOBE on non-Strings with identical leading prefix
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1162?filter=allopenissues
There are no tests for CharSequenceUtils.regionMatches
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1163?filter=allopenissues
ArrayUtils.removeAll(Object array; int... indices) should do the clone; not its callers
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1178?filter=allopenissues
TypeUtils.isAssignable throws NullPointerException when fromType has type variables and toType generic superclass specifies type variable
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1190?filter=allopenissues
FastDateFormat does not support the week-year component (uppercase 'Y')
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1192?filter=allopenissues
ordinalIndexOf("abc"; "ab"; 1) gives incorrect answer of -1 (correct answer should be 0)
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1193?filter=allopenissues
Fix implementation of StringUtils.getJaroWinklerDistance()
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1199?filter=allopenissues
parseDateStrictly does't pass specified locale
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1202?filter=allopenissues
ClassUtils.getClass(ClassLoader; String) fails for "void"
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1214?filter=allopenissues
NumberUtils.isNumber bug
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1216?filter=allopenissues
FastDateFormat doesn't respect summer daylight in localized strings
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1219?filter=allopenissues
StringUtils#normalizeSpace does not trim the string anymore
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1226?filter=allopenissues
DiffBuilder: Add null check on fieldName when appending Object or Object[]
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1232?filter=allopenissues
FastDatePrinter Memory allocation regression
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1248?filter=allopenissues
SerializationUtils.ClassLoaderAwareObjectInputStream should use static initializer to initialize primitiveTypes map.
affectsVersions:3.2;3.3;3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1251?filter=allopenissues
NumberUtils.isNumber and NumberUtils.createNumber resolve inconsistently
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1252?filter=allopenissues
ArrayUtils.contains returns false for instances of subtypes
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1261?filter=allopenissues
CompareToBuilder.append(Object;Object;Comparator) method is too big to be inlined
affectsVersions:3.4
https://issues.apache.org/jira/projects/LANG/issues/LANG-1262?filter=allopenissues
StrBuilder#replaceAll ArrayIndexOutOfBoundsException
affectsVersions:3.2.1;3.4;3.5
https://issues.apache.org/jira/projects/LANG/issues/LANG-1276?filter=allopenissues
Sincerely~
FDU Software Engineering Lab
Feb 17th,2019
