[JIRA] (SLF4J-454) Your project qos-ch/slf4j is using buggy third-party libraries [WARNING]
Kaifeng Huang created SLF4J-454: ----------------------------------- Summary: Your project qos-ch/slf4j is using buggy third-party libraries [WARNING] Key: SLF4J-454 URL: https://jira.qos.ch/browse/SLF4J-454 Project: SLF4J Issue Type: Bug Environment: Hi, there! We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions. We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. 1. commons-lang commons-lang version: 2.4 Jira issues: Fix case-insensitive string handling affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-432?filter=allopeni... StringEscapeUtils.escapeHTML() does not escape chars (0x00-0x20) affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-439?filter=allopeni... DateUtils.round doesn't work correct for Calendar.AM_PM affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-440?filter=allopeni... Lower Ascii Characters don't get encoded by Entities.java affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-448?filter=allopeni... Issue in HashCodeBuilder which only shows up under high load multi-threaded usage. affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-459?filter=allopeni... Ant build file does not include ReflectTestSuite affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-463?filter=allopeni... EqualsBuilder and HashCodeBuilder treat java.math.BigDecimal inconsistantly and break general contract of hashCode affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-467?filter=allopeni... JDK 1.5 build/runtime failure on LANG-393 (EqualsBuilder) affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-468?filter=allopeni... ExtendedMessageFormat: OutOfMemory with custom format registry and a pattern containing single quotes affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-477?filter=allopeni... parseDate cannot parse ISO8601 dates produced by FastDateFormat affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-530?filter=allopeni... DateFormatUtils.format does not correctly change Calendar TimeZone in certain situations affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-538?filter=allopeni... StringUtils replaceEach - Bug or Missing Documentation affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-552?filter=allopeni... Javadoc wrong for StringUtils startsWith; startsWithIgnoreCase; endsWith and endsWithIgnoreCase affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-557?filter=allopeni... HashCodeBuilder reflectionAppend creates unnecessary copy of excludeFields affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-575?filter=allopeni... ExceptionUtils uses mutable lock target affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-584?filter=allopeni... ClassUtils.toClass(Object[]) throws NPE on null array element affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-587?filter=allopeni... Sincerely~ FDU Software Engineering Lab Feb 15th, 2019 Reporter: Kaifeng Huang Assignee: SLF4J developers list -- This message was sent by Atlassian JIRA (v7.3.1#73012)
The project appear to be dormant, i've tried emailing the developers and using the contact us page at qos.sh but have not been able to contact any slf4j developers in the past year. only ceki appears to have done anything in over a year for slf4j, it might need to be forked if people are still using slf4j and want it to continue. i would step up to help contributing as i want to fixed some issues but until i'm able to get ahold of any developer that isn't possible the https://github.com/qos-ch project does have activity for logback but for slf4j it says 8th of Dec 2018 but i've no idea what changed On Fri, 15 Feb 2019 at 08:45, QOS.CH (JIRA) <noreply-jira@qos.ch> wrote:
Kaifeng Huang created SLF4J-454: -----------------------------------
Summary: Your project qos-ch/slf4j is using buggy third-party libraries [WARNING] Key: SLF4J-454 URL: https://jira.qos.ch/browse/SLF4J-454 Project: SLF4J Issue Type: Bug Environment: Hi, there!
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information.
1. commons-lang commons-lang version: 2.4
Jira issues: Fix case-insensitive string handling affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-432?filter=allopeni... StringEscapeUtils.escapeHTML() does not escape chars (0x00-0x20) affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-439?filter=allopeni... DateUtils.round doesn't work correct for Calendar.AM_PM affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-440?filter=allopeni... Lower Ascii Characters don't get encoded by Entities.java affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-448?filter=allopeni... Issue in HashCodeBuilder which only shows up under high load multi-threaded usage. affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-459?filter=allopeni... Ant build file does not include ReflectTestSuite affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-463?filter=allopeni... EqualsBuilder and HashCodeBuilder treat java.math.BigDecimal inconsistantly and break general contract of hashCode affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-467?filter=allopeni... JDK 1.5 build/runtime failure on LANG-393 (EqualsBuilder) affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-468?filter=allopeni... ExtendedMessageFormat: OutOfMemory with custom format registry and a pattern containing single quotes affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-477?filter=allopeni... parseDate cannot parse ISO8601 dates produced by FastDateFormat affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-530?filter=allopeni... DateFormatUtils.format does not correctly change Calendar TimeZone in certain situations affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-538?filter=allopeni... StringUtils replaceEach - Bug or Missing Documentation affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-552?filter=allopeni... Javadoc wrong for StringUtils startsWith; startsWithIgnoreCase; endsWith and endsWithIgnoreCase affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-557?filter=allopeni... HashCodeBuilder reflectionAppend creates unnecessary copy of excludeFields affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-575?filter=allopeni... ExceptionUtils uses mutable lock target affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-584?filter=allopeni... ClassUtils.toClass(Object[]) throws NPE on null array element affectsVersions:2.4 https://issues.apache.org/jira/projects/LANG/issues/LANG-587?filter=allopeni...
Sincerely~ FDU Software Engineering Lab Feb 15th, 2019 Reporter: Kaifeng Huang Assignee: SLF4J developers list
-- This message was sent by Atlassian JIRA (v7.3.1#73012) _______________________________________________ slf4j-dev mailing list slf4j-dev@qos.ch http://mailman.qos.ch/mailman/listinfo/slf4j-dev
participants (2)
-
John Patrick -
QOS.CH (JIRA)