You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. We have analyzed the api call related to the following libraries and found one library that is using the API call that might invoke buggy methods in the library of the history.
commons-codec commons-codec
version: 1.4
API call in your project:org.apache.commons.codec.binary.Base64.setInitialBuffer(byte[],int,int)
Hi, there!
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. We have analyzed the api call related to the following libraries and found one library that is using the API call that might invoke buggy methods in the library of the history.
version: 1.4
API call in your project:org.apache.commons.codec.binary.Base64.setInitialBuffer(byte[],int,int)
Jira issues:
Base64InputStream#read(byte[]) incorrectly returns 0 at end of any stream which is multiple of 3 bytes long
version:1.4
ArrayIndexOutOfBoundsException when doing multiple reads() on encoding Base64InputStream
version:1.4
Base64 encoding issue for larger avi files
version:1.4
org.apache.commons.codec.net.URLCodec.ESCAPE_CHAR isn't final but should be
version:1.2;1.3;1.4
org.apache.commons.codec.language.RefinedSoundex.US_ENGLISH_MAPPING should be package protected MALICIOUS_CODE
version:1.4
org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING should be package protected MALICIOUS_CODE
version:1.4
Caverphone encodes names starting and ending with "mb" incorrectly.
version:1.4
All links to fixed bugs in the "Changes Report" http://commons.apache.org/codec/changes-report.html point nowhere; e.g. http://issues.apache.org/jira/browse/34157. Looks as if all JIRA tickets were renumbered.
version:1.1;1.2;1.3;1.4
Regression: Base64.encode(chunk=true) has bug when input length is multiple of 76
version:1.4
DigestUtils: MD5 checksum is not calculated correctly on linux64-platforms
version:1.3;1.4
new Base64().encode() appends a CRLF; and chunks results into 76 character lines
version:1.4
Base64 encode() method is no longer thread-safe; breaking clients using it as a shared BinaryEncoder
version:1.4
Base64 default constructor behaviour changed to enable chunking in 1.4
version:1.4
Base64InputStream causes NullPointerException on some input
version:1.4
Base64.encodeBase64String() shouldn't chunk
version:1.4
2. org.apache.commons commons-lang3
version: 3.4
Jira issues:
TypeUtils.ParameterizedType#equals doesn't work with wildcard types
version:3.3.2;3.4
DateUtilsTest.testLang530 fails for some timezones
version:3.4
StringUtils.stripAccents from "Ł" and "ł"
version:3.4
No release notes for version 3.4
version:3.4
JsonToStringStyle doesn't handle chars and objects correctly
version:3.4
ReflectionToStringBuilder doesn't throw IllegalArgumentException when the constructor's object param is null
version:3.4
StrLookup.systemPropertiesLookup() no longer reacts on changes on system properties
version:3.4
StringUtils#capitalize: Javadoc says toTitleCase; code uses toUpperCase
version:3.4
Multiple calls of org.apache.commons.lang3.concurrent.LazyInitializer.initialize() are possible
version:3.4;3.5
EnumUtils *BitVector issue with more than 32 values Enum
version:3.4
StringUtils#equals fails with Index OOBE on non-Strings with identical leading prefix
version:3.4
There are no tests for CharSequenceUtils.regionMatches
version:3.4
ArrayUtils.removeAll(Object array; int... indices) should do the clone; not its callers
version:3.4
TypeUtils.isAssignable throws NullPointerException when fromType has type variables and toType generic superclass specifies type variable
version:3.4
FastDateFormat does not support the week-year component (uppercase 'Y')
version:3.4
ordinalIndexOf("abc"; "ab"; 1) gives incorrect answer of -1 (correct answer should be 0)
version:3.4
Fix implementation of StringUtils.getJaroWinklerDistance()
version:3.4
parseDateStrictly does't pass specified locale
version:3.4
ClassUtils.getClass(ClassLoader; String) fails for "void"
version:3.4
NumberUtils.isNumber bug
version:3.4
FastDateFormat doesn't respect summer daylight in localized strings
version:3.4
StringUtils#normalizeSpace does not trim the string anymore
version:3.4
DiffBuilder: Add null check on fieldName when appending Object or Object[]
version:3.4
FastDatePrinter Memory allocation regression
version:3.4
SerializationUtils.ClassLoaderAwareObjectInputStream should use static initializer to initialize primitiveTypes map.
version:3.2;3.3;3.4
NumberUtils.isNumber and NumberUtils.createNumber resolve inconsistently
version:3.4
ArrayUtils.contains returns false for instances of subtypes
version:3.4
CompareToBuilder.append(Object;Object;Comparator) method is too big to be inlined
version:3.4
StrBuilder#replaceAll ArrayIndexOutOfBoundsException
version:3.2.1;3.4;3.5
NumberUtils#createNumber() returns positive BigDecimal when negative Float is expected
version:3.x
Sincerely~
FDU Software Engineering Lab
Marth 14th,2019
The text was updated successfully, but these errors were encountered: