You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. We have analyzed the api call related to the following libraries and found one library that is using the API call that might invoke buggy methods in the library of the history.
commons-codec commons-codec
version: 1.4
API call in your project:org.apache.commons.codec.binary.Base64.setInitialBuffer(byte[],int,int)
Hi, there!
We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. We have analyzed the api call related to the following libraries and found one library that is using the API call that might invoke buggy methods in the library of the history.
version: 1.4
API call in your project:org.apache.commons.codec.binary.Base64.setInitialBuffer(byte[],int,int)
Jira issues:
Base64InputStream#read(byte[]) incorrectly returns 0 at end of any stream which is multiple of 3 bytes long
ArrayIndexOutOfBoundsException when doing multiple reads() on encoding Base64InputStream
Base64 encoding issue for larger avi files
org.apache.commons.codec.net.URLCodec.ESCAPE_CHAR isn't final but should be
org.apache.commons.codec.language.RefinedSoundex.US_ENGLISH_MAPPING should be package protected MALICIOUS_CODE
org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING should be package protected MALICIOUS_CODE
Caverphone encodes names starting and ending with "mb" incorrectly.
All links to fixed bugs in the "Changes Report" http://commons.apache.org/codec/changes-report.html point nowhere; e.g. http://issues.apache.org/jira/browse/34157. Looks as if all JIRA tickets were renumbered.
Regression: Base64.encode(chunk=true) has bug when input length is multiple of 76
DigestUtils: MD5 checksum is not calculated correctly on linux64-platforms
new Base64().encode() appends a CRLF; and chunks results into 76 character lines
Base64 encode() method is no longer thread-safe; breaking clients using it as a shared BinaryEncoder
Base64 default constructor behaviour changed to enable chunking in 1.4
Base64InputStream causes NullPointerException on some input
Base64.encodeBase64String() shouldn't chunk
2. ch.qos.logback logback-classic
version: 1.0.9
Jira issues:
Syslog suffixPattern property cant start with a character in range [a-zA-Z0-9]
Leaking jdbc pool connection
Appenders manual does not work with IE8
DBAppender assumes that caller data is available on the event
Caller data is not correctly computed when run under groovy
Sincerely~
FDU Software Engineering Lab
Marth 14th,2019
The text was updated successfully, but these errors were encountered: