tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Allison (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TIKA-2828) Your project apache/tika is using buggy third-party libraries [WARNING]
Date Fri, 15 Feb 2019 14:20:01 GMT

    [ https://issues.apache.org/jira/browse/TIKA-2828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16769351#comment-16769351
] 

Tim Allison commented on TIKA-2828:
-----------------------------------

Thank you for pointing these out.  Y, we can upgrade httpclient, but is there a solution for:

commons-codec's latest version is 1.11

commons-io's latest version is 2.6

Finally, I've added the maven-versions plugin to Tika and run it periodically...certainly
before we run releases.  We do try to be vigilant...

I wonder if we should signup for https://dependabot.com/ ?

Thank you, again.


> Your project apache/tika is using buggy third-party libraries [WARNING]
> -----------------------------------------------------------------------
>
>                 Key: TIKA-2828
>                 URL: https://issues.apache.org/jira/browse/TIKA-2828
>             Project: Tika
>          Issue Type: Bug
>            Reporter: Kaifeng Huang
>            Priority: Major
>
> Hi, there!
>     We are a research team working on third-party library analysis. We have found that
some widely-used third-party libraries in your project have major/critical bugs, which will
degrade the quality of your project. We highly recommend you to update those libraries to
new versions.
>     We have attached the buggy third-party libraries and corresponding jira issue links
below for you to have more detailed information.
> 	1. commons-codec commons-codec
> 	version: 1.11
> 	Jira issues:
> 	InputStream not closed
> 	affectsVersions:1.10,1.11
> 	https://issues.apache.org/jira/projects/CODEC/issues/CODEC-225?filter=allopenissues
> 	2. org.apache.httpcomponents httpclient
> 	version: 4.5.6
> 	Jira issues:
> 	Support relatively new HTTP 308 redirect - RFC7538
> 	affectsVersions:3.1 (end of life),4.5.6
> 	https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1946?filter=allopenissues
> 	3. commons-io commons-io
> 	version: 2.6
> 	Jira issues:
> 	.gitattributes not correctly applied
> 	affectsVersions:2.6
> 	https://issues.apache.org/jira/projects/IO/issues/IO-516?filter=allopenissues
> 	FilenameUtils.normalize should verify hostname syntax in UNC path
> 	affectsVersions:2.6
> 	https://issues.apache.org/jira/projects/IO/issues/IO-559?filter=allopenissues
> 	Missing Javadoc in FilenameUtils causing Travis-CI build to fail
> 	affectsVersions:2.6
> 	https://issues.apache.org/jira/projects/IO/issues/IO-570?filter=allopenissues
> Sincerely~
> FDU Software Engineering Lab
> Feb 15th, 2019



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message