Your project kite-sdk kite is using buggy third-party libraries [WARNING]

[FDUSELAB2]

Hi, there!

We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.

We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information. We have analyzed the api call related to the following libraries and found one library that is using the API call that might invoke buggy methods in the library of the history.

1. commons-logging commons-logging version: 1.1.1 Jira issues: Unit tests fail on linux with java16 deadlock on re-registration of logger Potential missing privileged block for class loader Log4JLogger uses deprecated static members of Priority such as INFO LogFactory/LogFactoryImpl ingore Throwable LogFactory.nullClassLoaderFactory is not properly synchronized SimpleLog.log - unsafe update of shortLogName BufferedReader is not closed properly
2. commons-io commons-io version: 2.5 Jira issues: ant test fails - resources missing from test classpath Exceptions are suppressed incorrectly when copying files. ThresholdingOutputStream.thresholdReached() results in FileNotFoundException Tailer.run race condition runaway logging Thread bug in FileAlterationMonitor#stop(int) 2.5 ExceptionInInitializerError
3. commons-codec commons-codec version: 1.4 API call in your project:org.apache.commons.codec.binary.Base64.setInitialBuffer(byte[],int,int)

Jira issues: Base64InputStream#read(byte[]) incorrectly returns 0 at end of any stream which is multiple of 3 bytes long ArrayIndexOutOfBoundsException when doing multiple reads() on encoding Base64InputStream Base64 encoding issue for larger avi files org.apache.commons.codec.net.URLCodec.ESCAPE_CHAR isn't final but should be org.apache.commons.codec.language.RefinedSoundex.US_ENGLISH_MAPPING should be package protected MALICIOUS_CODE org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING should be package protected MALICIOUS_CODE Caverphone encodes names starting and ending with "mb" incorrectly. All links to fixed bugs in the "Changes Report" http://commons.apache.org/codec/changes-report.html point nowhere; e.g. http://issues.apache.org/jira/browse/34157. Looks as if all JIRA tickets were renumbered. Regression: Base64.encode(chunk=true) has bug when input length is multiple of 76 DigestUtils: MD5 checksum is not calculated correctly on linux64-platforms new Base64().encode() appends a CRLF; and chunks results into 76 character lines Base64 encode() method is no longer thread-safe; breaking clients using it as a shared BinaryEncoder Base64 default constructor behaviour changed to enable chunking in 1.4 Base64InputStream causes NullPointerException on some input Base64.encodeBase64String() shouldn't chunk

4. commons-lang commons-lang version: 2.5 Jira issues: Testing with JDK 1.7 Some StringUtils methods should take an int character instead of char to use String API features. SystemUtils.getJavaVersionAsFloat throws StringIndexOutOfBoundsException on Android runtime/Dalvik VM NumberUtils createNumber throws a StringIndexOutOfBoundsException when argument containing "e" and "E" is passed in FastDateFormat.format() outputs incorrect week of year because locale isn't respected RandomStringUtils.random(count; 0; 0; false; false; universe; random) always throws java.lang.ArrayIndexOutOfBoundsException Exception when combining custom and choice format in ExtendedMessageFormat

Sincerely~ FDU Software Engineering Lab Marth 14th,2019