基层智治-后台
parent: 776314c0 | patch | commit | ignore whitespace
zrj
2024-06-13 530306677b2de1ec4922d0eba8faa4a9c9220544 
漏洞修复
4 files modified
47 ■■■■ changed files
pom.xml 39 ●●●●● patch | view | raw | blame | history
src/main/java/org/springblade/common/utils/SmsUtils.java 2 ●●● patch | view | raw | blame | history
src/main/resources/application-dev.yml 2 ●●● patch | view | raw | blame | history
src/main/resources/application.yml 4 ●●●● patch | view | raw | blame | history 
 pom.xml


@@ -18,7 +18,7 @@


        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>


        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>




        <spring.boot.version>2.7.1</spring.boot.version>


        <spring.boot.version>2.7.15</spring.boot.version>


        <spring.platform.version>Cairo-SR8</spring.platform.version>




        <!-- 推荐使用Harbor -->


@@ -297,6 +297,43 @@


            <artifactId>druid</artifactId>


            <scope>provided</scope>


        </dependency>


        <!--漏洞覆盖之前 1.3.0 版本-->


        <!-- https://mvnrepository.com/artifact/org.yaml/snakeyaml -->


        <dependency>


            <groupId>org.yaml</groupId>


            <artifactId>snakeyaml</artifactId>


            <version>2.0</version>


        </dependency>


        <!-- FileUpload 依赖 升级 (漏洞版本 1.3.3)-->


        <dependency>


            <groupId>commons-fileupload</groupId>


            <artifactId>commons-fileupload</artifactId>


            <version>1.5</version>


        </dependency>


        <!-- IO 依赖,FileUpload 需要 Commons IO 库 -->


        <dependency>


            <groupId>commons-io</groupId>


            <artifactId>commons-io</artifactId>


            <version>2.8.0</version>


        </dependency>


        <!-- 排除 velocity 1.7 有漏洞-->


        <dependency>


            <groupId>com.bstek.ureport</groupId>


            <artifactId>ureport2-console</artifactId>


            <version>2.2.9</version>


            <exclusions>


                <exclusion>


                    <groupId>org.apache.velocity</groupId>


                    <artifactId>velocity</artifactId>


                </exclusion>


            </exclusions>


        </dependency>


        <!--覆盖原来的 8.0.22 有漏洞-->


        <dependency>


            <groupId>mysql</groupId>


            <artifactId>mysql-connector-java</artifactId>


            <version>8.0.27</version>


        </dependency>


    </dependencies>




    <build>




 src/main/java/org/springblade/common/utils/SmsUtils.java


@@ -1,6 +1,6 @@


package org.springblade.common.utils;




import org.apache.commons.lang.text.StrSubstitutor;


import liquibase.repackaged.org.apache.commons.lang3.text.StrSubstitutor;


import org.slf4j.Logger;


import org.slf4j.LoggerFactory;






 src/main/resources/application-dev.yml


@@ -64,7 +64,7 @@


      logretentiondays: -1


      port: 7018


      address:


  enabled: true


  enabled: false




# binlog listener


binlog:




 src/main/resources/application.yml


@@ -152,9 +152,9 @@


  async-executor-activate: false


  async-history-executor-activate: false




#报表配置


#报表配置--有漏洞关闭--20240613


report:


  enabled: true


  enabled: false


  database:


    provider:


      prefix: blade-