zrj
2024-06-13 530306677b2de1ec4922d0eba8faa4a9c9220544
漏洞修复
4 files modified
47 ■■■■ changed files
pom.xml 39 ●●●●● patch | view | raw | blame | history
src/main/java/org/springblade/common/utils/SmsUtils.java 2 ●●● patch | view | raw | blame | history
src/main/resources/application-dev.yml 2 ●●● patch | view | raw | blame | history
src/main/resources/application.yml 4 ●●●● patch | view | raw | blame | history
pom.xml
@@ -18,7 +18,7 @@
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <spring.boot.version>2.7.1</spring.boot.version>
        <spring.boot.version>2.7.15</spring.boot.version>
        <spring.platform.version>Cairo-SR8</spring.platform.version>
        <!-- 推荐使用Harbor -->
@@ -297,6 +297,43 @@
            <artifactId>druid</artifactId>
            <scope>provided</scope>
        </dependency>
        <!--漏洞覆盖之前 1.3.0 版本-->
        <!-- https://mvnrepository.com/artifact/org.yaml/snakeyaml -->
        <dependency>
            <groupId>org.yaml</groupId>
            <artifactId>snakeyaml</artifactId>
            <version>2.0</version>
        </dependency>
        <!-- FileUpload 依赖 升级 (漏洞版本 1.3.3)-->
        <dependency>
            <groupId>commons-fileupload</groupId>
            <artifactId>commons-fileupload</artifactId>
            <version>1.5</version>
        </dependency>
        <!-- IO 依赖,FileUpload 需要 Commons IO 库 -->
        <dependency>
            <groupId>commons-io</groupId>
            <artifactId>commons-io</artifactId>
            <version>2.8.0</version>
        </dependency>
        <!-- 排除 velocity 1.7 有漏洞-->
        <dependency>
            <groupId>com.bstek.ureport</groupId>
            <artifactId>ureport2-console</artifactId>
            <version>2.2.9</version>
            <exclusions>
                <exclusion>
                    <groupId>org.apache.velocity</groupId>
                    <artifactId>velocity</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <!--覆盖原来的 8.0.22 有漏洞-->
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>8.0.27</version>
        </dependency>
    </dependencies>
    <build>
src/main/java/org/springblade/common/utils/SmsUtils.java
@@ -1,6 +1,6 @@
package org.springblade.common.utils;
import org.apache.commons.lang.text.StrSubstitutor;
import liquibase.repackaged.org.apache.commons.lang3.text.StrSubstitutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
src/main/resources/application-dev.yml
@@ -64,7 +64,7 @@
      logretentiondays: -1
      port: 7018
      address:
  enabled: true
  enabled: false
# binlog listener
binlog:
src/main/resources/application.yml
@@ -152,9 +152,9 @@
  async-executor-activate: false
  async-history-executor-activate: false
#报表配置
#报表配置--有漏洞关闭--20240613
report:
  enabled: true
  enabled: false
  database:
    provider:
      prefix: blade-