基层智治-后台
parent: b52e64bc | patch | commit | show whitespace
zrj
2024-06-13 aa02a3db013686ec375b2f582283732c8fd7f447 
漏洞修复
2 files modified
70 ■■■■ changed files
pom.xml 40 ●●●●● patch | view | raw | blame | history
src/main/resources/application.yml 30 ●●●●● patch | view | raw | blame | history 
 pom.xml


@@ -18,7 +18,7 @@


        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>


        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>




        <spring.boot.version>2.7.1</spring.boot.version>


        <spring.boot.version>2.7.15</spring.boot.version>


        <spring.platform.version>Cairo-SR8</spring.platform.version>




        <!-- 推荐使用Harbor -->


@@ -220,7 +220,43 @@


            <version>5.5.4</version>


            <scope>compile</scope>


        </dependency>




        <!--漏洞覆盖之前 1.3.0 版本-->


        <!-- https://mvnrepository.com/artifact/org.yaml/snakeyaml -->


        <dependency>


            <groupId>org.yaml</groupId>


            <artifactId>snakeyaml</artifactId>


            <version>2.0</version>


        </dependency>


        <!-- FileUpload 依赖 升级 (漏洞版本 1.3.3)-->


        <dependency>


            <groupId>commons-fileupload</groupId>


            <artifactId>commons-fileupload</artifactId>


            <version>1.5</version>


        </dependency>


        <!-- IO 依赖,FileUpload 需要 Commons IO 库 -->


        <dependency>


            <groupId>commons-io</groupId>


            <artifactId>commons-io</artifactId>


            <version>2.8.0</version>


        </dependency>


        <!-- 排除 velocity 1.7 有漏洞-->


        <dependency>


            <groupId>com.bstek.ureport</groupId>


            <artifactId>ureport2-console</artifactId>


            <version>2.2.9</version>


            <exclusions>


                <exclusion>


                    <groupId>org.apache.velocity</groupId>


                    <artifactId>velocity</artifactId>


                </exclusion>


            </exclusions>


        </dependency>


        <!--覆盖原来的 8.0.22 有漏洞-->


        <dependency>


            <groupId>mysql</groupId>


            <artifactId>mysql-connector-java</artifactId>


            <version>8.0.27</version>


        </dependency>


    </dependencies>




    <build>




 src/main/resources/application.yml


@@ -226,36 +226,6 @@


    #接口放行


    skip-url:


      - /blade-test/**


      - /sse/**


      - /blade-doorplateAddress/doorplateAddress/getFuncList


      - /blade-rotation/rotation/page


      - /blade-article/article/page


      - /blade-article/article/detail


      - /blade-articleComment/articleComment/page


      - /public_discuss/publicDiscuss/detail


      - /blade-userPublicEnroll/userPublicEnroll/page


      - /blade-topics/topics/lists


      - /blade-household/household/getHouseholdOtherInfo


      - /blade-resource/oss/endpoint/put-file


      - /blade-hiddenDangerRecord/**


#      - /blade-doorplateAddress/doorplateAddress/**


#      - /blade-house/house/**


#      - /blade-household/household/**


#      - /blade-label/label/**


#      - /blade-houseRental/houseRental/**


#      - /blade-resource/oss/**


#      - /blade-place/**


#      - /blade-taskReportForRepairs/**


#      - /blade-placeExt/**


#      - /blade-grid/**


#      - /blade-community/**


#      - /blade-gridman/**


#      - /blade-propertyCompany/**


#      - /blade-eCallEvent/**


#      - /blade-system/**


#      - /blade-propertyCompanyComment/**


#      - /blade-policeStation/**


#      - /blade-policeAffairsGrid/**


    #授权认证配置


    auth:


      - method: ALL