Skip to content

Commit

Permalink
Merge pull request #1910 from liuliaozhong/3.6.x
Browse files Browse the repository at this point in the history
bugfix: 修复Apache Commons FileUpload安全漏洞(CVE-2023-24998) #1901
  • Loading branch information
wangyu096 authored Apr 4, 2023
2 parents 08f26cb + 312114b commit 341ec21
Show file tree
Hide file tree
Showing 8 changed files with 8 additions and 35 deletions.
8 changes: 8 additions & 0 deletions src/backend/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -282,6 +282,14 @@ subprojects {
dependency "com.beust:jcommander:$jcommanderVersion"
}
}
dependencies {
constraints {
implementation('commons-fileupload:commons-fileupload:1.5') {
because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
}
}
}

configurations {
all*.exclude group: 'junit', module: 'junit'
all*.exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
Expand Down
5 changes: 0 additions & 5 deletions src/backend/commons/common-security/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,6 @@ dependencies {
implementation 'io.jsonwebtoken:jjwt'
implementation 'com.google.guava:guava'
implementation 'org.springframework.cloud:spring-cloud-starter-openfeign'
constraints {
implementation('commons-fileupload:commons-fileupload:1.5') {
because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
}
}
implementation 'org.springframework:spring-context'
api 'org.springframework.boot:spring-boot'
api 'org.springframework.boot:spring-boot-autoconfigure'
Expand Down
5 changes: 0 additions & 5 deletions src/backend/commons/common-service/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,6 @@ dependencies {
api 'org.springframework.boot:spring-boot-starter-actuator'
api 'org.springframework.boot:spring-boot-starter-logging'
api 'org.springframework.cloud:spring-cloud-starter-openfeign'
constraints {
implementation('commons-fileupload:commons-fileupload:1.5') {
because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
}
}
api 'org.springframework.cloud:spring-cloud-starter-sleuth'
if (k8s) {
println("Compile with kubernetes mode")
Expand Down
5 changes: 0 additions & 5 deletions src/backend/job-analysis/service-job-analysis/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -42,11 +42,6 @@ dependencies {
implementation "org.springframework.boot:spring-boot-starter-jooq"
implementation "org.springframework.cloud:spring-cloud-starter-sleuth"
implementation "org.springframework.cloud:spring-cloud-starter-openfeign"
constraints {
implementation('commons-fileupload:commons-fileupload:1.5') {
because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
}
}
implementation "ch.qos.logback:logback-core"
implementation "ch.qos.logback:logback-classic"
implementation "org.slf4j:slf4j-api"
Expand Down
5 changes: 0 additions & 5 deletions src/backend/job-crontab/service-job-crontab/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,6 @@ dependencies {
implementation "org.apache.commons:commons-collections4"
api("org.springframework.cloud:spring-cloud-starter-sleuth")
implementation('org.springframework.cloud:spring-cloud-starter-openfeign')
constraints {
implementation('commons-fileupload:commons-fileupload:1.5') {
because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
}
}
implementation "ch.qos.logback:logback-core"
implementation "ch.qos.logback:logback-classic"
implementation "org.slf4j:slf4j-api"
Expand Down
5 changes: 0 additions & 5 deletions src/backend/job-execute/service-job-execute/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,6 @@ dependencies {
implementation "org.springframework.cloud:spring-cloud-stream"
implementation "org.springframework.cloud:spring-cloud-starter-sleuth"
implementation 'org.springframework.cloud:spring-cloud-starter-openfeign'
constraints {
implementation('commons-fileupload:commons-fileupload:1.5') {
because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
}
}
implementation 'org.springframework.boot:spring-boot-starter-amqp'
implementation "ch.qos.logback:logback-core"
implementation "ch.qos.logback:logback-classic"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,5 @@ dependencies {
implementation "org.springframework.boot:spring-boot-starter-web"
implementation "org.springframework.cloud:spring-cloud-starter-sleuth"
implementation('org.springframework.cloud:spring-cloud-starter-openfeign')
constraints {
implementation('commons-fileupload:commons-fileupload:1.5') {
because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
}
}
implementation 'org.apache.httpcomponents:httpclient'
}
5 changes: 0 additions & 5 deletions src/backend/job-manage/service-job-manage/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,6 @@ dependencies {
implementation "org.springframework.cloud:spring-cloud-stream"
implementation "org.springframework.cloud:spring-cloud-starter-sleuth"
implementation "org.springframework.cloud:spring-cloud-starter-openfeign"
constraints {
implementation('commons-fileupload:commons-fileupload:1.5') {
because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
}
}
implementation "ch.qos.logback:logback-core"
implementation "ch.qos.logback:logback-classic"
implementation "org.slf4j:slf4j-api"
Expand Down

0 comments on commit 341ec21

Please sign in to comment.