From 312114be56680996f0ecef85566981cea3a6b275 Mon Sep 17 00:00:00 2001
From: liuliaozhong <liuliaozhong@canway.net>
Date: Tue, 4 Apr 2023 10:10:10 +0800
Subject: [PATCH] =?UTF-8?q?bugfix:=20=E4=BF=AE=E5=A4=8DApache=20Commons=20?=
 =?UTF-8?q?FileUpload=E5=AE=89=E5=85=A8=E6=BC=8F=E6=B4=9E(CVE-2023-24998)?=
 =?UTF-8?q?=20#1901?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/backend/build.gradle                                  | 8 ++++++++
 src/backend/commons/common-security/build.gradle          | 5 -----
 src/backend/commons/common-service/build.gradle           | 5 -----
 .../job-analysis/service-job-analysis/build.gradle        | 5 -----
 src/backend/job-crontab/service-job-crontab/build.gradle  | 5 -----
 src/backend/job-execute/service-job-execute/build.gradle  | 5 -----
 .../service-job-file-gateway/build.gradle                 | 5 -----
 src/backend/job-manage/service-job-manage/build.gradle    | 5 -----
 8 files changed, 8 insertions(+), 35 deletions(-)

diff --git a/src/backend/build.gradle b/src/backend/build.gradle
index 20b9527c0b..9b2ca46f55 100644
--- a/src/backend/build.gradle
+++ b/src/backend/build.gradle
@@ -282,6 +282,14 @@ subprojects {
             dependency "com.beust:jcommander:$jcommanderVersion"
         }
     }
+    dependencies {
+        constraints {
+            implementation('commons-fileupload:commons-fileupload:1.5') {
+                because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
+            }
+        }
+    }
+
     configurations {
         all*.exclude group: 'junit', module: 'junit'
         all*.exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
diff --git a/src/backend/commons/common-security/build.gradle b/src/backend/commons/common-security/build.gradle
index acd89c3489..e540f42654 100644
--- a/src/backend/commons/common-security/build.gradle
+++ b/src/backend/commons/common-security/build.gradle
@@ -27,11 +27,6 @@ dependencies {
     implementation 'io.jsonwebtoken:jjwt'
     implementation 'com.google.guava:guava'
     implementation 'org.springframework.cloud:spring-cloud-starter-openfeign'
-    constraints {
-        implementation('commons-fileupload:commons-fileupload:1.5') {
-            because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
-        }
-    }
     implementation 'org.springframework:spring-context'
     api 'org.springframework.boot:spring-boot'
     api 'org.springframework.boot:spring-boot-autoconfigure'
diff --git a/src/backend/commons/common-service/build.gradle b/src/backend/commons/common-service/build.gradle
index 0551fbc2b6..2b8c10d50b 100644
--- a/src/backend/commons/common-service/build.gradle
+++ b/src/backend/commons/common-service/build.gradle
@@ -34,11 +34,6 @@ dependencies {
     api 'org.springframework.boot:spring-boot-starter-actuator'
     api 'org.springframework.boot:spring-boot-starter-logging'
     api 'org.springframework.cloud:spring-cloud-starter-openfeign'
-    constraints {
-        implementation('commons-fileupload:commons-fileupload:1.5') {
-            because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
-        }
-    }
     api 'org.springframework.cloud:spring-cloud-starter-sleuth'
     if (k8s) {
         println("Compile with kubernetes mode")
diff --git a/src/backend/job-analysis/service-job-analysis/build.gradle b/src/backend/job-analysis/service-job-analysis/build.gradle
index 827958f6c2..04c4b14bbc 100644
--- a/src/backend/job-analysis/service-job-analysis/build.gradle
+++ b/src/backend/job-analysis/service-job-analysis/build.gradle
@@ -42,11 +42,6 @@ dependencies {
     implementation "org.springframework.boot:spring-boot-starter-jooq"
     implementation "org.springframework.cloud:spring-cloud-starter-sleuth"
     implementation "org.springframework.cloud:spring-cloud-starter-openfeign"
-    constraints {
-        implementation('commons-fileupload:commons-fileupload:1.5') {
-            because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
-        }
-    }
     implementation "ch.qos.logback:logback-core"
     implementation "ch.qos.logback:logback-classic"
     implementation "org.slf4j:slf4j-api"
diff --git a/src/backend/job-crontab/service-job-crontab/build.gradle b/src/backend/job-crontab/service-job-crontab/build.gradle
index ef94e76e51..c56cd6de1e 100644
--- a/src/backend/job-crontab/service-job-crontab/build.gradle
+++ b/src/backend/job-crontab/service-job-crontab/build.gradle
@@ -39,11 +39,6 @@ dependencies {
     implementation "org.apache.commons:commons-collections4"
     api("org.springframework.cloud:spring-cloud-starter-sleuth")
     implementation('org.springframework.cloud:spring-cloud-starter-openfeign')
-    constraints {
-        implementation('commons-fileupload:commons-fileupload:1.5') {
-            because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
-        }
-    }
     implementation "ch.qos.logback:logback-core"
     implementation "ch.qos.logback:logback-classic"
     implementation "org.slf4j:slf4j-api"
diff --git a/src/backend/job-execute/service-job-execute/build.gradle b/src/backend/job-execute/service-job-execute/build.gradle
index 1d2a80ada8..166a684efc 100644
--- a/src/backend/job-execute/service-job-execute/build.gradle
+++ b/src/backend/job-execute/service-job-execute/build.gradle
@@ -41,11 +41,6 @@ dependencies {
     implementation "org.springframework.cloud:spring-cloud-stream"
     implementation "org.springframework.cloud:spring-cloud-starter-sleuth"
     implementation 'org.springframework.cloud:spring-cloud-starter-openfeign'
-    constraints {
-        implementation('commons-fileupload:commons-fileupload:1.5') {
-            because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
-        }
-    }
     implementation 'org.springframework.boot:spring-boot-starter-amqp'
     implementation "ch.qos.logback:logback-core"
     implementation "ch.qos.logback:logback-classic"
diff --git a/src/backend/job-file-gateway/service-job-file-gateway/build.gradle b/src/backend/job-file-gateway/service-job-file-gateway/build.gradle
index e673aef2ac..46fed4fdea 100644
--- a/src/backend/job-file-gateway/service-job-file-gateway/build.gradle
+++ b/src/backend/job-file-gateway/service-job-file-gateway/build.gradle
@@ -33,10 +33,5 @@ dependencies {
     implementation "org.springframework.boot:spring-boot-starter-web"
     implementation "org.springframework.cloud:spring-cloud-starter-sleuth"
     implementation('org.springframework.cloud:spring-cloud-starter-openfeign')
-    constraints {
-        implementation('commons-fileupload:commons-fileupload:1.5') {
-            because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
-        }
-    }
     implementation 'org.apache.httpcomponents:httpclient'
 }
diff --git a/src/backend/job-manage/service-job-manage/build.gradle b/src/backend/job-manage/service-job-manage/build.gradle
index 3dd8eb7087..6b7e21f646 100644
--- a/src/backend/job-manage/service-job-manage/build.gradle
+++ b/src/backend/job-manage/service-job-manage/build.gradle
@@ -43,11 +43,6 @@ dependencies {
     implementation "org.springframework.cloud:spring-cloud-stream"
     implementation "org.springframework.cloud:spring-cloud-starter-sleuth"
     implementation "org.springframework.cloud:spring-cloud-starter-openfeign"
-    constraints {
-        implementation('commons-fileupload:commons-fileupload:1.5') {
-            because 'version 1.4 pulled from spring-cloud-starter-openfeign has vulnerabilities(CVE-2023-24998)'
-        }
-    }
     implementation "ch.qos.logback:logback-core"
     implementation "ch.qos.logback:logback-classic"
     implementation "org.slf4j:slf4j-api"