!179 fastjson漏洞处理

Merge pull request !179 from October/master
This commit is contained in:
芋道源码 2022-06-01 13:34:33 +00:00 committed by Gitee
commit 1c89d3ba84
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F

View File

@ -52,6 +52,7 @@
<easyexcel.verion>2.2.7</easyexcel.verion> <easyexcel.verion>2.2.7</easyexcel.verion>
<velocity.version>2.2</velocity.version> <velocity.version>2.2</velocity.version>
<screw.version>1.0.5</screw.version> <screw.version>1.0.5</screw.version>
<fastjson.version>2.0.4</fastjson.version>
<guava.version>30.1.1-jre</guava.version> <guava.version>30.1.1-jre</guava.version>
<guice.version>5.1.0</guice.version> <guice.version>5.1.0</guice.version>
<transmittable-thread-local.version>2.12.2</transmittable-thread-local.version> <transmittable-thread-local.version>2.12.2</transmittable-thread-local.version>
@ -475,6 +476,13 @@
<version>${velocity.version}</version> <version>${velocity.version}</version>
</dependency> </dependency>
<!--fastjson漏洞升级此次事件影响fastjson 1.2.80及之前所有版本 -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>${fastjson.version}</version>
</dependency>
<dependency> <dependency>
<groupId>cn.smallbun.screw</groupId> <groupId>cn.smallbun.screw</groupId>
<artifactId>screw-core</artifactId> <!-- 实现数据库文档 --> <artifactId>screw-core</artifactId> <!-- 实现数据库文档 -->
@ -483,6 +491,10 @@
<exclusion> <exclusion>
<groupId>org.freemarker</groupId> <groupId>org.freemarker</groupId>
<artifactId>freemarker</artifactId> <!-- 移除 Freemarker 依赖,采用 Velocity 作为模板引擎 --> <artifactId>freemarker</artifactId> <!-- 移除 Freemarker 依赖,采用 Velocity 作为模板引擎 -->
</exclusion>
<exclusion>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId> <!-- 最新版screw-core1.0.5依赖fastjson1.2.73存在漏洞,移除。 -->
</exclusion> </exclusion>
</exclusions> </exclusions>
</dependency> </dependency>