fix 修复 snakeyaml 漏洞强制升级依赖版本(临时处理等boot升级)

2022-09-26 17:07:09 +08:00 · 2022-09-26 17:07:09 +08:00 · be33739a3c
parent bc376899b2
commit be33739a3c
1 changed files with 9 additions and 0 deletions
--- a/pom.xml
+++ b/pom.xml
@ -44,6 +44,8 @@

        <!-- 统一 guava 版本 解决隐式漏洞问题 -->
        <guava.version>31.1-jre</guava.version>
+        <!-- 临时修复 snakeyaml 漏洞 -->
+        <snakeyaml.version>1.31</snakeyaml.version>

        <!-- OSS 配置 -->
        <aws-java-sdk-s3.version>1.12.300</aws-java-sdk-s3.version>
@ -304,6 +306,13 @@
                <version>${guava.version}</version>
            </dependency>

+            <!-- 临时修复 snakeyaml 漏洞 -->
+            <dependency>
+                <groupId>org.yaml</groupId>
+                <artifactId>snakeyaml</artifactId>
+                <version>${snakeyaml.version}</version>
+            </dependency>
+
            <!-- 统一 fastjson 版本 解决alibaba组件序列化漏洞问题 -->
            <dependency>
                <groupId>com.alibaba</groupId>