ly
/
Stwzhj-Cloud-Plus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix 修复 snakeyaml 漏洞 强制升级依赖版本(临时处理等boot升级)

2.X
疯狂的狮子li 2022-09-26 17:07:09 +08:00
parent bc376899b2
commit be33739a3c
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pom.xml
View File

@ -44,6 +44,8 @@
<!-- 统一 guava 版本 解决隐式漏洞问题 --> <!-- 统一 guava 版本 解决隐式漏洞问题 -->
<guava.version>31.1-jre</guava.version> <guava.version>31.1-jre</guava.version>
<!-- 临时修复 snakeyaml 漏洞 -->
<snakeyaml.version>1.31</snakeyaml.version>
<!-- OSS 配置 --> <!-- OSS 配置 -->
<aws-java-sdk-s3.version>1.12.300</aws-java-sdk-s3.version> <aws-java-sdk-s3.version>1.12.300</aws-java-sdk-s3.version>
@ -304,6 +306,13 @@
<version>${guava.version}</version> <version>${guava.version}</version>
</dependency> </dependency>
<!-- 临时修复 snakeyaml 漏洞 -->
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>${snakeyaml.version}</version>
</dependency>
<!-- 统一 fastjson 版本 解决alibaba组件序列化漏洞问题 --> <!-- 统一 fastjson 版本 解决alibaba组件序列化漏洞问题 -->
<dependency> <dependency>
<groupId>com.alibaba</groupId> <groupId>com.alibaba</groupId>