🔖 Releasing / Version tags. 3.4.8 fix spring rce

README.md

@@ -32,7 +32,7 @@
 
 | 依赖                   | 版本         |
 | ---------------------- |------------|
-| Spring Boot            | 2.6.5      |
+| Spring Boot            | 2.6.6      |
 | Spring Cloud           | 2021.0.1   |
 | Spring Cloud Alibaba   | 2021.0.1.0 |
 | Spring Security OAuth2 | 2.3.6      |

pig-common/pig-common-feign/src/main/java/com/pig4cloud/pig/common/feign/sentinel/handle/GlobalBizExceptionHandler.java

@@ -28,9 +28,7 @@ import org.springframework.util.Assert;
 import org.springframework.validation.BindException;
 import org.springframework.validation.FieldError;
 import org.springframework.web.bind.MethodArgumentNotValidException;
-import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 
@@ -122,16 +120,4 @@ public class GlobalBizExceptionHandler {
 		return R.failed(fieldErrors.get(0).getDefaultMessage());
 	}
 
-	/**
-	 * fix Spring RCE 0day 入参不能包含如下字段
-	 *
-	 * TODO 有待考证
-	 * @param dataBinder
-	 */
-	@InitBinder
-	public void setAllowedFields(WebDataBinder dataBinder) {
-		String[] abd = new String[] { "class.*", "Class.*", "*.class.*", "*.Class.*" };
-		dataBinder.setDisallowedFields(abd);
-	}
-
 }

pom.xml

@@ -27,7 +27,7 @@
 	<url>https://www.pig4cloud.com</url>
 
 	<properties>
-		<spring-boot.version>2.6.5</spring-boot.version>
+		<spring-boot.version>2.6.6</spring-boot.version>
 		<spring-cloud.version>2021.0.1</spring-cloud.version>
 		<spring-cloud-alibaba.version>2021.0.1.0</spring-cloud-alibaba.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>