zhuyijun/nacos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: vulnerability (#11914)

Browse Source 
- CVE-2024-22257 Upgrade Spring Security to 5.7.12.
- Use spring-framework-bom as dependencyManagement.

Closes #11904
This commit is contained in:
cxhello 2024-04-08 10:43:18 +08:00 committed by GitHub
parent d4126ba2bd
commit d179e47df4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pom.xml
View File

@ -150,7 +150,8 @@
<jraft-core.version>1.3.14</jraft-core.version>
<rpc-grpc-impl.version>${jraft-core.version}</rpc-grpc-impl.version>
<SnakeYaml.version>2.0</SnakeYaml.version>
<spring-web.version>5.3.33</spring-web.version>
<spring.version>5.3.33</spring.version>
<spring-security.version>5.7.12</spring-security.version>
</properties>
<!-- == -->
<!-- =========================================================Build plugins================================================ -->
@ -642,6 +643,22 @@
sub-modules will not introduce these dependencies by default -->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>${spring.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-bom</artifactId>
<version>${spring-security.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<!-- Import dependency management from Spring Boot -->
<groupId>org.springframework.boot</groupId>
@ -995,12 +1012,6 @@
<artifactId>snakeyaml</artifactId>
<version>${SnakeYaml.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring-web.version}</version>
</dependency>
</dependencies>
</dependencyManagement>