Skip to content

Commit

Permalink
fix: vulnerability (alibaba#11914)
Browse files Browse the repository at this point in the history 
- CVE-2024-22257 Upgrade Spring Security to 5.7.12.
- Use spring-framework-bom as dependencyManagement.

Closes alibaba#11904
  • Loading branch information
@cxhello
cxhello authored Apr 8, 2024
1 parent d4126ba commit d179e47
Showing 1 changed file with 18 additions and 7 deletions.
25 changes: 18 additions & 7 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,8 @@
<jraft-core.version>1.3.14</jraft-core.version>
<rpc-grpc-impl.version>${jraft-core.version}</rpc-grpc-impl.version>
<SnakeYaml.version>2.0</SnakeYaml.version>
<spring-web.version>5.3.33</spring-web.version>
<spring.version>5.3.33</spring.version>
<spring-security.version>5.7.12</spring-security.version>
</properties>
<!-- == -->
<!-- =========================================================Build plugins================================================ -->
Expand Down Expand Up @@ -642,6 +643,22 @@
sub-modules will not introduce these dependencies by default -->
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>${spring.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>

<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-bom</artifactId>
<version>${spring-security.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>

<dependency>
<!-- Import dependency management from Spring Boot -->
<groupId>org.springframework.boot</groupId>
Expand Down Expand Up @@ -995,12 +1012,6 @@
<artifactId>snakeyaml</artifactId>
<version>${SnakeYaml.version}</version>
</dependency>

<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring-web.version}</version>
</dependency>
</dependencies>
</dependencyManagement>

Expand Down

0 comments on commit d179e47

Please sign in to comment.