Skip to content

Commit

Permalink
bugfix: 修复Spring Cloud Function拒绝服务漏洞(CVE-2022-22979) #1593
Browse files Browse the repository at this point in the history
升级Spring Cloud Function小版本至3.2.8
  • Loading branch information
jsonwan committed Dec 8, 2022
1 parent 688027d commit a9d702b
Show file tree
Hide file tree
Showing 15 changed files with 18 additions and 24 deletions.
3 changes: 3 additions & 0 deletions src/backend/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,9 @@ ext {
set('bkjobVersion', "1.0.0")
println "bkjobVersoin:" + bkjobVersion
}
// Fix Spring Cloud Function Spel表达式注入漏洞(CVE-2022-22963)
// Fix Spring Cloud Function 拒绝服务漏洞(CVE-2022-22979)
set('spring-cloud-function.version', "3.2.8")
}

group "com.tencent.bk.job"
Expand Down
2 changes: 1 addition & 1 deletion src/backend/job-analysis/boot-job-analysis/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ dependencies {
testImplementation("com.h2database:h2")
}
springBoot {
mainClassName = "com.tencent.bk.job.analysis.JobAnalysisBootApplication"
getMainClass().set("com.tencent.bk.job.analysis.JobAnalysisBootApplication")
buildInfo()
}
task renameArtifacts(type: Copy) {
Expand Down
4 changes: 1 addition & 3 deletions src/backend/job-backup/boot-job-backup/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -31,16 +31,14 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-jdbc'
implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap'
implementation 'org.springframework.cloud:spring-cloud-starter-bus-amqp'
// Fix RoutingFunction SpEL evaluation
implementation 'org.springframework.cloud:spring-cloud-function-context:3.1.7'
implementation 'org.springframework:spring-webmvc'
implementation(group: 'org.springframework.boot', name: 'spring-boot-starter-data-redis')
runtimeOnly('mysql:mysql-connector-java')

testImplementation("com.h2database:h2")
}
springBoot {
mainClassName = "com.tencent.bk.job.backup.JobBackupBootApplication"
getMainClass().set("com.tencent.bk.job.backup.JobBackupBootApplication")
buildInfo()
}
task renameArtifacts(type: Copy) {
Expand Down
2 changes: 1 addition & 1 deletion src/backend/job-config/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ dependencies {

apply plugin: 'org.springframework.boot'
springBoot {
mainClassName = "com.tencent.bk.job.config.JobConfigBootApplication"
getMainClass().set("com.tencent.bk.job.config.JobConfigBootApplication")
buildInfo()
}
apply from: "$rootDir/task_job_package.gradle"
2 changes: 1 addition & 1 deletion src/backend/job-crontab/boot-job-crontab/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ dependencies {
testImplementation("com.h2database:h2")
}
springBoot {
mainClassName = "com.tencent.bk.job.crontab.JobCrontabBootApplication"
getMainClass().set("com.tencent.bk.job.crontab.JobCrontabBootApplication")
buildInfo()
}
task renameArtifacts(type: Copy) {
Expand Down
4 changes: 1 addition & 3 deletions src/backend/job-execute/boot-job-execute/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,12 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-jdbc'
implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap'
implementation 'org.springframework.cloud:spring-cloud-starter-stream-rabbit'
// Fix RoutingFunction SpEL evaluation
implementation 'org.springframework.cloud:spring-cloud-function-context:3.1.7'
runtimeOnly 'mysql:mysql-connector-java'

testImplementation("com.h2database:h2")
}
springBoot {
mainClassName = "com.tencent.bk.job.execute.JobExecuteBootApplication"
getMainClass().set("com.tencent.bk.job.execute.JobExecuteBootApplication")
buildInfo()
}
task renameArtifacts(type: Copy) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ dependencies {
runtimeOnly('mysql:mysql-connector-java')
}
springBoot {
mainClassName = "com.tencent.bk.job.file_gateway.JobFileGatewayBootApplication"
getMainClass().set("com.tencent.bk.job.file_gateway.JobFileGatewayBootApplication")
buildInfo()
}
task renameArtifacts(type: Copy) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-web'
}
springBoot {
mainClassName = "com.tencent.bk.job.file.worker.JobFileWorkerBootApplication"
getMainClass().set("com.tencent.bk.job.file.worker.JobFileWorkerBootApplication")
buildInfo()
}
task renameArtifacts(type: Copy) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ dependencies {
implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap'
}
springBoot {
mainClassName = "com.tencent.bk.job.file.worker.JobFileWorkerBootApplication"
getMainClass().set("com.tencent.bk.job.file.worker.JobFileWorkerBootApplication")
buildInfo()
}
task renameArtifacts(type: Copy) {
Expand Down
2 changes: 1 addition & 1 deletion src/backend/job-gateway/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ dependencies {

apply plugin: 'org.springframework.boot'
springBoot {
mainClassName = "com.tencent.bk.job.gateway.JobGatewayBootApplication"
getMainClass().set("com.tencent.bk.job.gateway.JobGatewayBootApplication")
buildInfo()
}
test {
Expand Down
2 changes: 1 addition & 1 deletion src/backend/job-logsvr/boot-job-logsvr/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ dependencies {
testImplementation 'de.flapdoodle.embed:de.flapdoodle.embed.mongo'
}
springBoot {
mainClassName = "com.tencent.bk.job.logsvr.JobLogBootApplication"
getMainClass().set("com.tencent.bk.job.logsvr.JobLogBootApplication")
buildInfo()
}
task renameArtifacts(type: Copy) {
Expand Down
4 changes: 1 addition & 3 deletions src/backend/job-manage/boot-job-manage/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -31,16 +31,14 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-jdbc'
implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap'
implementation 'org.springframework.cloud:spring-cloud-starter-bus-amqp'
// Fix RoutingFunction SpEL evaluation
implementation 'org.springframework.cloud:spring-cloud-function-context:3.1.7'
implementation 'org.springframework:spring-webmvc'
implementation(group: 'org.springframework.boot', name: 'spring-boot-starter-data-redis')
runtimeOnly('mysql:mysql-connector-java')

testImplementation("com.h2database:h2")
}
springBoot {
mainClassName = "com.tencent.bk.job.manage.JobManageBootApplication"
getMainClass().set("com.tencent.bk.job.manage.JobManageBootApplication")
buildInfo()
}
task renameArtifacts(type: Copy) {
Expand Down
3 changes: 0 additions & 3 deletions src/backend/upgrader/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,6 @@ apply plugin: "application"
mainClassName = "com.tencent.bk.job.upgrader.Upgrader"

shadowJar {
// baseName为插件默认打包名+".jar",bkdevops-plugin.jar
// 如果修改,则要一同修改插件task.json中的target启动命令
// 为了省事,建议不用修改
classifier = null
zip64 true
}
Expand Down
4 changes: 2 additions & 2 deletions support-files/dependJarInfo/md5List.txt
Original file line number Diff line number Diff line change
Expand Up @@ -178,8 +178,8 @@ b567d00c0e1424ee412e049e7843e327
5902267a14aac1dd3378574f3738823e
21a6fb87085d1eb3627bf6852b3e66f7
71dee84bd1cf2049225f9d601d5f3c09
34dd0a94a108a2915ccbcd659f8b87bc
043b1de45a183607b3f143b0efcc61df
bb341e8db731b0a0f8552209e3c1da1e
1c6566af0882050b743665fb89b927c1
2b376967c0b44f3bd08d7a0f7150ce12
f3d37a87ce0e2fd4e56ba129ea1b8c99
6349dbeb65a5a7239aecb5e23d6a437d
Expand Down
4 changes: 2 additions & 2 deletions support-files/dependJarInfo/versionList.txt
Original file line number Diff line number Diff line change
Expand Up @@ -178,8 +178,8 @@
2.2.2.RELEASE
2.2.2.RELEASE
2.2.2.RELEASE
3.0.3.RELEASE
3.0.3.RELEASE
3.2.8
3.2.8
2.2.2.RELEASE
2.2.2.RELEASE
2.2.2.RELEASE
Expand Down

0 comments on commit a9d702b

Please sign in to comment.