New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: 修复第三方组件安全漏洞 #2865 #3122

Merged

wangyu096 merged 3 commits into TencentBlueKing:3.6.x from liuliaozhong:3.6.x_issue_2865

Jul 16, 2024

Collaborator

liuliaozhong commented Jul 15, 2024 •

edited

Loading

3.6.x第三方组件安全漏洞修复
CVE-2021-3711，CVE-2023-22102：mysql-connector-java-8.0.25.jar --> mysql-connector-java-8.0.28.jar
CVE-2022-22980： spring-data-mongodb-3.1.9.jar --> spring-data-mongodb-3.3.5.jar
CVE-2022-22978, CVE-2021-22119：spring-security 5.4.6 --> 5.5.7
CVE-2022-22965： spring-framework 5.3.7 -> 5.3.23
CVE-2022-42004, CVE-2022-42003, CVE-2021-46877, CVE-2020-36518：jackson 2.11.4 -> 2.12.7.1
CVE-2021-22044：spring-cloud-openfeign-core-3.0.3.jar --> spring-cloud-openfeign-core-3.0.5.jar
CVE-2022-3510, CVE-2022-3509：protobuf-java-3.11.4.jar --> protobuf-java-3.16.3.jar
CVE-2021-37137, CVE-2021-37136: netty 4.1.65.Final --> 4.1.68.Final
CVE-2022-25647：gson-2.8.6.jar --> gson-2.8.9.jar
CVE-2019-10086：commons-beanutils-1.9.2.jar --> commons-beanutils-1.9.4.jar
CVE-2023-44487：tomcat 9.0.46 --> 9.0.90


          feat: 修复第三方组件安全漏洞 TencentBlueKing#2865

47b75d9

liuliaozhong requested a review from wangyu096

July 15, 2024 13:25

liuliaozhong added 2 commits

July 16, 2024 10:11


          feat: 修复第三方组件安全漏洞 TencentBlueKing#2865

5f7985b


          feat: 修复第三方组件安全漏洞 TencentBlueKing#2865

53071ed

liuliaozhong force-pushed the 3.6.x_issue_2865 branch from 1f9732b to 53071ed Compare

July 16, 2024 06:01

wangyu096 merged commit 99fb891 into TencentBlueKing:3.6.x

3 of 4 checks passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet