Skip to content

Commit

Permalink
feat: 修复第三方组件安全漏洞 TencentBlueKing#2865
Browse files Browse the repository at this point in the history
  • Loading branch information
liuliaozhong committed Jul 16, 2024
1 parent 40179ea commit 2c076ef
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 7 deletions.
5 changes: 5 additions & 0 deletions src/backend/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,10 @@ ext {
set('jcommanderVersion', "1.71")
set('kubernetesJavaClientVersion', "11.0.4")
set('springCloudKubernetesVersion', "2.0.6")
// Fix CVE-2023-44487
set('tomcat.version', "9.0.90")
// Fix CVE-2019-10086,CVE-2014-0114
set('commonsBeanutilsVersion', "1.9.4")
if (System.getProperty("bkjobVersion")) {
set('bkjobVersion', System.getProperty("bkjobVersion"))
println "bkjobVersion:" + bkjobVersion
Expand Down Expand Up @@ -252,6 +256,7 @@ subprojects {
dependency "commons-collections:commons-collections:$commonsCollectionsVersion"
dependency "commons-io:commons-io:$commonsIOVersion"
dependency "commons-codec:commons-codec:$apacheCommonsCodecVersion"
dependency "commons-beanutils:commons-beanutils:$commonsBeanutilsVersion"
dependency "net.sf.dozer:dozer:$dozerVersion"
dependency "org.jedis:jedis:$jedisVersion"
dependency "com.h2database:h2:$h2Version"
Expand Down
2 changes: 1 addition & 1 deletion src/backend/commons/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ subprojects {
version "${jobCommonVersion}"
dependencies {
compileOnly 'javax.servlet:javax.servlet-api:3.1.0'
compileOnly 'ch.qos.logback:logback-classic:1.1.11'
compileOnly 'ch.qos.logback:logback-classic:1.3.14'
compileOnly 'org.projectlombok:lombok'
annotationProcessor 'org.projectlombok:lombok'
testImplementation 'org.junit.jupiter:junit-jupiter'
Expand Down
6 changes: 3 additions & 3 deletions support-files/dependJarInfo/md5List.txt
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ a6e02ea9a5acdc1a31df04d13f3ddc94
45fd4a89c9fd671a0d1dc97c0ec77abe
ef26289b4355269fa45ca0174d4d6652
e91fcd30ba329fd1b0b6dc5321fd067c
d095339044d22475f8b1fea1b626d3bb
07dc532ee316fe1f2f0323e9bd2f8df4
e9158e0983096d3df09236f7b53125aa
f54a8510f834a1a57166970bfc982e94
4a37023740719b391f10030362c86be6
Expand Down Expand Up @@ -240,8 +240,8 @@ bd3d55991beef2ca5e98ee61215c33da
34d27cb411e654f3c2b69bf536984e77
619f94ec2cfa0276622657810eada472
9a816507533880637936bee8c27b238e
f98862daa7adeddd61eaa61c7ad34d45
740cac5cd193b77996ba82572e10cde8
8d88f2789df4b14b66d4d8616415dc9f
7fe523958297c4c99834d8d9c8250d6a
09c19f22d438019835b1f5c0adc0403a
b569cef884a2f96deb03c96362d53a01
3401964a9fc0e0772ab6623b37749d8c
6 changes: 3 additions & 3 deletions support-files/dependJarInfo/versionList.txt
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
0.9.5.4
2.10.0
1.5.1
1.9.1
1.9.4
1.14
3.2.2
4.4
Expand Down Expand Up @@ -240,8 +240,8 @@
2.9.2
1.5.20
1.5.20
9.0.38
9.0.38
9.0.90
9.0.90
2.19.3
2.12.1
2.12.1

0 comments on commit 2c076ef

Please sign in to comment.