javaee-tutorial
javaee-tutorial copied to clipboard
c0de8ug
Maven + Mysql + Shiro + SpringMVC + Spring
Bumps [shiro-core](https://github.com/apache/shiro) from 1.4.2 to 1.9.1. Changelog Sourced from shiro-core's changelog. Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 5.1.38 to 8.0.28. Changelog Sourced from mysql-connector-java's changelog. Changelog https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/ Version 8.0.29 Fix for Bug#21978230, COMMENT PARSING NOT PROPER IN PREPSTMT.EXECUTEBATCH(). Fix for Bug#81468 (23312764), MySQL server...
Bumps [gson](https://github.com/google/gson) from 2.6 to 2.8.9. Release notes Sourced from gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (#1993). Deprecate Gson.excluder() exposing internal Excluder class (#1986). Prevent...
Bumps [spring-webmvc](https://github.com/spring-projects/spring-framework) from 4.2.4.RELEASE to 5.3.18. Release notes Sourced from spring-webmvc's releases. v5.3.18 :star: New Features Restrict access to property paths on Class references #28261 Introduce cancel(boolean mayInterruptIfRunning) in ScheduledTask...
Bumps shiro-spring from 1.2.4 to 1.7.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Bumps [shiro-web](https://github.com/apache/shiro) from 1.2.4 to 1.7.1. Changelog Sourced from shiro-web's changelog. 1.7.1 ########################################################### Bug [SHIRO-797] - Shiro 1.7.0 is lower than using springboot version 2.0.7 dependency error ########################################################### 1.7.0 ###########################################################...
Bumps log4j-core from 2.3 to 2.16.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Hi, In **javaee-tutorial**,there is a dependency **org.apache.shiro:shiro-web:1.2.4** that calls the risk method. [CVE-2020-11989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11989) The scope of this CVE affected version is **[,1.5.3)** After further analysis, in this project, the main...
Bumps [mybatis](https://github.com/mybatis/mybatis-3) from 3.3.1 to 3.5.6. Release notes Sourced from mybatis's releases. mybatis-3.5.6 Enhancements: A new configuration option defaultSqlProviderType is added. The specified class will be used as the SQL...