seed
seed copied to clipboard
jadyer
玄玉的个人总结
Fix issue #11 by update dependency spring-boot.version:2.1.14 Fix issue #12 by update dependency fastjson.version:1.2.83 @jadyer
Hi, In **/seed-comm**,there is a dependency **com.alibaba:fastjson:1.2.74** that calls the risk method. [CVE-2022-25845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25845) The scope of this CVE affected version is **[,1.2.83)** After further analysis, in this project, the main...
Hi, In **/seed-mpp**,there is a dependency **org.dom4j:dom4j:2.1.1** that calls the risk method. [CVE-2020-10683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10683) The scope of this CVE affected version is **[2.1.0,2.1.3) [2.0.0,2.0.3)** After further analysis, in this project, the...
Bumps commons-fileupload from 1.4 to 1.5. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps commons-net from 3.7.1 to 3.9.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Bumps [jsoup](https://github.com/jhy/jsoup) from 1.13.1 to 1.15.3. Release notes Sourced from jsoup's releases. jsoup 1.15.3 jsoup 1.15.3 is out now, and includes a security fix for potential XSS attacks, along with...
Bumps [fastjson](https://github.com/alibaba/fastjson) from 1.2.74 to 1.2.83. Release notes Sourced from fastjson's releases. FASTJSON 1.2.83版本发布(安全修复) 这是一个安全修复版本,修复最近收到在特定场景下可以绕过autoType关闭限制的漏洞,建议fastjson用户尽快采取安全措施保障系统安全。 安全修复方案 :https://github.com/alibaba/fastjson/wiki/security_update_20220523 Issues 安全加固 修复JDK17下setAccessible报错的问题 #4077 下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.83/ 文档 https://github.com/alibaba/fastjson/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98 源码 https://github.com/alibaba/fastjson/tree/1.2.83 fastjson 1.2.79版本发布,BUG修复 这又是一个bug...
Bumps httpclient from 4.5.3 to 4.5.13. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Bumps [mina-core](https://github.com/apache/mina) from 2.0.21 to 2.1.5. Commits bc9bb23 [maven-release-plugin] prepare release 2.1.5 dfd80f1 workout for failing unit test 3bca0bc Adds malformed HTTP request check 7dc266a Fixes HTTP pipeline processing issue...
Bumps [bcprov-jdk15on](https://github.com/bcgit/bc-java) from 1.62 to 1.67. Changelog Sourced from bcprov-jdk15on's changelog. 2.1.1 Version Release: 1.70 Date: TBD 2.2.1 Version Release: 1.69 Date: 2021, June 7th. ... (truncated) Commits See full...