blogSpringBoot
blogSpringBoot copied to clipboard
lurenha
一个基于Vue+SpringBoot的个人博客项目。
Bumps [fastjson](https://github.com/alibaba/fastjson) from 1.2.73 to 1.2.83. Release notes Sourced from fastjson's releases. FASTJSON 1.2.83版本发布(安全修复) 这是一个安全修复版本,修复最近收到在特定场景下可以绕过autoType关闭限制的漏洞,建议fastjson用户尽快采取安全措施保障系统安全。 安全修复方案 :https://github.com/alibaba/fastjson/wiki/security_update_20220523 Issues 安全加固 修复JDK17下setAccessible报错的问题 #4077 下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.83/ 文档 https://github.com/alibaba/fastjson/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98 源码 https://github.com/alibaba/fastjson/tree/1.2.83 fastjson 1.2.79版本发布,BUG修复 这又是一个bug...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps commons-io from 2.5 to 2.7. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Fix issue #12 by update dependency org.springframework.boot:spring-boot-starter-parent:2.1.18.RELEASE @lurenha
Hi, In **/**,there is a dependency **org.springframework.security:spring-security-core:5.1.5.RELEASE** that calls the risk method. [CVE-2020-5408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5408) The scope of this CVE affected version is ** [5.3.0.RELEASE, 5.3.2.RELEASE) [5.2.0.RELEASE, 5.2.4.RELEASE) [5.1.0.RELEASE, 5.1.10.RELEASE) [5.0.0.RELEASE, 5.0.16.RELEASE)...