apolloconfig/apollo

apollo-common和apollo-biz有一些安全漏洞

Open

#5386 aperta il 14 mag 2025

Vedi su GitHub
 (3 commenti) (0 reazioni) (0 assegnatari)Java (10.177 fork)batch import
help wanted

Metriche repository

Star
 (29.769 star)
Metriche merge PR
 (Merge medio 4g 13h) (6 PR mergiate in 30 g)

Descrizione

你好,我引入apollo-common和apollo-biz2.4.0版本,发现有一些安全漏洞,请问有计划进行升级吗? apollo-common H2 Database Engine:2.1.214 (CVE-2022-45868 (BDSA-2022-3649)) Nimbus-JOSE-JWT:9.22(CVE-2023-52428 (BDSA-2023-3666)) PostgreSQL JDBC Driver (pgjdbc):42.3.8(CVE-2024-1597 (BDSA-2024-0368)) SnakeYAML:1.33(CVE-2022-1471 (BDSA-2022-3447)) Spring Boot:2.7.18(BDSA-2024-5686 (CVE-2024-38807)) Spring Framework:5.3.39(CVE-2016-1000027) Spring Security:5.7.11(BDSA-2024-0647 (CVE-2024-22257)、BDSA-2024-7762)

apollo-biz Apache Commons JXPath:1.3(CVE-2022-40159 (BDSA-2022-3402)) Apache ZooKeeper:3.9.2(BDSA-2024-8266) Jettison - Json Stax implementation:1.4.0(CVE-2022-40149 (BDSA-2022-3277)、CVE-2022-40150 (BDSA-2022-3278)、CVE-2022-45685 (BDSA-2022-3714)、CVE-2022-45693 (BDSA-2022-3715)、CVE-2023-1436 (BDSA-2023-0994)) Woodstox:6.2.1(CVE-2022-40152 (BDSA-2022-2582))

Guida contributor