From 524ad4e6ddc04f2f0cfacb33f42c2f022629bbbb Mon Sep 17 00:00:00 2001
From: abbfun <819589789@qq.com>
Date: Mon, 23 May 2022 15:36:18 +0800
Subject: [PATCH] fastjson 版本升级 fastjson <= 1.2.80 存在反序列化任意代码执行漏洞
---
pom.xml | 19 +++----------------
1 files changed, 3 insertions(+), 16 deletions(-)
diff --git a/pom.xml b/pom.xml
index b693251..e1730cb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,9 +24,8 @@
<kaptcha.version>2.3.2</kaptcha.version>
<mybatis-spring-boot.version>2.2.2</mybatis-spring-boot.version>
<pagehelper.boot.version>1.4.1</pagehelper.boot.version>
- <fastjson.version>1.2.80</fastjson.version>
- <oshi.version>6.1.2</oshi.version>
- <jna.version>5.10.0</jna.version>
+ <fastjson.version>1.2.83</fastjson.version>
+ <oshi.version>6.1.6</oshi.version>
<commons.io.version>2.11.0</commons.io.version>
<commons.fileupload.version>1.4</commons.fileupload.version>
<commons.collections.version>3.2.2</commons.collections.version>
@@ -43,7 +42,7 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
- <version>2.5.12</version>
+ <version>2.5.13</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -81,18 +80,6 @@
<groupId>com.github.oshi</groupId>
<artifactId>oshi-core</artifactId>
<version>${oshi.version}</version>
- </dependency>
-
- <dependency>
- <groupId>net.java.dev.jna</groupId>
- <artifactId>jna</artifactId>
- <version>${jna.version}</version>
- </dependency>
-
- <dependency>
- <groupId>net.java.dev.jna</groupId>
- <artifactId>jna-platform</artifactId>
- <version>${jna.version}</version>
</dependency>
<!-- Swagger3依赖 -->
--
Gitblit v1.9.2