Skip to content

Commit

Permalink
Merge pull request #1375 from lilai23/version_update
Browse files Browse the repository at this point in the history
修复jackson-databind、gson、protobuf-java组件相关安全漏洞版本
  • Loading branch information
luanwenfei-venus authored Nov 29, 2023
2 parents b3d1022 + 781ac9a commit 198029d
Show file tree
Hide file tree
Showing 15 changed files with 47 additions and 12 deletions.
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
<http.core.version>4.4.13</http.core.version>
<Java-WebSocket.version>1.5.1</Java-WebSocket.version>
<netty.version>4.1.94.Final</netty.version>
<protobuf.version>3.17.3</protobuf.version>
<protobuf.version>3.19.6</protobuf.version>
<fastjson.version>1.2.83</fastjson.version>
<xml.apis.version>1.4.01</xml.apis.version>
<xerces.version>2.12.1</xerces.version>
Expand Down
2 changes: 1 addition & 1 deletion sermant-agentcore/sermant-agentcore-implement/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
<javadoc.plugin.version>3.3.2</javadoc.plugin.version>
<nexus.staging.plugin.version>1.6.7</nexus.staging.plugin.version>
<nacos.version>2.1.0</nacos.version>
<jackson-databind.version>2.13.4.1</jackson-databind.version>
<jackson-databind.version>2.13.4.2</jackson-databind.version>
</properties>

<dependencies>
Expand Down
4 changes: 2 additions & 2 deletions sermant-backend/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<io.netty.version>4.1.86.Final</io.netty.version>
<spring-boot.version>2.6.1</spring-boot.version>
<protobuf-java.version>3.9.1</protobuf-java.version>
<protobuf-java.version>3.19.6</protobuf-java.version>
<lombok.version>1.18.22</lombok.version>
<fastjson.version>1.2.83</fastjson.version>
<commons-lang.version>2.6</commons-lang.version>
Expand All @@ -29,7 +29,7 @@
<jedis.version>4.3.1</jedis.version>
<powermock.version>2.0.9</powermock.version>
<expiringmap.version>0.5.8</expiringmap.version>
<jackson-databind.version>2.13.4.1</jackson-databind.version>
<jackson-databind.version>2.13.4.2</jackson-databind.version>
<webapp.path>${project.basedir}/src/main/webapp/frontend</webapp.path>
</properties>

Expand Down
2 changes: 1 addition & 1 deletion sermant-injector/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
<commons.io.version>2.11.0</commons.io.version>
<spring.boot.version>2.7.1</spring.boot.version>
<spring.boot.version>2.7.4</spring.boot.version>
</properties>

<dependencies>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,10 @@
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo</artifactId>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
</dependency>
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-framework</artifactId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo</artifactId>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
</dependency>
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-framework</artifactId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,10 @@
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo</artifactId>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
</dependency>
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-framework</artifactId>
Expand Down
12 changes: 12 additions & 0 deletions sermant-integration-tests/dubbo-test/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
<alibaba.dubbo.version>2.6.12</alibaba.dubbo.version>
<curator.version>4.0.1</curator.version>
<zkclient.version>0.2</zkclient.version>
<gson.version>2.8.9</gson.version>
</properties>
<dependencyManagement>
<dependencies>
Expand All @@ -67,6 +68,17 @@
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo</artifactId>
<version>${dubbo.version}</version>
<exclusions>
<exclusion>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>${gson.version}</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
Expand Down
2 changes: 0 additions & 2 deletions sermant-integration-tests/scripts/AgentLoader.java
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,6 @@
* limitations under the License.
*/

package com.huaweicloud.sermant.script;

import com.sun.tools.attach.AgentInitializationException;
import com.sun.tools.attach.AgentLoadException;
import com.sun.tools.attach.AttachNotSupportedException;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
<package.plugin.type>service</package.plugin.type>
<config.skip.flag>false</config.skip.flag>
<resilience4j.version>1.7.1</resilience4j.version>
<jackson.version>2.13.4.1</jackson.version>
<jackson.version>2.13.4.2</jackson.version>
<jackson.core.version>2.13.4</jackson.core.version>
</properties>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<dubbo.version>2.7.15</dubbo.version>
<alibaba.dubbo.version>2.6.12</alibaba.dubbo.version>
<jackson.databind.version>2.13.4.1</jackson.databind.version>
<jackson.databind.version>2.13.4.2</jackson.databind.version>
<surefire.plugin.version>2.22.2</surefire.plugin.version>
<package.plugin.type>service</package.plugin.type>
<config.skip.flag>false</config.skip.flag>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
<spring-cloud.version>2.2.1.RELEASE</spring-cloud.version>
<feigin.version>10.0.0</feigin.version>
<zuul.version>1.3.0</zuul.version>
<gson.version>2.8.9</gson.version>
</properties>

<dependencies>
Expand Down Expand Up @@ -71,6 +72,18 @@
<artifactId>spring-cloud-starter-consul-discovery</artifactId>
<version>${spring-cloud.version}</version>
<scope>provided</scope>
<exclusions>
<exclusion>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>${gson.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
<ribbon-loadbalancer-version>2.3.0</ribbon-loadbalancer-version>
<spring-cloud-version>2.1.0.RELEASE</spring-cloud-version>
<slf4j.version>1.7.35</slf4j.version>
<jackson.databind.version>2.13.4.1</jackson.databind.version>
<jackson.databind.version>2.13.4.2</jackson.databind.version>
</properties>

<dependencies>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<package.plugin.type>service</package.plugin.type>
<cloud.zk.version>3.1.0</cloud.zk.version>
<jackson.version>2.13.4.1</jackson.version>
<jackson.version>2.13.4.2</jackson.version>
<guava.version>31.1-jre</guava.version>
<!--Curator 2.x.x兼容Zookeeper的3.4.x和3.5.x
Curator 3.x.x只兼容Zookeeper 3.5.x-->
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
<config.skip.flag>false</config.skip.flag>
<package.plugin.type>plugin</package.plugin.type>
<grpc.version>1.52.1</grpc.version>
<protobuf.version>3.18.0</protobuf.version>
<protobuf.version>3.19.6</protobuf.version>
</properties>

<dependencies>
Expand Down

0 comments on commit 198029d

Please sign in to comment.