jwy
/
aeon_admin_back
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

安全报告问题处理

master
review512jwy@163.com 1 week ago
parent
555b397ac2
commit
c1d772ee25
9 changed files with 152 additions and 108 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 73
      dongjian-center-admin-controller/src/main/java/com/dongjian/datacenter/admin/configurator/CrosXssFilter.java
  2. 37
      dongjian-center-admin-controller/src/main/java/com/dongjian/datacenter/admin/controller/AccountController.java
  3. 39
      dongjian-center-admin-controller/src/main/resources/config/application.properties
  4. 2
      dongjian-center-admin-dao/pom.xml
  5. 11
      dongjian-center-admin-service/pom.xml
  6. 27
      dongjian-center-admin-service/src/main/java/com/dongjian/datacenter/admin/service/captcha/HutoolCaptchaGenerator.java
  7. 36
      dongjian-center-admin-service/src/main/java/com/dongjian/datacenter/admin/service/captcha/KaptchaConfig.java
  8. 6
      dongjian-center-admin-util/pom.xml
  9. 29
      pom.xml

73
dongjian-center-admin-controller/src/main/java/com/dongjian/datacenter/admin/configurator/CrosXssFilter.java
View File

@ -8,7 +8,7 @@ import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException; import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest; import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse; import jakarta.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter; import jakarta.servlet.annotation.WebFilter;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
@ -17,16 +17,20 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import java.util.UUID; import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.jboss.logging.MDC; import org.jboss.logging.MDC;
@WebFilter @WebFilter
public class CrosXssFilter implements Filter { public class CrosXssFilter implements Filter {
private static final Logger logger = LoggerFactory.getLogger(CrosXssFilter.class); private static final Logger logger = LoggerFactory.getLogger(CrosXssFilter.class);
@Value("${crosxss.filter.disable:false}") @Value("${crosxss.filter.disable:false}")
private boolean disable; private boolean disable;
@Value("${response.access.control.allow.origin:*}")
private String accessControlAllowOrigin;
@Override @Override
public void init(FilterConfig filterConfig) throws ServletException { public void init(FilterConfig filterConfig) throws ServletException {
} }
@ -37,34 +41,77 @@ public class CrosXssFilter implements Filter {
try { try {
MDC.put("processNo", UUID.randomUUID().toString().replace("-", "")); MDC.put("processNo", UUID.randomUUID().toString().replace("-", ""));
request.setCharacterEncoding("utf-8"); request.setCharacterEncoding("utf-8");
// response.setContentType("text/html;charset=utf-8"); response.setContentType("application/json;charset=UTF-8");
if (disable) { if (disable) {
chain.doFilter(request, response); chain.doFilter(request, response);
} else { } else {
//跨域设置
if (response instanceof HttpServletResponse) { if (response instanceof HttpServletResponse) {
HttpServletResponse httpServletResponse = (HttpServletResponse) response; HttpServletResponse httpServletResponse = (HttpServletResponse) response;
//禁用浏览器缓存 HttpServletRequest httpRequest = (HttpServletRequest) request;
httpServletResponse.setHeader("Cache-Control", "no-store");
//禁止被IFrame嵌套 String referer = httpRequest.getHeader("Referer");
httpServletResponse.setHeader("X-Frame-Options", "deny"); if (StringUtils.isNotBlank(referer) && !"*".equals(accessControlAllowOrigin)
//安全性配置 && !referer.startsWith(accessControlAllowOrigin)) {
httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Invalid Referer");
return;
}
httpServletResponse.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0");
httpServletResponse.setHeader("Pragma", "no-cache");
httpServletResponse.setDateHeader("Expires", 0);
httpServletResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
String nonce = UUID.randomUUID().toString().replace("-", "").substring(0, 16); // 生成随机 nonce
httpServletResponse.setHeader("Content-Security-Policy",
"default-src 'self'; " +
"img-src 'self' data:; "+
"font-src 'self' https://i.alicdn.com data:; "+ //阿里系的ui组件
// "script-src 'self' 'nonce-" + nonce + "'; " + //nonce针对内联 JavaScript
// "style-src 'self' 'nonce-" + nonce + "'; " + //nonce针对内联 CSS
"script-src 'self'; " +
"style-src 'self'; " +
"object-src 'none'; " +
"base-uri 'none'; " +
"form-action 'self'; " +
"frame-ancestors 'none'"
);
httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block"); httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
httpServletResponse.setHeader("X-Content-Type-Options", "nosniff"); httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
httpServletResponse.setHeader("Referrer-Policy", "origin"); httpServletResponse.setHeader("Referrer-Policy", "origin");
httpServletResponse.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload");
//add
httpServletResponse.addHeader("Vary", "Origin");
httpServletResponse.addHeader("Vary", "Access-Control-Request-Method");
httpServletResponse.addHeader("Vary", "Access-Control-Request-Headers");
httpServletResponse.setHeader("Access-Control-Allow-Headers", "*");
httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, OPTIONS");
// 设置允许的域名
httpServletResponse.setHeader("Access-Control-Allow-Origin", accessControlAllowOrigin);
httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
if ("OPTIONS".equals(((HttpServletRequest) request).getMethod())) {
httpServletResponse.setStatus(HttpServletResponse.SC_OK); // 200
return;
}
} }
ServletRequest requestWrapper = null; ServletRequest requestWrapper = null;
if(request instanceof HttpServletRequest) { if(request instanceof HttpServletRequest) {
requestWrapper = new RequestWrapper((HttpServletRequest) request); requestWrapper = new RequestWrapper((HttpServletRequest) request);
} }
if(requestWrapper == null) { if(requestWrapper == null) {
chain.doFilter(request, response); chain.doFilter(request, response);
} else { } else {
chain.doFilter(requestWrapper, response); chain.doFilter(requestWrapper, response);
} }
} }
} finally { } finally {
// 避免线程泄漏
MDC.clear(); MDC.clear();
} }

37
dongjian-center-admin-controller/src/main/java/com/dongjian/datacenter/admin/controller/AccountController.java
View File

@ -1,17 +1,18 @@
package com.dongjian.datacenter.admin.controller; package com.dongjian.datacenter.admin.controller;
import cn.hutool.captcha.CaptchaUtil;
import cn.hutool.captcha.LineCaptcha;
import com.dongjian.datacenter.admin.service.captcha.HutoolCaptchaGenerator;
import io.swagger.v3.oas.annotations.media.Schema; import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.Parameter;
import org.apache.tomcat.util.codec.binary.Base64;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mobile.device.Device; import org.springframework.mobile.device.Device;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import com.google.code.kaptcha.impl.DefaultKaptcha;
import com.dongjian.datacenter.admin.common.response.SimpleDataResponse; import com.dongjian.datacenter.admin.common.response.SimpleDataResponse;
import com.dongjian.datacenter.admin.configurator.interceptor.AccessRequired; import com.dongjian.datacenter.admin.configurator.interceptor.AccessRequired;
import com.dongjian.datacenter.admin.dto.account.CacheUserData; import com.dongjian.datacenter.admin.dto.account.CacheUserData;
@ -20,11 +21,9 @@ import com.dongjian.datacenter.admin.service.AccountService;
import com.dongjian.datacenter.admin.service.captcha.CaptchaService; import com.dongjian.datacenter.admin.service.captcha.CaptchaService;
import com.dongjian.datacenter.admin.service.captcha.CaptchaVO; import com.dongjian.datacenter.admin.service.captcha.CaptchaVO;
import java.awt.image.BufferedImage; import java.awt.*;
import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import javax.imageio.ImageIO;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
@ -40,8 +39,6 @@ public class AccountController {
@Autowired @Autowired
private AccountService accountService; private AccountService accountService;
@Autowired
private DefaultKaptcha producer;
@Autowired @Autowired
private CaptchaService captchaService; private CaptchaService captchaService;
@ -84,20 +81,22 @@ public class AccountController {
@Operation(summary = "获取登录验证码") @Operation(summary = "获取登录验证码")
@RequestMapping(value = "/getCaptcha", method = RequestMethod.GET ) @RequestMapping(value = "/getCaptcha", method = RequestMethod.GET )
public SimpleDataResponse<CaptchaVO> getCaptcha() throws IOException { public SimpleDataResponse<CaptchaVO> getCaptcha() throws IOException {
// 生成文字验证码 // 使用 Hutool 创建一个验证码
String content = producer.createText(); LineCaptcha captcha = CaptchaUtil.createLineCaptcha(110, 40, 4, 5);
// 生成图片验证码 captcha.setFont(new Font("微软雅黑", Font.BOLD, 32));
ByteArrayOutputStream outputStream = null; captcha.setGenerator(new HutoolCaptchaGenerator());
BufferedImage image = producer.createImage(content); // 重新生成验证码内容(因为 setGenerator() 之后要刷新)
outputStream = new ByteArrayOutputStream(); captcha.createCode();
ImageIO.write(image, "jpg", outputStream); String content = captcha.getCode(); // 获取验证码文本
// 对字节数组Base64编码 // Encode byte array to Base64
// BASE64Encoder encoder = new BASE64Encoder();
String str = "data:image/jpeg;base64,"; String str = "data:image/jpeg;base64,";
String base64Img = str + Base64.encodeBase64String(outputStream.toByteArray()).replace("\n", "").replace("\r", ""); String base64Img = str + captcha.getImageBase64()
CaptchaVO captchaVO = captchaService.cacheCaptcha(content); .replace("\n", "")
.replace("\r", "");
// Cache captcha and prepare response
CaptchaVO captchaVO = captchaService.cacheCaptcha(content);
captchaVO.setBase64Img(base64Img); captchaVO.setBase64Img(base64Img);
return SimpleDataResponse.success(captchaVO); return SimpleDataResponse.success(captchaVO);
} }
} }

39
dongjian-center-admin-controller/src/main/resources/config/application.properties
View File

@ -10,15 +10,15 @@ spring.datasource.name=data_center_aeon_admin
spring.datasource.url=jdbc:mysql://${datasourceDNS}/data_center_aeon_admin?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=${datasourceTimeZone} spring.datasource.url=jdbc:mysql://${datasourceDNS}/data_center_aeon_admin?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=${datasourceTimeZone}
spring.datasource.username=${datasourceUsername} spring.datasource.username=${datasourceUsername}
spring.datasource.password=${datasourcePassword} spring.datasource.password=${datasourcePassword}
#使用druid数据源 #\u4F7F\u7528druid\u6570\u636E\u6E90
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
#配置log日志 #\u914D\u7F6Elog\u65E5\u5FD7
logging.config=classpath:config/logback-boot.xml logging.config=classpath:config/logback-boot.xml
logging_level=${loggingLevel} logging_level=${loggingLevel}
logging_path=${loggingPath} logging_path=${loggingPath}
#部署时使用SYSLOG #\u90E8\u7F72\u65F6\u4F7F\u7528SYSLOG
logging_appender=${loggingAppender} logging_appender=${loggingAppender}
logging_maxHistory=${loggingMaxHistory:7} logging_maxHistory=${loggingMaxHistory:7}
logging_maxFileSize=100MB logging_maxFileSize=100MB
@ -26,38 +26,38 @@ mybatis_log_level=${mybatisLogLevel}
user.login.keytimeout=360000 user.login.keytimeout=360000
#集群模式cluster #\u96C6\u7FA4\u6A21\u5F0Fcluster
spring.redis.cluster.nodes=192.168.0.30:7000,192.168.0.30:7001 spring.redis.cluster.nodes=192.168.0.30:7000,192.168.0.30:7001
#跨集群执行命令时要遵循的最大重定向数量 #\u8DE8\u96C6\u7FA4\u6267\u884C\u547D\u4EE4\u65F6\u8981\u9075\u5FAA\u7684\u6700\u5927\u91CD\u5B9A\u5411\u6570\u91CF
spring.redis.cluster.max-redirects=3 spring.redis.cluster.max-redirects=3
#哨兵模式sentinel #\u54E8\u5175\u6A21\u5F0Fsentinel
spring.redis.sentinel.master=mymaster spring.redis.sentinel.master=mymaster
spring.redis.sentinel.nodes=192.168.0.30:16379,192.168.0.30:16379 spring.redis.sentinel.nodes=192.168.0.30:16379,192.168.0.30:16379
#单机模式standalone #\u5355\u673A\u6A21\u5F0Fstandalone
spring.redis.host=${redisHost} spring.redis.host=${redisHost}
spring.redis.port=6379 spring.redis.port=6379
spring.redis.password=${redisPassword} spring.redis.password=${redisPassword}
spring.redis.timeout=5000 spring.redis.timeout=5000
#Redis数据库索引(默认为0) #Redis\u6570\u636E\u5E93\u7D22\u5F15\uFF08\u9ED8\u8BA4\u4E3A0\uFF09
spring.redis.database=15 spring.redis.database=15
#配置启动模式cluster、sentinel、standalone #\u914D\u7F6E\u542F\u52A8\u6A21\u5F0Fcluster\u3001sentinel\u3001standalone
spring.redis.mode=standalone spring.redis.mode=standalone
# Lettuce # Lettuce
# 连接池最大连接数(使用负值表示没有限制) # \u8FDE\u63A5\u6C60\u6700\u5927\u8FDE\u63A5\u6570\uFF08\u4F7F\u7528\u8D1F\u503C\u8868\u793A\u6CA1\u6709\u9650\u5236\uFF09
spring.redis.lettuce.pool.max-active=8 spring.redis.lettuce.pool.max-active=8
# 连接池最大阻塞等待时间(使用负值表示没有限制) # \u8FDE\u63A5\u6C60\u6700\u5927\u963B\u585E\u7B49\u5F85\u65F6\u95F4\uFF08\u4F7F\u7528\u8D1F\u503C\u8868\u793A\u6CA1\u6709\u9650\u5236\uFF09
spring.redis.lettuce.pool.max-wait=100 spring.redis.lettuce.pool.max-wait=100
# 连接池中的最大空闲连接 # \u8FDE\u63A5\u6C60\u4E2D\u7684\u6700\u5927\u7A7A\u95F2\u8FDE\u63A5
spring.redis.lettuce.pool.max-idle=8 spring.redis.lettuce.pool.max-idle=8
# 连接池中的最小空闲连接 # \u8FDE\u63A5\u6C60\u4E2D\u7684\u6700\u5C0F\u7A7A\u95F2\u8FDE\u63A5
spring.redis.lettuce.pool.min-idle=0 spring.redis.lettuce.pool.min-idle=0
# 关闭超时时间 # \u5173\u95ED\u8D85\u65F6\u65F6\u95F4
spring.redis.lettuce.shutdown-timeout=100 spring.redis.lettuce.shutdown-timeout=100
#邮件发送信息 #\u90AE\u4EF6\u53D1\u9001\u4FE1\u606F
mail.smtp.host=email-smtp.ap-northeast-1.amazonaws.com mail.smtp.host=email-smtp.ap-northeast-1.amazonaws.com
mail.smtp.port=465 mail.smtp.port=465
mail.smtp.auth=true mail.smtp.auth=true
@ -67,13 +67,13 @@ mail.sender.password_encrypted=true
mail.sender.password=a/52R0rao7ksRMvl1j17fVEmPCw7gC9OreHDqWOE+S7sgmoQT0YgoLRJqOlJqX7e mail.sender.password=a/52R0rao7ksRMvl1j17fVEmPCw7gC9OreHDqWOE+S7sgmoQT0YgoLRJqOlJqX7e
mail.sender.sendername=datacenter-info mail.sender.sendername=datacenter-info
mail.sender.from=alert@ttkdatatechbuild.com mail.sender.from=alert@ttkdatatechbuild.com
#邮件通知服务开关 #\u90AE\u4EF6\u901A\u77E5\u670D\u52A1\u5F00\u5173
mail.send.switch=true mail.send.switch=true
Spring.mvc.hiddenmethod.filter.enabled=true Spring.mvc.hiddenmethod.filter.enabled=true
#单个文件上传发大小 #\u5355\u4E2A\u6587\u4EF6\u4E0A\u4F20\u53D1\u5927\u5C0F
spring.servlet.multipart.max-file-size=20MB spring.servlet.multipart.max-file-size=20MB
#多个文件上传的共大小不得超过100M #\u591A\u4E2A\u6587\u4EF6\u4E0A\u4F20\u7684\u5171\u5927\u5C0F\u4E0D\u5F97\u8D85\u8FC7100M
spring.servlet.multipart.max-request-size=100MB spring.servlet.multipart.max-request-size=100MB
server.servlet.context-path=/api server.servlet.context-path=/api
@ -82,11 +82,14 @@ mybatis.configuration.map-underscore-to-camel-case=true
server.servlet.session.cookie.http-only=true server.servlet.session.cookie.http-only=true
server.servlet.session.cookie.secure=true server.servlet.session.cookie.secure=true
server.servlet.session.cookie.same-site=strict
springdoc.swagger-ui.doc-expansion=none springdoc.swagger-ui.doc-expansion=none
springdoc.swagger-ui.operations-sorter=alpha springdoc.swagger-ui.operations-sorter=alpha
springdoc.swagger-ui.tags-sorter=alpha springdoc.swagger-ui.tags-sorter=alpha
response.access.control.allow.origin = ${accessControlAllowOrigin:*}
web.login.url=${webLoginUrl} web.login.url=${webLoginUrl}
web.login.2d3d.url=${webLoginUrl2d3d} web.login.2d3d.url=${webLoginUrl2d3d}
web.admin.login.url=${webAdminLoginUrl} web.admin.login.url=${webAdminLoginUrl}

2
dongjian-center-admin-dao/pom.xml
View File

@ -43,7 +43,7 @@
<dependency> <dependency>
<groupId>com.mysql</groupId> <groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId> <artifactId>mysql-connector-j</artifactId>
<version>9.3.0</version> <version>9.5.0</version>
</dependency> </dependency>
</dependencies> </dependencies>
<executions> <executions>

11
dongjian-center-admin-service/pom.xml
View File

@ -45,11 +45,12 @@
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <!-- https://mvnrepository.com/artifact/cn.hutool/hutool-captcha -->
<groupId>com.github.penggle</groupId> <dependency>
<artifactId>kaptcha</artifactId> <groupId>cn.hutool</groupId>
<version>2.3.2</version> <artifactId>hutool-captcha</artifactId>
</dependency> <version>5.8.41</version>
</dependency>
</dependencies> </dependencies>
</project> </project>

27
dongjian-center-admin-service/src/main/java/com/dongjian/datacenter/admin/service/captcha/HutoolCaptchaGenerator.java
View File

@ -0,0 +1,27 @@
package com.dongjian.datacenter.admin.service.captcha;
import cn.hutool.captcha.generator.CodeGenerator;
public class HutoolCaptchaGenerator implements CodeGenerator {
private int length = 4;
private static final String chars = "23456789abcdefghkmnpqrstuvwxyzABCDEFGHKMNPRSTUVWXYZ";
@Override
public String generate() {
StringBuilder sb = new StringBuilder(length);
for (int i = 0; i < length; i++) {
int idx = (int) (Math.random() * chars.length());
sb.append(chars.charAt(idx));
}
return sb.toString();
}
@Override
public boolean verify(String code, String userInput) {
if (code == null || userInput == null) {
return false;
}
return code.equalsIgnoreCase(userInput);
}
}

36
dongjian-center-admin-service/src/main/java/com/dongjian/datacenter/admin/service/captcha/KaptchaConfig.java
View File

@ -1,36 +0,0 @@
package com.dongjian.datacenter.admin.service.captcha;
import java.util.Properties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import com.google.code.kaptcha.impl.DefaultKaptcha;
import com.google.code.kaptcha.util.Config;
@Configuration
public class KaptchaConfig {
@Bean
public DefaultKaptcha producer(){
DefaultKaptcha defaultKaptcha = new DefaultKaptcha();
Properties properties = new Properties();
properties.setProperty("kaptcha.border", "no");
properties.setProperty("kaptcha.border.color", "105,179,90");
properties.setProperty("kaptcha.textproducer.font.color", "black");
properties.setProperty("kaptcha.image.width", "110");
properties.setProperty("kaptcha.image.height", "40");
properties.setProperty("kaptcha.textproducer.char.string","23456789abcdefghkmnpqrstuvwxyzABCDEFGHKMNPRSTUVWXYZ");
properties.setProperty("kaptcha.textproducer.font.size", "30");
properties.setProperty("kaptcha.textproducer.char.space","3");
properties.setProperty("kaptcha.session.key", "code");
properties.setProperty("kaptcha.textproducer.char.length", "4");
properties.setProperty("kaptcha.textproducer.font.names", "宋体,楷体,微软雅黑");
// properties.setProperty("kaptcha.obscurificator.impl","com.xxx");可以重写实现类
properties.setProperty("kaptcha.noise.impl","com.google.code.kaptcha.impl.NoNoise");
Config config = new Config(properties);
defaultKaptcha.setConfig(config);
return defaultKaptcha;
}
}

6
dongjian-center-admin-util/pom.xml
View File

@ -31,11 +31,7 @@
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId> <artifactId>spring-boot-starter-data-redis</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency> <dependency>
<groupId>org.apache.commons</groupId> <groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId> <artifactId>commons-pool2</artifactId>

29
pom.xml
View File

@ -6,7 +6,7 @@
<parent> <parent>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId> <artifactId>spring-boot-starter-parent</artifactId>
<version>3.2.12</version> <version>3.5.7</version>
<relativePath/> <!-- lookup parent from repository --> <relativePath/> <!-- lookup parent from repository -->
</parent> </parent>
@ -55,7 +55,7 @@
<dependency> <dependency>
<groupId>org.apache.tomcat.embed</groupId> <groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId> <artifactId>tomcat-embed-core</artifactId>
<version>10.1.42</version> <version>10.1.49</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
@ -80,7 +80,7 @@
<dependency> <dependency>
<groupId>org.springdoc</groupId> <groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId> <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
<version>2.5.0</version> <version>2.8.14</version>
</dependency> </dependency>
<!-- <dependency> --> <!-- <dependency> -->
<!-- <groupId>io.springfox</groupId> --> <!-- <groupId>io.springfox</groupId> -->
@ -91,17 +91,17 @@
<dependency> <dependency>
<groupId>com.fasterxml.jackson.core</groupId> <groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId> <artifactId>jackson-core</artifactId>
<version>2.19.0</version> <!-- 与 jackson-databind 版本一致 --> <version>2.19.4</version> <!-- 与 jackson-databind 版本一致 -->
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.fasterxml.jackson.core</groupId> <groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId> <artifactId>jackson-databind</artifactId>
<version>2.19.0</version> <version>2.19.4</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.fasterxml.jackson.core</groupId> <groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId> <artifactId>jackson-annotations</artifactId>
<version>2.19.0</version> <version>2.19.4</version>
</dependency> </dependency>
<dependency> <dependency>
@ -113,7 +113,7 @@
<dependency> <dependency>
<groupId>com.mysql</groupId> <groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId> <artifactId>mysql-connector-j</artifactId>
<version>9.3.0</version> <version>9.5.0</version>
</dependency> </dependency>
<dependency> <dependency>
@ -139,20 +139,27 @@
<dependency> <dependency>
<groupId>ch.qos.logback</groupId> <groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId> <artifactId>logback-classic</artifactId>
<version>1.5.18</version> <version>1.5.21</version>
<scope>compile</scope> <scope>compile</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>ch.qos.logback</groupId> <groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId> <artifactId>logback-core</artifactId>
<version>1.5.18</version> <version>1.5.21</version>
<scope>compile</scope> <scope>compile</scope>
</dependency> </dependency>
<!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.20.0</version>
</dependency>
<dependency> <dependency>
<groupId>org.apache.commons</groupId> <groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId> <artifactId>commons-compress</artifactId>
<version>1.27.1</version> <version>1.28.0</version>
</dependency> </dependency>
<dependency> <dependency>
@ -177,7 +184,7 @@
<dependency> <dependency>
<groupId>io.lettuce</groupId> <groupId>io.lettuce</groupId>
<artifactId>lettuce-core</artifactId> <artifactId>lettuce-core</artifactId>
<version>6.5.5.RELEASE</version> <version>6.8.1.RELEASE</version>
</dependency> </dependency>
<!-- log4j --> <!-- log4j -->

Write Preview
Loading…
Cancel
Save