log4j升级

data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/CrosXssFilter.java

@@ -2,15 +2,15 @@ package com.techsor.datacenter.business.configurator;
 
 import java.io.IOException;
 
-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
-import javax.servlet.FilterChain;
+import jakarta.servlet.FilterChain;
-import javax.servlet.FilterConfig;
+import jakarta.servlet.FilterConfig;
-import javax.servlet.ServletException;
+import jakarta.servlet.ServletException;
-import javax.servlet.ServletRequest;
+import jakarta.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import jakarta.servlet.ServletResponse;
-import javax.servlet.annotation.WebFilter;
+import jakarta.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -41,7 +41,7 @@ public class CrosXssFilter implements Filter {
         try {
             MDC.put("processNo", UUID.randomUUID().toString().replace("-", ""));
             request.setCharacterEncoding("utf-8");
-            response.setContentType("text/html;charset=utf-8");
+            response.setContentType("application/json;charset=UTF-8");
             if (disable) {
                 chain.doFilter(request, response);
             } else {
@@ -51,18 +51,30 @@ public class CrosXssFilter implements Filter {
                 	HttpServletRequest httpRequest = (HttpServletRequest) request;
                 	
                     String referer = httpRequest.getHeader("Referer");
-                    if (StringUtils.isNotBlank(referer) && !"*".equals(accessControlAllowOrigin) 
+                    if (StringUtils.isNotBlank(referer) && !"*".equals(accessControlAllowOrigin)) {
-                    		&& !referer.startsWith(accessControlAllowOrigin)) {
+                        // 允许多个域名，逗号分隔
+                        String[] allowedOrigins = accessControlAllowOrigin.split(",");
+                        boolean matched = false;
+                        for (String origin : allowedOrigins) {
+                            origin = origin.trim();
+                            if (StringUtils.isNotBlank(origin) && referer.startsWith(origin)) {
+                                matched = true;
+                                break;
+                            }
+                        }
+                        // 如果一个都不匹配，则返回 403
+                        if (!matched) {
                             httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Invalid Referer");
                             return;
                         }
+                    }
                 	
                     
                     httpServletResponse.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0");
                     httpServletResponse.setHeader("Pragma", "no-cache");
                     httpServletResponse.setDateHeader("Expires", 0);
 
-                    httpServletResponse.setHeader("X-Frame-Options", "deny");
+                    httpServletResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
                     
                     String nonce = UUID.randomUUID().toString().replace("-", "").substring(0, 16); // 生成随机 nonce
                     httpServletResponse.setHeader("Content-Security-Policy",

data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/RequestWrapper.java

@@ -12,11 +12,6 @@ import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
 
-import javax.servlet.ReadListener;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.owasp.encoder.Encode;
@@ -27,6 +22,11 @@ import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
 
+import jakarta.servlet.ReadListener;
+import jakarta.servlet.ServletInputStream;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+
 public class RequestWrapper extends HttpServletRequestWrapper {
     private final Logger log = LoggerFactory.getLogger(getClass());
     private static String key = "drop|chr|exec|insert|select|delete|update|count|mid|master|truncate|declare|-|+|sleep";

data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/interceptor/AccessApiInterceptor.java

@@ -54,7 +54,7 @@ public class AccessApiInterceptor implements HandlerInterceptor {
 	                String companyId = request.getHeader("CompanyId");
 
 	                String languageType = request.getHeader("LanguageType");
-	                response.setContentType("text/html;charset=utf-8");
+					response.setContentType("application/json;charset=UTF-8");
 	                String URI = request.getRequestURI();
 	                logger.info("===============URI ：" + URI + " ===============");
 	                JSONObject jsonObject = new JSONObject();

data-center-business-controller/src/main/java/com/techsor/datacenter/business/controller/AccountController.java

@@ -1,5 +1,8 @@
 package com.techsor.datacenter.business.controller;
 
+import cn.hutool.captcha.CaptchaUtil;
+import cn.hutool.captcha.LineCaptcha;
+import com.techsor.datacenter.business.service.captcha.HutoolCaptchaGenerator;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
@@ -9,7 +12,6 @@ import org.apache.commons.codec.binary.Base64;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 
-import com.google.code.kaptcha.impl.DefaultKaptcha;
 import com.techsor.datacenter.business.common.response.SimpleDataResponse;
 import com.techsor.datacenter.business.configurator.interceptor.AccessRequired;
 import com.techsor.datacenter.business.dto.account.CacheUserData;
@@ -19,6 +21,7 @@ import com.techsor.datacenter.business.service.AccountService;
 import com.techsor.datacenter.business.service.captcha.CaptchaService;
 import com.techsor.datacenter.business.service.captcha.CaptchaVO;
 
+import java.awt.*;
 import java.awt.image.BufferedImage;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -40,8 +43,6 @@ public class AccountController {
     @Autowired
     private AccountService accountService;
 	@Autowired
-    private DefaultKaptcha producer;
-	@Autowired
     private CaptchaService captchaService;
 
 
@@ -52,7 +53,6 @@ public class AccountController {
      * @param LanguageType  the language type (0: Chinese, 1: English, 2: Japanese)
      * @param request       the HttpServletRequest object
      * @param response      the HttpServletResponse object
-     * @param device        the device object
      * @return a SimpleDataResponse containing the cached user data
      */
 	@Operation(summary = "User Login")
@@ -174,15 +174,16 @@ public class AccountController {
     @Operation(summary = "Retrieve Login Captcha")
     @RequestMapping(value = "/getCaptcha", method = RequestMethod.GET)
     public SimpleDataResponse<CaptchaVO> getCaptcha() throws IOException {
-        // Generate text captcha
+        // 使用 Hutool 创建一个验证码
-        String content = producer.createText();
+        LineCaptcha captcha = CaptchaUtil.createLineCaptcha(110, 40, 4, 5);
-        // Generate image captcha
+        captcha.setFont(new Font("微软雅黑", Font.BOLD, 32));
-        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+        captcha.setGenerator(new HutoolCaptchaGenerator());
-        BufferedImage image = producer.createImage(content);
+        // 重新生成验证码内容（因为 setGenerator() 之后要刷新）
-        ImageIO.write(image, "jpg", outputStream);
+        captcha.createCode();
+        String content = captcha.getCode();  // 获取验证码文本
         // Encode byte array to Base64
         String str = "data:image/jpeg;base64,";
-        String base64Img = str + Base64.encodeBase64String(outputStream.toByteArray())
+        String base64Img = str + captcha.getImageBase64()
                 .replace("\n", "")
                 .replace("\r", "");
         // Cache captcha and prepare response

data-center-business-controller/src/main/java/com/techsor/datacenter/business/controller/OpenApiController.java

@@ -1,32 +1,17 @@
 package com.techsor.datacenter.business.controller;
 
 
-import com.google.code.kaptcha.impl.DefaultKaptcha;
 import com.techsor.datacenter.business.common.response.SimpleDataResponse;
-import com.techsor.datacenter.business.configurator.interceptor.AccessRequired;
-import com.techsor.datacenter.business.dao.ex.CompanyMapperExt;
 import com.techsor.datacenter.business.dto.account.CacheUserData;
-import com.techsor.datacenter.business.dto.account.LoginParam;
-import com.techsor.datacenter.business.dto.device.alert.DeviceAlertConfigNextParams;
 import com.techsor.datacenter.business.dto.openapi.OpenApiAddMultiAlarmParams;
-import com.techsor.datacenter.business.service.AccountService;
-import com.techsor.datacenter.business.service.captcha.CaptchaService;
-import com.techsor.datacenter.business.service.captcha.CaptchaVO;
 import com.techsor.datacenter.business.service.impl.OpenApiServiceImpl;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
-import org.apache.commons.codec.binary.Base64;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 
-import javax.imageio.ImageIO;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.awt.image.BufferedImage;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
 import java.util.List;
 
 /**

data-center-business-controller/src/main/resources/config/application.properties

@@ -146,6 +146,7 @@ spring.web.resources.add-mappings=false
 
 server.servlet.session.cookie.http-only=true
 server.servlet.session.cookie.secure=true
+server.servlet.session.cookie.same-site=strict
 
 springdoc.swagger-ui.doc-expansion=none
 springdoc.swagger-ui.operations-sorter=alpha

data-center-business-dao/pom.xml

@@ -45,7 +45,7 @@
                 <dependency>
 				    <groupId>com.mysql</groupId>
 				    <artifactId>mysql-connector-j</artifactId>
-				    <version>9.2.0</version>
+                    <version>9.5.0</version>
 				</dependency>
               	</dependencies>
               	<executions>

data-center-business-model/src/main/java/com/techsor/datacenter/business/entity/RedisAlarmDTO.java

@@ -14,6 +14,8 @@ import lombok.NoArgsConstructor;
 @NoArgsConstructor
 public class RedisAlarmDTO{
 
+	private String deviceId;
+	
 	@Schema(description ="roid接口返回的id",example = "1")
 	private Long problemReportId;
 	

data-center-business-service/pom.xml

@@ -56,10 +56,11 @@
               <artifactId>s3</artifactId>
           </dependency>
 
+      <!-- https://mvnrepository.com/artifact/cn.hutool/hutool-captcha -->
       <dependency>
-		  <groupId>com.github.penggle</groupId>
+          <groupId>cn.hutool</groupId>
-		  <artifactId>kaptcha</artifactId>
+          <artifactId>hutool-captcha</artifactId>
-		  <version>2.3.2</version>
+          <version>5.8.41</version>
       </dependency>
       <dependency>
           <groupId>org.junit.vintage</groupId>

data-center-business-service/src/main/java/com/techsor/datacenter/business/service/OpenApiService.java

@@ -1,15 +1,8 @@
 package com.techsor.datacenter.business.service;
 
-import com.alibaba.fastjson.JSONObject;
 import com.techsor.datacenter.business.common.response.SimpleDataResponse;
-import com.techsor.datacenter.business.dto.account.LoginParam;
-import com.techsor.datacenter.business.dto.device.alert.DeviceAlertConfigNextParams;
 import com.techsor.datacenter.business.dto.openapi.OpenApiAddMultiAlarmParams;
-import com.techsor.datacenter.business.model.DeviceAlertConfig;
-import com.techsor.datacenter.business.model.DeviceInfo;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import java.util.List;
 
 /**

data-center-business-service/src/main/java/com/techsor/datacenter/business/service/captcha/HutoolCaptchaGenerator.java

@@ -0,0 +1,27 @@
+package com.techsor.datacenter.business.service.captcha;
+
+import cn.hutool.captcha.generator.CodeGenerator;
+
+public class HutoolCaptchaGenerator implements CodeGenerator {
+
+    private int length = 4;
+    private static final String chars = "23456789abcdefghkmnpqrstuvwxyzABCDEFGHKMNPRSTUVWXYZ";
+
+    @Override
+    public String generate() {
+        StringBuilder sb = new StringBuilder(length);
+        for (int i = 0; i < length; i++) {
+            int idx = (int) (Math.random() * chars.length());
+            sb.append(chars.charAt(idx));
+        }
+        return sb.toString();
+    }
+
+    @Override
+    public boolean verify(String code, String userInput) {
+        if (code == null || userInput == null) {
+            return false;
+        }
+        return code.equalsIgnoreCase(userInput);
+    }
+}

data-center-business-service/src/main/java/com/techsor/datacenter/business/service/captcha/KaptchaConfig.java

@@ -1,36 +0,0 @@
-package com.techsor.datacenter.business.service.captcha;
-
-import java.util.Properties;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-import com.google.code.kaptcha.impl.DefaultKaptcha;
-import com.google.code.kaptcha.util.Config;
-
-@Configuration
-public class KaptchaConfig {
-    @Bean
-    public DefaultKaptcha producer(){
-
-        DefaultKaptcha defaultKaptcha = new DefaultKaptcha();
-        Properties properties = new Properties();
-        properties.setProperty("kaptcha.border", "no");
-        properties.setProperty("kaptcha.border.color", "105,179,90");
-        properties.setProperty("kaptcha.textproducer.font.color", "black");
-        properties.setProperty("kaptcha.image.width", "110");
-        properties.setProperty("kaptcha.image.height", "40");
-        properties.setProperty("kaptcha.textproducer.char.string","23456789abcdefghkmnpqrstuvwxyzABCDEFGHKMNPRSTUVWXYZ");
-        properties.setProperty("kaptcha.textproducer.font.size", "30");
-        properties.setProperty("kaptcha.textproducer.char.space","3");
-        properties.setProperty("kaptcha.session.key", "code");
-        properties.setProperty("kaptcha.textproducer.char.length", "4");
-        properties.setProperty("kaptcha.textproducer.font.names", "宋体,楷体,微软雅黑");
-//        properties.setProperty("kaptcha.obscurificator.impl","com.xxx");可以重写实现类
-        properties.setProperty("kaptcha.noise.impl","com.google.code.kaptcha.impl.NoNoise");
-        Config config = new Config(properties);
-        defaultKaptcha.setConfig(config);
-
-        return defaultKaptcha;
-    }
-}

data-center-business-service/src/main/java/com/techsor/datacenter/business/service/impl/CommonServiceImpl.java

@@ -439,11 +439,13 @@ public class CommonServiceImpl implements CommonService {
 								DESUtil.decrypt(apikeyInfo.getAuroraPassword(), Constants.DES_SALT))) {
 
 							for (ApiDeviceInfoVO apiDeviceInfoVO : deviceInfos) {
-								String sql = " select rawData, receive_ts from rawData_realtime where deviceId = '" + apiDeviceInfoVO.getDeviceId() + "' limit 1" ;
+								String sql = "select rawData, receive_ts from rawData_realtime where deviceId = ? limit 1";
 								logger.info("queryAssetInfo aurora sql:" + sql);
 
 								try (PreparedStatement preparedStatement = conn.prepareStatement(sql)) {
-			                    	ResultSet retult = preparedStatement.executeQuery(sql);
+									preparedStatement.setString(1, apiDeviceInfoVO.getDeviceId());
+
+									ResultSet retult = preparedStatement.executeQuery();
 			                    	
 			                    	while (retult.next()) {
 				                    	String rawData = retult.getString("rawData");
@@ -970,11 +972,13 @@ public class CommonServiceImpl implements CommonService {
 						for (ApiAlarmDeviceInfoVO apiAlarmDeviceInfoVO : deviceInfoVOs) {							
 //							String sql = " select rawData, receive_ts, alertTitle, alertLevel,alertLevelName,alertTypeName from "+formatRawDataWithDate()+" where deviceId = '" + apiAlarmDeviceInfoVO.getDeviceId() + "' order by receive_ts desc limit 1" ;
 //							String sql = " select rawData, receive_ts, alertTitle, alertLevel, alertTypeName from "+formatRawDataWithDate()+" where deviceId = '" + apiAlarmDeviceInfoVO.getDeviceId() + "' order by receive_ts desc limit 1" ;
-							String sql = " select rawData, receive_ts, alertTitle, alertLevel,alertLevelName, alertTypeName from alertData where deviceId = '" + apiAlarmDeviceInfoVO.getDeviceId() + "' order by receive_ts desc limit 1" ;
+							String sql = "select rawData, receive_ts, alertTitle, alertLevel, alertLevelName, alertTypeName from alertData where deviceId = ? order by receive_ts desc limit 1";
 							logger.info("queryAlarmDevice aurora sql:" + sql);
 
 							try (PreparedStatement preparedStatement = conn.prepareStatement(sql)) {
-		                    	ResultSet retult = preparedStatement.executeQuery(sql);
+								preparedStatement.setString(1, apiAlarmDeviceInfoVO.getDeviceId());
+
+								ResultSet retult = preparedStatement.executeQuery();
 		                    	
 		                    	while (retult.next()) {
 			                    	String rawData = retult.getString("rawData");
@@ -2069,11 +2073,13 @@ public class CommonServiceImpl implements CommonService {
 						for (ApiCancelAlarmDeviceInfoVO apiCancelAlarmDeviceInfoVO : deviceInfoVOs) {							
 //							String sql = " select rawData, receive_ts, alertTitle, alertLevel,alertLevelName,alertTypeName from "+formatRawDataWithDate()+" where deviceId = '" + apiAlarmDeviceInfoVO.getDeviceId() + "' order by receive_ts desc limit 1" ;
 //							String sql = " select rawData, receive_ts, alertTitle, alertLevel, alertTypeName from "+formatRawDataWithDate()+" where deviceId = '" + apiAlarmDeviceInfoVO.getDeviceId() + "' order by receive_ts desc limit 1" ;
-							String sql = " select rawData, receive_ts, alertCancelTitle, alertLevel,alertLevelName, alertTypeName from rawData_realtime where deviceId = '" + apiCancelAlarmDeviceInfoVO.getDeviceId() + "' limit 1" ;
+							String sql = "select rawData, receive_ts, alertCancelTitle, alertLevel, alertLevelName, alertTypeName from rawData_realtime where deviceId = ? limit 1";
 							logger.info("queryAlarmDevice aurora sql: " + sql);
 
 							try (PreparedStatement preparedStatement = conn.prepareStatement(sql)) {
-		                    	ResultSet retult = preparedStatement.executeQuery(sql);
+								preparedStatement.setString(1, apiCancelAlarmDeviceInfoVO.getDeviceId());
+
+								ResultSet retult = preparedStatement.executeQuery();
 		                    	
 		                    	while (retult.next()) {
 			                    	String rawData = retult.getString("rawData");

data-center-business-service/src/main/java/com/techsor/datacenter/business/service/impl/DeviceServiceImpl.java

@@ -2434,11 +2434,13 @@ public class DeviceServiceImpl implements IDeviceService {
 				Class.forName("com.mysql.cj.jdbc.Driver");
 		        try (Connection conn = DriverManager.getConnection(MessageFormat.format(Constants.AURORA_URL_FORMAT, apikeyInfo.getAuroraUrl()), 
 		        		apikeyInfo.getAuroraUsername(), apikeyInfo.getAuroraPassword())) {
-		        	String sql = "select * from " + table + " where deviceId = '" + auroraDataParam.getDeviceId() +"' and " +
+                    String sql = "select * from " + table + " where deviceId = ? and ? <= receive_ts and receive_ts <= ? order by receive_ts desc, hashId desc ";
-							auroraDataParam.getStartTime() + " <= receive_ts and receive_ts <= " + auroraDataParam.getEndTime() + " order by receive_ts desc, hashId desc ";
                     logger.info("getAuroraData sql:{}", sql);
                     try (PreparedStatement preparedStatement = conn.prepareStatement(sql)) {
-		            	ResultSet retult = preparedStatement.executeQuery(sql);
+                        preparedStatement.setString(1, auroraDataParam.getDeviceId());  // 绑定 deviceId 参数
+                        preparedStatement.setLong(2, auroraDataParam.getStartTime());  // 绑定 startTime 参数
+                        preparedStatement.setLong(3, auroraDataParam.getEndTime());  // 绑定 endTime 参数
+                        ResultSet retult = preparedStatement.executeQuery();
 		            	
 		            	// 遍历结果集
 		                while (retult.next()) {

data-center-business-service/src/main/java/com/techsor/datacenter/business/service/impl/GatewayClientsServiceImpl.java

@@ -46,7 +46,6 @@ import org.springframework.transaction.interceptor.TransactionAspectSupport;
 import org.springframework.util.ObjectUtils;
 
 import jakarta.annotation.Resource;
-import javax.servlet.http.HttpServletResponse;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;

data-center-business-service/src/main/java/com/techsor/datacenter/business/service/impl/OpenApiServiceImpl.java

@@ -1,40 +1,20 @@
 package com.techsor.datacenter.business.service.impl;
 
-import com.alibaba.fastjson.JSON;
-import com.alibaba.fastjson.JSONObject;
-import com.alibaba.fastjson.TypeReference;
-import com.techsor.datacenter.business.common.Constants;
-import com.techsor.datacenter.business.common.exception.MsgCodeException;
 import com.techsor.datacenter.business.common.language.msg.MsgLanguageChange;
-import com.techsor.datacenter.business.common.language.msg.Msg_JP;
 import com.techsor.datacenter.business.common.response.ResponseCode;
 import com.techsor.datacenter.business.common.response.SimpleDataResponse;
 import com.techsor.datacenter.business.dao.ex.*;
-import com.techsor.datacenter.business.dto.account.CacheUserData;
-import com.techsor.datacenter.business.dto.account.LoginParam;
-import com.techsor.datacenter.business.dto.device.DeviceTemplateParams;
 import com.techsor.datacenter.business.dto.device.alert.DeviceAlertConfigNextParams;
 import com.techsor.datacenter.business.dto.openapi.OpenApiAddMultiAlarmParams;
 import com.techsor.datacenter.business.model.*;
-import com.techsor.datacenter.business.service.AccountService;
 import com.techsor.datacenter.business.service.OpenApiService;
-import com.techsor.datacenter.business.util.*;
-import com.techsor.datacenter.business.util.redis.RedisUtil;
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.text.MessageFormat;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 
 /**
  * 开放接口ServiceImpl

data-center-business-service/src/main/java/com/techsor/datacenter/business/service/impl/ProjectServiceImpl.java

@@ -10,7 +10,6 @@ import com.techsor.datacenter.business.model.BasicBuilding;
 import com.techsor.datacenter.business.model.UserOperationLogs;
 import com.techsor.datacenter.business.service.UserOperationLogsService;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.poi.ss.formula.functions.Odd;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.BeanUtils;

data-center-business-util/pom.xml

@@ -26,10 +26,6 @@
         <artifactId>spring-boot-starter-data-redis</artifactId>
     </dependency>
     
-    <dependency>
-      	<groupId>org.apache.commons</groupId>
-      	<artifactId>commons-lang3</artifactId>
-   	</dependency>
     <dependency>
 		 <groupId>org.apache.commons</groupId>
 		 <artifactId>commons-pool2</artifactId>
@@ -66,7 +62,7 @@
 	  <dependency>
 		  <groupId>com.opencsv</groupId>
 		  <artifactId>opencsv</artifactId>
-		  <version>5.6</version> <!-- 使用最新版本 -->
+		  <version>5.12.0</version> <!-- 使用最新版本 -->
 	  </dependency>
 	  
 	<dependency>
@@ -91,13 +87,13 @@
 	<dependency>
 	    <groupId>org.springframework.security</groupId>
 	    <artifactId>spring-security-oauth2-authorization-server</artifactId>
-	    <version>1.5.1</version>
+		<version>1.5.3</version>
 	</dependency>
     
     <dependency>
 	  <groupId>com.nimbusds</groupId>
 	  <artifactId>nimbus-jose-jwt</artifactId>
-	  <version>9.37.3</version> <!-- 这是截至 2025 年推荐的稳定版本 -->
+		<version>10.6</version> <!-- 这是截至 2025 年推荐的稳定版本 -->
 	</dependency>
 
 

pom.xml

@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>3.2.12</version>
+        <version>3.5.7</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
 	
@@ -56,7 +56,7 @@
 		<dependency>
 		    <groupId>org.apache.tomcat.embed</groupId>
 		    <artifactId>tomcat-embed-core</artifactId>
-		    <version>10.1.39</version>
+            <version>10.1.49</version>
 		</dependency>
 
 
@@ -103,14 +103,18 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-integration</artifactId>
-            <version>2.7.1</version>
         </dependency>
         <!-- https://mvnrepository.com/artifact/org.springframework.integration/spring-integration-mqtt -->
         <!-- https://mvnrepository.com/artifact/org.springframework.integration/spring-integration-mqtt -->
         <dependency>
             <groupId>org.springframework.integration</groupId>
             <artifactId>spring-integration-mqtt</artifactId>
-            <version>5.3.2.RELEASE</version>
+            <version>6.5.3</version>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.paho</groupId>
+            <artifactId>org.eclipse.paho.client.mqttv3</artifactId>
+            <version>1.2.5</version>
         </dependency>
         <!-- https://mvnrepository.com/artifact/com.squareup.okhttp3/okhttp -->
         <dependency>
@@ -122,7 +126,7 @@
 		<dependency>
 		    <groupId>org.jetbrains.kotlin</groupId>
 		    <artifactId>kotlin-stdlib</artifactId>
-		    <version>2.1.20</version>
+            <version>2.2.21</version>
 		</dependency>
 
         <dependency>
@@ -149,7 +153,7 @@
 		 <dependency>
 		    <groupId>org.springdoc</groupId>
 		    <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
-		    <version>2.5.0</version>
+		    <version>2.8.14</version>
 		 </dependency>
 
 
@@ -169,7 +173,7 @@
 		<dependency>
 		    <groupId>com.mysql</groupId>
 		    <artifactId>mysql-connector-j</artifactId>
-		    <version>9.2.0</version>
+            <version>9.5.0</version>
 		</dependency>
 
 	    <dependency>
@@ -182,12 +186,12 @@
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
-            <version>2.24.3</version>
+            <version>2.25.2</version>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-api</artifactId>
-            <version>2.24.3</version>
+            <version>2.25.2</version>
         </dependency>
         
         <dependency>
@@ -199,7 +203,7 @@
 		<dependency>
 			<groupId>com.alibaba</groupId>
 			<artifactId>easyexcel</artifactId>
-			<version>3.1.1</version>
+            <version>4.0.3</version>
 		</dependency>
         <dependency>
             <groupId>org.apache.pdfbox</groupId>
@@ -231,10 +235,17 @@
 		    <version>33.4.5-jre</version>
 		</dependency>
 
+        <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.20.0</version>
+        </dependency>
+		
 		<dependency>
 		    <groupId>org.apache.commons</groupId>
 		    <artifactId>commons-compress</artifactId>
-		    <version>1.27.1</version>
+            <version>1.28.0</version>
 		</dependency>
 		
 		<dependency>
@@ -252,42 +263,42 @@
 		<dependency>
 		    <groupId>org.apache.httpcomponents.client5</groupId>
 		    <artifactId>httpclient5</artifactId>
-		    <version>5.4.2</version>
+            <version>5.5.1</version>
 		</dependency>
 		
 		<dependency>
 		    <groupId>org.apache.httpcomponents.core5</groupId>
 		    <artifactId>httpcore5</artifactId>
-		    <version>5.3.3</version> <!-- 必须与 httpclient5 版本一致 -->
+		    <version>5.3.6</version> <!-- 必须与 httpclient5 版本一致 -->
 		</dependency>
 		
 		<dependency>
 		    <groupId>com.fasterxml.jackson.core</groupId>
 		    <artifactId>jackson-core</artifactId>
-		    <version>2.18.3</version> <!-- 与 jackson-databind 版本一致 -->
+            <version>2.19.4</version> <!-- 与 jackson-databind 版本一致 -->
 		</dependency>
 		<dependency>
 		    <groupId>com.fasterxml.jackson.core</groupId>
 		    <artifactId>jackson-databind</artifactId>
-		    <version>2.18.3</version>
+            <version>2.19.4</version>
 		</dependency>
 		<dependency>
 		    <groupId>com.fasterxml.jackson.core</groupId>
 		    <artifactId>jackson-annotations</artifactId>
-		    <version>2.18.3</version>
+            <version>2.19.4</version>
 		</dependency>
 		
 		<!-- https://mvnrepository.com/artifact/ch.qos.logback/logback-classic -->
 		<dependency>
 		    <groupId>ch.qos.logback</groupId>
 		    <artifactId>logback-classic</artifactId>
-		    <version>1.5.18</version>
+            <version>1.5.21</version>
 		    <scope>compile</scope>
 		</dependency>
 		<dependency>
 		    <groupId>ch.qos.logback</groupId>
 		    <artifactId>logback-core</artifactId>
-		    <version>1.5.18</version>
+            <version>1.5.21</version>
 		    <scope>compile</scope>
 		</dependency>
 		
@@ -295,22 +306,22 @@
 		<dependency>
 		    <groupId>io.lettuce</groupId>
 		    <artifactId>lettuce-core</artifactId>
-		    <version>6.5.5.RELEASE</version>
+            <version>6.8.1.RELEASE</version>
 		</dependency>
 		
-		<!-- https://mvnrepository.com/artifact/io.netty/netty-common -->
+		<!-- https://mvnrepository.com/artifact/io.netty/netty-common
 		<dependency>
 		    <groupId>io.netty</groupId>
 		    <artifactId>netty-common</artifactId>
-		    <version>4.2.0.RC4</version>
+            <version>4.2.3.Final</version>
-		</dependency>
+		</dependency>-->
 		
-		<!-- https://mvnrepository.com/artifact/io.netty/netty-handler -->
+		<!-- https://mvnrepository.com/artifact/io.netty/netty-handler
 		<dependency>
 		    <groupId>io.netty</groupId>
 		    <artifactId>netty-handler</artifactId>
-		    <version>4.2.0.RC4</version>
+            <version>4.2.3.Final</version>
-		</dependency>
+		</dependency>-->
 
     </dependencies>
 
@@ -323,6 +334,39 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+
+            <dependency>
+                <groupId>io.netty</groupId>
+                <artifactId>netty-bom</artifactId>
+                <version>4.1.128.Final</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+
+            <dependency>
+                <groupId>org.apache.poi</groupId>
+                <artifactId>poi</artifactId>
+                <version>5.5.0</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.apache.poi</groupId>
+                <artifactId>poi-ooxml</artifactId>
+                <version>5.5.0</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.apache.poi</groupId>
+                <artifactId>poi-ooxml-lite</artifactId>
+                <version>5.5.0</version>
+            </dependency>
+
+            <!-- POI 5.5.0 必须搭配 xmlbeans 5.2.0（否则会冲突） -->
+            <dependency>
+                <groupId>org.apache.xmlbeans</groupId>
+                <artifactId>xmlbeans</artifactId>
+                <version>5.2.0</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 	<build>