apolloconfig/apollo

apollo-common和apollo-biz有一些安全漏洞

Open

#5,386 opened on May 14, 2025

View on GitHub
 (3 comments) (0 reactions) (0 assignees)Java (10,177 forks)batch import
help wanted

Repository metrics

Stars
 (29,769 stars)
PR merge metrics
 (Avg merge 3d 18h) (8 merged PRs in 30d)

Description

你好,我引入apollo-common和apollo-biz2.4.0版本,发现有一些安全漏洞,请问有计划进行升级吗? apollo-common H2 Database Engine:2.1.214 (CVE-2022-45868 (BDSA-2022-3649)) Nimbus-JOSE-JWT:9.22(CVE-2023-52428 (BDSA-2023-3666)) PostgreSQL JDBC Driver (pgjdbc):42.3.8(CVE-2024-1597 (BDSA-2024-0368)) SnakeYAML:1.33(CVE-2022-1471 (BDSA-2022-3447)) Spring Boot:2.7.18(BDSA-2024-5686 (CVE-2024-38807)) Spring Framework:5.3.39(CVE-2016-1000027) Spring Security:5.7.11(BDSA-2024-0647 (CVE-2024-22257)、BDSA-2024-7762)

apollo-biz Apache Commons JXPath:1.3(CVE-2022-40159 (BDSA-2022-3402)) Apache ZooKeeper:3.9.2(BDSA-2024-8266) Jettison - Json Stax implementation:1.4.0(CVE-2022-40149 (BDSA-2022-3277)、CVE-2022-40150 (BDSA-2022-3278)、CVE-2022-45685 (BDSA-2022-3714)、CVE-2022-45693 (BDSA-2022-3715)、CVE-2023-1436 (BDSA-2023-0994)) Woodstox:6.2.1(CVE-2022-40152 (BDSA-2022-2582))

Contributor guide