[BUG] 依赖的组件存在缺陷，能否更新下有缺陷的版本？ - Githubissues

alibaba / druid

阿里云计算平台DataWorks(https://help.aliyun.com/document_detail/137663.html) 团队出品，为监控而生的数据库连接池

https://github.com/alibaba/druid/wiki

Apache License 2.0

27.98k stars 8.59k forks source link

[BUG] 依赖的组件存在缺陷，能否更新下有缺陷的版本？ #6221

Open dipwater opened 2 weeks ago

dipwater commented 2 weeks ago

Database Type

MySQL

Database Version

MySQL 8.0.23

Druid Version

1.2.23

JDK Version

JDK8

Error SQL

从 https://mvnrepository.com/artifact/com.alibaba/druid/1.2.23 查到存在以下依赖缺陷： CVE-2024-38816 CVE-2024-1597 CVE-2023-2976 CVE-2023-22102 CVE-2022-46337 CVE-2022-45868 CVE-2022-41946 CVE-2022-39135 CVE-2022-31197 CVE-2022-26520 CVE-2022-24969 CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 CVE-2022-23221 CVE-2022-22970 CVE-2022-22965 CVE-2022-21724 CVE-2021-44832 CVE-2021-42392 CVE-2021-4104 CVE-2021-30181 CVE-2021-30179 CVE-2021-25641 CVE-2021-25640 CVE-2021-23463 CVE-2020-8908 CVE-2020-26945 CVE-2019-17571 CVE-2018-1313

Testcase Code

No response

Stacktrace Info

No response

Error Info

No response

linghengqian commented 2 weeks ago

Provided Dependencies and Test Dependencies are not propagated to downstream projects unless you explicitly depend on those dependencies with CVE. Feel free to consult the Maven documentation.