fix(sec): upgrade org.directwebremoting:dwr to 3.0.RC3

alibaba / otter

阿里巴巴分布式数据库同步系统(解决中美异地机房)

Apache License 2.0

8.02k stars 2.49k forks source link

fix(sec): upgrade org.directwebremoting:dwr to 3.0.RC3 #1087

Open zhoumengyks opened 1 year ago

zhoumengyks commented 1 year ago

What happened？

There are 1 security vulnerabilities found in org.directwebremoting:dwr 2.0.10

CVE-2014-5325

What did I do？

Upgrade org.directwebremoting:dwr from 2.0.10 to 3.0.RC3 for vulnerability fix

What did you expect to happen？

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS

CLAassistant commented 1 year ago

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}