SCB-2724 fix(sec): upgrade org.apache.commons:commons-dbcp2 to 2.9.0

apache / servicecomb-pack

Apache ServiceComb Pack is an eventually data consistency solution for micro-service applications. ServiceComb Pack currently provides TCC and Saga distributed transaction co-ordination solutions by using Alpha as a transaction coordinator and Omega as an transaction agent .

https://servicecomb.apache.org/

Apache License 2.0

1.93k stars 435 forks source link

SCB-2724 fix(sec): upgrade org.apache.commons:commons-dbcp2 to 2.9.0 #769

Closed claire9910 closed 1 year ago

claire9910 commented 1 year ago

What happened？

There are 1 security vulnerabilities found in org.apache.commons:commons-dbcp2 2.1.1

MPS-2022-12024

What did I do？

Upgrade org.apache.commons:commons-dbcp2 from 2.1.1 to 2.9.0 for vulnerability fix

What did you expect to happen？

Ideally, no insecure libs should be used.

How was this patch tested?

Run mvn compile succeeded locally. Run mvn clean test succeeded locally. all tests passed.

The specification of the pull request

PR Specification from OSCS