同学，您这个项目引入了201个开源组件，存在28个漏洞，辛苦升级一下

[ghost]

检测到 buession/buession-cas 一共引入了201个开源组件，存在28个漏洞

漏洞标题：Vmware VMware Spring Security 权限许可和访问控制问题漏洞
缺陷组件：org.springframework.security:spring-security-core@5.4.2
漏洞编号：CVE-2021-22112
漏洞描述：Vmware VMware Spring Security是美国威睿（Vmware）公司的一套为基于Spring的应用程序提供说明性安全保护的安全框架。
VMware Spring Security 中存在权限许可和访问控制问题漏洞。该漏洞源于攻击者可以通过Spring Security的多个SecurityContext更改绕过限制，以提升其权限。以下产品及版本受到影响：Spring Security 5.4.0 至 5.4.3 版本, Spring Security 5.3.0.RELEASE 至 5.3.7.RELEASE 版本, Spring Security 5.2.0.RELEASE 至 5.2.8.RELEASE 版本。
影响范围：[5.4.0, 5.4.4)
最小修复版本：5.4.4
缺陷组件引入路径：com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-webflow@6.3.7.4->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-webflow@6.3.7.4->org.apereo.cas:cas-server-core-api-util@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-authentication@6.3.7.4->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-util@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-web@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-webflow@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-webflow@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-web@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-authentication@6.3.7.4->org.apereo.cas:cas-server-core-api-protocol@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-authentication@6.3.7.4->org.apereo.cas:cas-server-core-api-protocol@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-web@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-authentication@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-web@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-util@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-web@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-authentication@6.3.7.4->org.apereo.cas:cas-server-core-api-protocol@6.3.7.4->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-authentication@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-util@6.3.7.4->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-web@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-metrics@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-metrics@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-web@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-metrics@6.3.7.4->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-webflow@6.3.7.4->org.apereo.cas:cas-server-core-api-util@6.3.7.4->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.apereo.cas:cas-server-core-api-webflow@6.3.7.4->org.apereo.cas:cas-server-core-api-util@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-web@5.4.2->org.springframework.security:spring-security-core@5.4.2
com.buession.cas:buession-cas-metrics@1.3.3->org.apereo.cas:cas-server-support-reports@6.3.7.4->org.apereo.cas:cas-server-core-api-cookie@6.3.7.4->org.springframework.security:spring-security-cas@5.4.2->org.springframework.security:spring-security-core@5.4.2

另外还有28个漏洞，详细报告：https://mofeisec.com/jr?p=i9f69f

[buession]

@buession，同学，您好，上面的漏洞报告是我IDE运行时，安全插件提示您这个项目存在的几个漏洞的报告，辛苦您修复一下哈，担心其他人也会用到你这个项目，从而引入这些漏洞。：）

感谢使用，最近在所有组件进行升级。