search

sermant-io / Sermant

CNCF sandbox project, a Cloud-Native Proxyless Service Mesh based on Java Bytecode Enhancement Technology
https://sermant.io/
Apache License 2.0
1.25k stars 164 forks source link

【bug】修改安全测试漏洞 #1057

Closed hanbingleixue closed 1 year ago

hanbingleixue commented 1 year ago

What happened?

spring-cloud-registry-service、dubbo-registry-service plugin and backend-lite has the following version vulnerabilities that need to be fixed: Component Version CVE
netty 4.1.77.final CVE-2022-41881
spring boot 2.5.3 CVE-2022-22965
apache log4j 2.17.1 CVE-2022-22965
jackson-databind 2.13.4 CVE-2022-42003
netty 3.10.6.final、4.1.38.final CVE-2019-16869
netty 3.10.6.final、4.1.38.final CVE-2019-20445
netty 3.10.6.final、4.1.38.final CVE-2019-20444
netty 3.10.6.final、4.1.38.final CVE-2021-21290
netty 3.10.6.final、4.1.38.final CVE-2021-21295
netty 3.10.6.final、4.1.38.final CVE-2021-21409
netty 3.10.6.final、4.1.38.final CVE-2021-37136
netty 3.10.6.final、4.1.38.final CVE-2021-37137
netty 3.10.6.final、4.1.38.final CVE-2021-43797

How can we reproduce it (as minimally and precisely as possible)?

not involving

Anything else we need to know?

No response

Sermant version

0.9.0

OS version

```console # On Linux: $ cat /etc/os-release # paste output here $ uname -a # paste output here # On Windows: C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture # paste output here ```
github-actions[bot] commented 1 year ago

This issue seems to be Stale. We will close it in a few days.

github-actions[bot] commented 1 year ago

We close this issue because it hasn't been updated in a while. Remove Stale label if you want to reopen it.