search

venusdrogon / feilong-platform

:gem:all feilong projects's parent
http://feitianbenyue.iteye.com/
Apache License 2.0
94 stars 58 forks source link

升级 xstream 到 1.14.11.1 版本 #316

Closed venusdrogon closed 5 years ago

venusdrogon commented 5 years ago

http://x-stream.github.io/changes.html

October 23, 2018. 因为 安全漏洞 CVE-2013-7285 升级了 依赖到 1.4.11

image

但是这个版本的 xstream 在 jdk8 以下执行有问题, 而当时 mapemall 本身是 jdk8 没有发现这个问题

而到了 A 项目, 使用了 jdk 1.7 出现了异常 


Exception in thread "Thread-com.**.store.manager.order.TradeRefundManagerImpl$1-1" Exception in thread "Thread-com.**.store.manager.order.TradeRefundManagerImpl$1-0" java.lang.NoClassDefFoundError: java/util/Base64$Encoder
    at java.lang.Class.getDeclaredConstructors0(Native Method)
    at java.lang.Class.privateGetDeclaredConstructors(Class.java:2595)
    at java.lang.Class.getConstructor0(Class.java:2895)
    at java.lang.Class.newInstance(Class.java:354)
    at com.thoughtworks.xstream.core.JVM.<clinit>(JVM.java:187)
    at com.thoughtworks.xstream.core.util.CompositeClassLoader.<clinit>(CompositeClassLoader.java:56)
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:430)
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:397)
    at com.feilong.xml.xstream.XStreamBuilder.buildDefault(XStreamBuilder.java:154)
    at com.feilong.xml.xstream.XStreamBuilder.build(XStreamBuilder.java:75)
    at com.feilong.xml.xstream.XStreamUtil.toXML(XStreamUtil.java:549)
    at com.feilong.xml.xstream.XStreamUtil.toXML(XStreamUtil.java:437)
    at com.feilong.xml.xstream.XStreamUtil.toXML(XStreamUtil.java:345)
    at com.feilong.netpay.advanceadapter.WechatPaymentAdvanceAdapter.tradeRefund(WechatPaymentAdvanceAdapter.java:86)
    at com.**.store.manager.order.TradeRefundManagerImpl.handleRefund(TradeRefundManagerImpl.java:208)
    at com.**.store.manager.order.TradeRefundManagerImpl.access$000(TradeRefundManagerImpl.java:67)
    at com.**.store.manager.order.TradeRefundManagerImpl$1$1.run(TradeRefundManagerImpl.java:119)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ClassNotFoundException: java.util.Base64$Encoder
    at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1892)
    at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1735)
    ... 18 more
java.lang.NoClassDefFoundError: Could not initialize class com.thoughtworks.xstream.core.util.CompositeClassLoader
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:430)
    at com.thoughtworks.xstream.XStream.<init>(XStream.java:397)
    at com.feilong.xml.xstream.XStreamBuilder.buildDefault(XStreamBuilder.java:154)
    at com.feilong.xml.xstream.XStreamBuilder.build(XStreamBuilder.java:75)
    at com.feilong.xml.xstream.XStreamUtil.toXML(XStreamUtil.java:549)
    at com.feilong.xml.xstream.XStreamUtil.toXML(XStreamUtil.java:437)
    at com.feilong.xml.xstream.XStreamUtil.toXML(XStreamUtil.java:345)
    at com.feilong.netpay.advanceadapter.WechatPaymentAdvanceAdapter.tradeRefund(WechatPaymentAdvanceAdapter.java:86)
    at com.**.store.manager.order.TradeRefundManagerImpl.handleRefund(TradeRefundManagerImpl.java:208)
    at com.**.store.manager.order.TradeRefundManagerImpl.access$000(TradeRefundManagerImpl.java:67)
    at com.**.store.manager.order.TradeRefundManagerImpl$1$1.run(TradeRefundManagerImpl.java:119)
    at java.lang.Thread.run(Thread.java:745)

具体情况 参考 这个 https://github.com/x-stream/xstream/issues/133

然后 xstream 紧急打了新的 hotfix 版本

image

image

image

venusdrogon commented 5 years ago

为什么 feilong xstream jar 单元测试的时候 没有抛出异常

image

单元测试没有执行

image

venusdrogon commented 5 years ago

已经修改 maven install 加入单元测试执行