You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@linkis.apache.org by "ahaoyao (via GitHub)" <gi...@apache.org> on 2023/06/15 03:00:49 UTC

[GitHub] [linkis] ahaoyao opened a new issue, #4629: [Feature][Module Name] Security Work Order Upgrade [maven pom]

ahaoyao opened a new issue, #4629:
URL: https://github.com/apache/linkis/issues/4629

   ### Search before asking
   
   - [X] I had searched in the [issues](https://github.com/apache/linkis/issues) and found no similar feature requirement.
   
   
   ### Problem Description
   
   (2.1) snakeyaml: 建议升级至2.0版本（注意spring-boot需升级至2.7.10，否则会存在兼容性问题）；1.27≤ snakeyaml＜2.0版本范围内，如确认未使用Constructor()类可联系提单人延长工单处理时间。
   (2.2) log4j: Java 8及以上用户升级至2.16.0或以上版本，推荐升级至最新版本2.17.1；Java 7用户建议升级至2.12.4版本；
   (2.3) netty: netty替换为netty-all，并升级netty-all至4.1.86.Final或以上版本
    commons-fileupload: 升级到1.5或以上版本。
    (2.1) spring_framework: 6.0.x升级至6.0.7或以上版本；5.3.x升级至5.3.26或以上版本；5.2.x升级至5.2.22或以上版本；
   (2.2) commons-compress: 升级至1.21版本
   (2.3) protobuf-java: 建议升级至任一版本，3.16.3、3.19.6、3.20.3、3.21.7或以上版本
   (2.4) jackson-databind: 升级至2.12.7.1、2.13.4.1或以上版本
   (2.5) spring_boot: 建议升级到3.0.6、2.7.11或更高版本
   (2.6) snakeyaml: 建议升级至2.0版本
   (2.7) snappy: 升级到1.1.5或以上版本
   (2.8) avro: 建议升级至1.11.0或以上版本。
   (2.9) commons_fileupload: 升级到1.5或以上版本。
   (2.10) netty: netty替换为netty-all，并升级netty-all至4.1.86.Final或以上版本
   
   (2.1) xstream: 升级至1.4.20或以上版本
   (2.2) protobuf-java: 建议升级至任一版本，3.16.3、3.19.6、3.20.3、3.21.7或以上版本
   (2.3) jackson-mapper-asl: 替换为jackson-databind，请使用jackson-databind 2.12.7.1、2.13.4.1或以上版本。如为行内BDP引入，无需升级直接备注结单即可。
   (2.4) jackson-databind: 升级至2.12.7.1、2.13.4.1或以上版本
   (2.5) Apache Commons Text: 升级至1.10.0或以上版本
   (2.1) xstream: 升级至1.4.20或以上版本
   (2.2) spring-security: 升级至5.5.7、5.6.9、5.7.5或以上版本；
   
   安全工单升级
   
   ### Description
   
   升级jar包版本
   
   ### Use case
   
   _No response_
   
   ### Solutions
   
   修改maven pom中的版本，如果存在依赖冲突问题，利用mvn:dependency:tree查看依赖关系，找到冲突地方可以进行单独排除依赖或者新增依赖到指定版本
   
   ### Anything else
   
   _No response_
   
   ### Are you willing to submit a PR?
   
   - [X] Yes I am willing to submit a PR!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org

[GitHub] [linkis] github-actions[bot] commented on issue #4629: [Feature][Module Name] Security Work Order Upgrade [maven pom]

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.

github-actions[bot] commented on issue #4629:
URL: https://github.com/apache/linkis/issues/4629#issuecomment-1592268786

   ## :blush:  Welcome to the Apache Linkis community!!
   We are glad that you are contributing by opening this issue.
   
   Please make sure to include all the relevant context.
   We will be here shortly.
   
   If you are interested in contributing to our website project, please let us know!
   You can check out our contributing guide on
    :point_right:  [How to Participate in Project Contribution](https://linkis.apache.org/community/how-to-contribute).
   
   
   ### Community
   
   |WeChat Assistant|WeChat Public Account|
   |-|-|
   |<img src="https://linkis.apache.org/Images/wedatasphere_contact_01.png" width="128"/>|<img src="https://linkis.apache.org/Images/gzh_01.png" width="128"/>|
   
   
   ### Mailing Lists
   |Name|Description|Subscribe|Unsubscribe|Archive|
   |:-----|:--------|:------|:-------|:-----|
   | [dev@linkis.apache.org](mailto:dev@linkis.apache.org) | community activity information | [subscribe](mailto:dev-subscribe@linkis.apache.org) | [unsubscribe](mailto:dev-unsubscribe@linkis.apache.org) | [archive](http://mail-archives.apache.org/mod_mbox/linkis-dev) |


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@linkis.apache.org
For additional commands, e-mail: notifications-help@linkis.apache.org