|
@@ -47,7 +47,8 @@
|
|
|
<!-- CVE-2023-6378 / CVE-2023-6481: logback receiver 反序列化 DoS,1.2.x 需 >= 1.2.13 -->
|
|
<!-- CVE-2023-6378 / CVE-2023-6481: logback receiver 反序列化 DoS,1.2.x 需 >= 1.2.13 -->
|
|
|
<logback.version>1.2.13</logback.version>
|
|
<logback.version>1.2.13</logback.version>
|
|
|
<!-- CVE-2026-42579: netty-codec-dns 未校验 RFC 1035 域名,4.1.x 需 >= 4.1.133.Final -->
|
|
<!-- CVE-2026-42579: netty-codec-dns 未校验 RFC 1035 域名,4.1.x 需 >= 4.1.133.Final -->
|
|
|
- <netty.version>4.1.133.Final</netty.version>
|
|
|
|
|
|
|
+ <!-- netty-codec-redis 需 >= 4.1.135.Final(或 4.2.15.Final+) -->
|
|
|
|
|
+ <netty.version>4.1.135.Final</netty.version>
|
|
|
<!-- CVE-2022-45688 / CVE-2022-45690 / CVE-2022-4565: hutool-json DoS,需 >= 5.8.25(XML.toJSONObject)/ 5.8.11(ZipUtil) -->
|
|
<!-- CVE-2022-45688 / CVE-2022-45690 / CVE-2022-4565: hutool-json DoS,需 >= 5.8.25(XML.toJSONObject)/ 5.8.11(ZipUtil) -->
|
|
|
<hutool.version>5.8.38</hutool.version>
|
|
<hutool.version>5.8.38</hutool.version>
|
|
|
<!-- CVE-2022-45688: org.json XML.toJSONObject 栈溢出 DoS,需 >= 20230227 -->
|
|
<!-- CVE-2022-45688: org.json XML.toJSONObject 栈溢出 DoS,需 >= 20230227 -->
|
|
@@ -276,6 +277,11 @@
|
|
|
<artifactId>netty-codec-http</artifactId>
|
|
<artifactId>netty-codec-http</artifactId>
|
|
|
<version>${netty.version}</version>
|
|
<version>${netty.version}</version>
|
|
|
</dependency>
|
|
</dependency>
|
|
|
|
|
+ <dependency>
|
|
|
|
|
+ <groupId>io.netty</groupId>
|
|
|
|
|
+ <artifactId>netty-codec-redis</artifactId>
|
|
|
|
|
+ <version>${netty.version}</version>
|
|
|
|
|
+ </dependency>
|
|
|
<dependency>
|
|
<dependency>
|
|
|
<groupId>io.netty</groupId>
|
|
<groupId>io.netty</groupId>
|
|
|
<artifactId>netty-transport-native-unix-common</artifactId>
|
|
<artifactId>netty-transport-native-unix-common</artifactId>
|