升级springboot2.7，Spring Security 5.7.14 2.0

fs-admin/src/main/java/com/fs/company/controller/CompanyUserAllController.java

@@ -3,7 +3,7 @@ package com.fs.company.controller;
 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.http.HttpRequest;
 import cn.hutool.json.JSONUtil;
-import com.baidu.dev2.thirdparty.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fs.common.annotation.Log;
 import com.fs.common.constant.UserConstants;
 import com.fs.common.core.controller.BaseController;

fs-common/pom.xml

@@ -134,12 +134,6 @@
             <groupId>org.springframework</groupId>
             <artifactId>spring-expression</artifactId>
         </dependency>
-        <!-- https://mvnrepository.com/artifact/com.baidu.dev2/baiduads-sdk -->
-        <dependency>
-            <groupId>com.baidu.dev2</groupId>
-            <artifactId>baiduads-sdk</artifactId>
-            <version>2023.1.0</version>
-        </dependency>
         <dependency>
             <groupId>com.nuonuo</groupId>
             <artifactId>open-sdk</artifactId>

fs-company/src/main/java/com/fs/company/controller/company/CompanyUserController.java

@@ -3,7 +3,7 @@ package com.fs.company.controller.company;
 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.http.HttpRequest;
 import cn.hutool.json.JSONUtil;
-import com.baidu.dev2.thirdparty.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fs.common.annotation.Log;
 import com.fs.common.constant.UserConstants;
 import com.fs.common.core.controller.BaseController;

fs-service/pom.xml

@@ -57,12 +57,6 @@
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
         </dependency>
-        <dependency>
-            <groupId>com.baidu.dev2</groupId>
-            <artifactId>baiduads-sdk</artifactId>
-            <version>2023.1.0</version>
-        </dependency>
-
         <dependency>
             <groupId>com.tzbank</groupId>
             <artifactId>tzbClient</artifactId>

fs-service/src/main/java/com/fs/company/vo/CompanyDomainBindUserVo.java

@@ -1,6 +1,6 @@
 package com.fs.company.vo;
 
-import com.baidu.dev2.thirdparty.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonFormat;
 import com.fs.common.annotation.Excel;
 import com.fs.common.core.domain.BaseEntity;
 import lombok.Data;

fs-service/src/main/java/com/fs/company/vo/CompanyDomainBindVo.java

@@ -1,6 +1,6 @@
 package com.fs.company.vo;
 
-import com.baidu.dev2.thirdparty.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonFormat;
 import com.fs.common.annotation.Excel;
 import lombok.Data;
 

fs-service/src/main/java/com/fs/company/vo/CompanyDomainVo.java

@@ -1,6 +1,6 @@
 package com.fs.company.vo;
 
-import com.baidu.dev2.thirdparty.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonFormat;
 import com.fs.common.annotation.Excel;
 import lombok.Data;
 

fs-service/src/main/java/com/fs/course/domain/FinishCourseStatistics.java

@@ -1,6 +1,6 @@
 package com.fs.course.domain;
 
-import com.baidu.dev2.thirdparty.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonFormat;
 import com.fs.common.annotation.Excel;
 import lombok.Data;
 

fs-service/src/main/java/com/fs/course/param/FsUserCourseVideoParam.java

@@ -1,6 +1,6 @@
 package com.fs.course.param;
 
-import com.baidu.dev2.thirdparty.swagger.annotations.ApiModelProperty;
+import io.swagger.annotations.ApiModelProperty;
 import com.fs.common.annotation.Excel;
 import lombok.Data;
 

fs-service/src/main/java/com/fs/course/param/HsBookDoctorInfoParam.java

@@ -1,6 +1,6 @@
 package com.fs.course.param;
 
-import com.baidu.dev2.thirdparty.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModel;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;

fs-service/src/main/java/com/fs/course/param/HsRedirectParam.java

@@ -1,6 +1,6 @@
 package com.fs.course.param;
 
-import com.baidu.dev2.thirdparty.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModel;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;

fs-service/src/main/java/com/fs/newAdv/integration/client/advertiser/OceanEngineApiClient.java

@@ -5,8 +5,8 @@ import cn.hutool.http.HttpResponse;
 import cn.hutool.json.JSONArray;
 import cn.hutool.json.JSONObject;
 import cn.hutool.json.JSONUtil;
-import com.baidu.dev2.thirdparty.jackson.core.JsonProcessingException;
-import com.baidu.dev2.thirdparty.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fs.common.constant.SystemConstant;
 import com.fs.newAdv.domain.PromotionAccount;
 import com.fs.newAdv.domain.SiteStatistics;

pom.xml

@@ -54,6 +54,8 @@
         <org.json.version>20240303</org.json.version>
         <!-- CVE-2021-46877: jackson-databind JsonNode JDK 序列化 DoS，2.13.x 需 >= 2.13.1 -->
         <jackson.version>2.13.5</jackson.version>
+        <!-- CVE-2022-38749: snakeyaml 解析不可信 YAML 栈溢出 DoS，需 >= 1.31 -->
+        <snakeyaml.version>1.33</snakeyaml.version>
         <!-- CVE-2021-44832: log4j2 JDBC Appender JNDI RCE，Java 8 需 >= 2.17.1 -->
         <log4j2.version>2.17.1</log4j2.version>
         <!-- CVE-2021-36090: commons-compress 畸形 ZIP 导致 OOM DoS，需 >= 1.21 -->
@@ -175,6 +177,13 @@
                 <version>${jackson.version}</version>
             </dependency>
 
+            <!-- 修复 CVE-2022-38749（覆盖 Spring Boot 2.7 默认 snakeyaml 1.30） -->
+            <dependency>
+                <groupId>org.yaml</groupId>
+                <artifactId>snakeyaml</artifactId>
+                <version>${snakeyaml.version}</version>
+            </dependency>
+
             <!-- 覆盖 Boot BOM 默认 5.7.11；CVE-2026-22732 在 5.7.x 无 OSS 补丁，需配合 EagerSecurityHeadersBeanPostProcessor -->
             <dependency>
                 <groupId>org.springframework.security</groupId>
@@ -572,6 +581,7 @@
                 <artifactId>IJPay-All</artifactId>
                 <version>${ijpay-version}</version>
             </dependency>
+
         </dependencies>
     </dependencyManagement>