java-sec-code

java-sec-code copied to clipboard

Bumps jolokia-core from 1.6.0 to 1.6.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot]

Bumps poi from 3.10-FINAL to 4.1.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot]

Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.12 to 8.0.28. Changelog Sourced from mysql-connector-java's changelog. Changelog https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/ Version 8.0.29 Fix for Bug#21978230, COMMENT PARSING NOT PROPER IN PREPSTMT.EXECUTEBATCH(). Fix for Bug#81468 (23312764), MySQL server...

dependabot[bot]

Bumps [fastjson](https://github.com/alibaba/fastjson) from 1.2.24 to 1.2.83. Release notes Sourced from fastjson's releases. FASTJSON 1.2.83版本发布（安全修复） 这是一个安全修复版本，修复最近收到在特定场景下可以绕过autoType关闭限制的漏洞，建议fastjson用户尽快采取安全措施保障系统安全。 安全修复方案 ：https://github.com/alibaba/fastjson/wiki/security_update_20220523 Issues 安全加固 修复JDK17下setAccessible报错的问题 #4077 下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.83/ 文档 https://github.com/alibaba/fastjson/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98 源码 https://github.com/alibaba/fastjson/tree/1.2.83 fastjson 1.2.79版本发布，BUG修复 这又是一个bug...

dependabot[bot]

Bumps log4j-core from 2.9.1 to 2.17.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot]

docker 环境mysql 连接 报错 Public Key Retrieval is not allowed

2

Public Key Retrieval is not allowed

jax777

Bumps [xlsx-streamer](https://github.com/monitorjbl/excel-streaming-reader) from 2.0.0 to 2.1.0. Commits d07cd71 2.1.0 release 0749c7b Updating readme for security release 6247006 Preventing entity expansion during XML parsing b1645d7 Merge pull request #173 from pjfanning/issue-171...

dependabot[bot]

Bumps [xstream](https://github.com/x-stream/xstream) from 1.4.10 to 1.4.19. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

其实就是黑名单不全，思路是对的。

WhiteHSBG

Bumps [jsoup](https://github.com/jhy/jsoup) from 1.10.2 to 1.14.2. Release notes Sourced from jsoup's releases. jsoup 1.14.2 Caught by the fuzz! jsoup 1.14.2 is out now, and includes a set of parser bug...

dependabot[bot]