dble icon indicating copy to clipboard operation
dble copied to clipboard

Published 20 hours ago verified publisher icon actiontech

修复fastjson漏洞,升级fastjson至1.2.83,可能存在不兼容的情况

Open TommyZC opened this issue 2 years ago • 1 comments

  • dble version:2.19.03/lts
  • 当前使用的fastjson版本为1.2.78,可能存在不兼容的情况
  • preconditions :
    no
  • configs:

schema.xml

rule.xml

server.xml
  • steps:
    step1.
  • expect result:
    1.
  • real result:
    1.
  • supplements:
    1.

TommyZC avatar May 30 '22 09:05 TommyZC

update fastjson to 1.2.83 directly refer: https://github.com/actiontech/dble/discussions/3002

how does dble turn on fastjson safeMode? add configuration in wrapper.cnf or bootstrap.cnf

wrapper.java.additional.13=-Dfastjson.parser.safeMode=true

refer:https://github.com/alibaba/fastjson/wiki/fastjson_safemode

PanternBao avatar May 31 '22 09:05 PanternBao