JavaCodeAudit issues

Bump jackson-databind from 2.5.1 to 2.12.6.1 in /【03】XSS 漏洞原理与实际案例介绍/jeesns-v1.3/jeesns-core

Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.5.1 to 2.12.6.1. Commits See full diff in compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.fasterxml.jackson.core:jackson-databind&package-manager=maven&previous-version=2.5.1&new-version=2.12.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

dependencies

java

Bump shiro-core from 1.3.2 to 1.9.1 in /【02】SQL 漏洞原理与实际案例介绍/ofcms/ofcms-admin

Bumps [shiro-core](https://github.com/apache/shiro) from 1.3.2 to 1.9.1. Changelog Sourced from shiro-core's changelog. Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed...

dependabot[bot]

dependencies

java

Bump poi from 3.10.1 to 4.1.1 in /【02】SQL 漏洞原理与实际案例介绍/ofcms

Bumps poi from 3.10.1 to 4.1.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.poi:poi&package-manager=maven&previous-version=3.10.1&new-version=4.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot]

dependencies

java

Bump mysql-connector-java from 8.0.15 to 8.0.28 in /【03】XSS 漏洞原理与实际案例介绍/jeesns-v1.3/jeesns-web

Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.15 to 8.0.28. Changelog Sourced from mysql-connector-java's changelog. Changelog https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/ Version 8.0.29 Fix for Bug#21978230, COMMENT PARSING NOT PROPER IN PREPSTMT.EXECUTEBATCH(). Fix for Bug#81468 (23312764), MySQL server...

dependabot[bot]

dependencies

java

Bump mysql-connector-java from 5.1.20 to 8.0.28 in /【02】SQL 漏洞原理与实际案例介绍/ofcms

Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 5.1.20 to 8.0.28. Changelog Sourced from mysql-connector-java's changelog. Changelog https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/ Version 8.0.29 Fix for Bug#21978230, COMMENT PARSING NOT PROPER IN PREPSTMT.EXECUTEBATCH(). Fix for Bug#81468 (23312764), MySQL server...

dependabot[bot]

dependencies

java

Bump mysql-connector-java from 5.1.30 to 8.0.28 in /【03】XSS 漏洞原理与实际案例介绍/jeesns-v1.3/jeesns-core

Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 5.1.30 to 8.0.28. Changelog Sourced from mysql-connector-java's changelog. Changelog https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/ Version 8.0.29 Fix for Bug#21978230, COMMENT PARSING NOT PROPER IN PREPSTMT.EXECUTEBATCH(). Fix for Bug#81468 (23312764), MySQL server...

dependabot[bot]

dependencies

java

Bump fastjson from 1.1.41 to 1.2.83 in /【02】SQL 漏洞原理与实际案例介绍/ofcms

Bumps [fastjson](https://github.com/alibaba/fastjson) from 1.1.41 to 1.2.83. Release notes Sourced from fastjson's releases. FASTJSON 1.2.83版本发布（安全修复）这是一个安全修复版本，修复最近收到在特定场景下可以绕过autoType关闭限制的漏洞，建议fastjson用户尽快采取安全措施保障系统安全。安全修复方案：https://github.com/alibaba/fastjson/wiki/security_update_20220523 Issues 安全加固修复JDK17下setAccessible报错的问题 #4077 下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.83/ 文档 https://github.com/alibaba/fastjson/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98 源码 https://github.com/alibaba/fastjson/tree/1.2.83 fastjson 1.2.79版本发布，BUG修复这又是一个bug...

dependabot[bot]

dependencies

java

Bump spring-core from 4.2.6.RELEASE to 5.2.22.RELEASE in /【03】XSS 漏洞原理与实际案例介绍/jeesns-v1.3/jeesns-core

Bumps [spring-core](https://github.com/spring-projects/spring-framework) from 4.2.6.RELEASE to 5.2.22.RELEASE. Release notes Sourced from spring-core's releases. v5.2.22.RELEASE :star: New Features Refine CachedIntrospectionResults property introspection #28446 :lady_beetle: Bug Fixes Ignore invalid STOMP frame #28444 v5.2.21.RELEASE...

dependabot[bot]

dependencies

java

Bump gson from 2.8.0 to 2.8.9 in /【02】SQL 漏洞原理与实际案例介绍/ofcms

Bumps [gson](https://github.com/google/gson) from 2.8.0 to 2.8.9. Release notes Sourced from gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (#1993). Deprecate Gson.excluder() exposing internal Excluder class (#1986). Prevent...

dependabot[bot]

dependencies

java

Bump lodash from 4.17.11 to 4.17.21 in /【04】SSRF 漏洞原理与实际案例介绍/hawtio-hawtio-2.5.0/hawtio-console-assembly/app

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.21. Commits f299b52 Bump to v4.17.21 c4847eb Improve performance of toNumber, trim and trimEnd on large input strings 3469357 Prevent command injection through _.template's variable...

dependabot[bot]

dependencies

javascript

JavaCodeAudit
JavaCodeAudit copied to clipboard

Metadata

Bump jackson-databind from 2.5.1 to 2.12.6.1 in /【03】XSS 漏洞原理与实际案例介绍/jeesns-v1.3/jeesns-core

Bump shiro-core from 1.3.2 to 1.9.1 in /【02】SQL 漏洞原理与实际案例介绍/ofcms/ofcms-admin

Bump poi from 3.10.1 to 4.1.1 in /【02】SQL 漏洞原理与实际案例介绍/ofcms

Bump mysql-connector-java from 8.0.15 to 8.0.28 in /【03】XSS 漏洞原理与实际案例介绍/jeesns-v1.3/jeesns-web

Bump mysql-connector-java from 5.1.20 to 8.0.28 in /【02】SQL 漏洞原理与实际案例介绍/ofcms

Bump mysql-connector-java from 5.1.30 to 8.0.28 in /【03】XSS 漏洞原理与实际案例介绍/jeesns-v1.3/jeesns-core

Bump fastjson from 1.1.41 to 1.2.83 in /【02】SQL 漏洞原理与实际案例介绍/ofcms

Bump spring-core from 4.2.6.RELEASE to 5.2.22.RELEASE in /【03】XSS 漏洞原理与实际案例介绍/jeesns-v1.3/jeesns-core

Bump gson from 2.8.0 to 2.8.9 in /【02】SQL 漏洞原理与实际案例介绍/ofcms

Bump lodash from 4.17.11 to 4.17.21 in /【04】SSRF 漏洞原理与实际案例介绍/hawtio-hawtio-2.5.0/hawtio-console-assembly/app

← Metadata

Owner

Metadata

JavaCodeAudit JavaCodeAudit copied to clipboard

Metadata

← Metadata

Owner

Metadata

JavaCodeAudit
JavaCodeAudit copied to clipboard