sds
sds copied to clipboard
didi
SDS是一个基于Java开发的简单、易用、高性能的服务降级系统,支持限流、熔断和降级等功能,服务端必备!!
Bumps [fastjson](https://github.com/alibaba/fastjson) from 1.2.60 to 1.2.83. Release notes Sourced from fastjson's releases. FASTJSON 1.2.83版本发布(安全修复) 这是一个安全修复版本,修复最近收到在特定场景下可以绕过autoType关闭限制的漏洞,建议fastjson用户尽快采取安全措施保障系统安全。 安全修复方案 :https://github.com/alibaba/fastjson/wiki/security_update_20220523 Issues 安全加固 修复JDK17下setAccessible报错的问题 #4077 下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.83/ 文档 https://github.com/alibaba/fastjson/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98 源码 https://github.com/alibaba/fastjson/tree/1.2.83 fastjson 1.2.79版本发布,BUG修复 这又是一个bug...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [dubbo](https://github.com/apache/incubator-dubbo) from 2.6.5 to 2.6.12. Release notes Sourced from dubbo's releases. dubbo-2.6.12 What's Changed [2.6] update hessian lite version: 3.2.11 -> 3.2.12 (#9455) dubbo-2.6.11 Change Lists Add serialize id...
Bumps [dubbo](https://github.com/apache/dubbo) from 2.7.3 to 2.7.15. Release notes Sourced from dubbo's releases. dubbo-2.7.15 Bugfix dubbo-spring-boot-actuator compatible with Spring Boot Actuator 2.6.x Check before use to avoid possible NPE in MetadataInfo...
Bumps [dubbo](https://github.com/apache/dubbo) from 2.7.5 to 2.7.15. Release notes Sourced from dubbo's releases. dubbo-2.7.15 Bugfix dubbo-spring-boot-actuator compatible with Spring Boot Actuator 2.6.x Check before use to avoid possible NPE in MetadataInfo...
嵌入admin配置界面有点繁琐,虽然功能比较多,但是可能只需要用几个简单的配置项做为轻量级的工具使用,很多公司有自己的统一配置平台,比如开源的apollo,不知道可否支持一下
https://github.com/didi/sds/blob/0ac9dbe98b6e019bede3517dc333cf2a9e3c4013/sds-admin/src/main/java/com/didiglobal/sds/admin/controller/HeartbeatController.java#L43 https://github.com/didi/sds/blob/0ac9dbe98b6e019bede3517dc333cf2a9e3c4013/sds-admin/src/main/java/com/didiglobal/sds/admin/controller/HeartbeatController.java#L63 The method writes unvalidated input into JSON. This call could allow an attacker to inject arbitrary elements or attributes into the JSON entity.
https://github.com/didi/sds/blob/0ac9dbe98b6e019bede3517dc333cf2a9e3c4013/sds-admin/src/main/java/com/didiglobal/sds/admin/controller/HeartbeatController.java#L71-L73 There may be special characters in ‘’request.getParameter("client")‘’.Sending unvalidated data to a web browser can result in the browser executing malicious code.
工程:sds-extension/sds-apache-dubbo 类:SdsApacheDubboFilter 如下:这里是查找 dubbo 接口对应的降级处理,没有考虑方法重载的情况 
**Is your feature request related to a problem? Please describe.** no **Describe the solution you'd like** add suuport for apache dubbo **Describe alternatives you've considered** currently support apache dubbo 2.7.3...
