EAMS
EAMS copied to clipboard
martin-chips
高校学生评优评奖系统
Bumps [shiro-core](https://github.com/apache/shiro) from 1.5.0 to 1.9.1. Changelog Sourced from shiro-core's changelog. Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps shiro-spring from 1.5.0 to 1.7.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Bumps [jsoup](https://github.com/jhy/jsoup) from 1.11.3 to 1.14.2. Release notes Sourced from jsoup's releases. jsoup 1.14.2 Caught by the fuzz! jsoup 1.14.2 is out now, and includes a set of parser bug...
Bumps commons-io from 2.5 to 2.7. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Bumps `shiro.version` from 1.5.0 to 1.7.1. Updates `shiro-core` from 1.5.0 to 1.7.1 Changelog Sourced from shiro-core's changelog. 1.7.1 ########################################################### Bug [SHIRO-797] - Shiro 1.7.0 is lower than using springboot version...
Bumps [jsoup](https://github.com/jhy/jsoup) from 1.11.3 to 1.15.3. Release notes Sourced from jsoup's releases. jsoup 1.15.3 jsoup 1.15.3 is out now, and includes a security fix for potential XSS attacks, along with...
In `EAMS/eams-framework/src/main/java/com/dimple/framework/config/ShiroConfig.java` we can find a fixed key and uses this key to encrypt the rememberMe parameter in the cookie. It will cause deserialization vulnerability [](https://imgse.com/i/xoSgmT) I set up a...
