Skip to content

fix Spring Security vulnerability(cve-2022-22978)issue#8540, upgeade springboot version to 2.6.8 #8541

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
KomachiSion merged 1 commit into from
Jun 10, 2022
Merged

fix Spring Security vulnerability(cve-2022-22978)issue#8540, upgeade springboot version to 2.6.8 #8541

KomachiSion merged 1 commit into from
Jun 10, 2022

Conversation

@chenhao26-nineteen
Copy link
Collaborator

@chenhao26-nineteen chenhao26-nineteen commented Jun 8, 2022
edited
Loading

Please do not create a Pull Request without creating an issue first.

What is the purpose of the change

For #8540 fix spring security vulnerability(cve-2022-22978)issue#8540

Brief changelog

XX

Verifying this change

XXXX

Follow this checklist to help us incorporate your contribution quickly and easily:

  • Make sure there is a Github issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a Github issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue.
  • Format the pull request title like [ISSUE #123] Fix UnknownException when host config not exist. Each commit in the pull request should have a meaningful subject line and body.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Write necessary unit-test to verify your logic correction, more mock a little better when cross module dependency exist. If the new feature or significant change is committed, please remember to add integration-test in test module.
  • Run mvn -B clean package apache-rat:check findbugs:findbugs -Dmaven.test.skip=true to make sure basic checks pass. Run mvn clean install -DskipITs to make sure unit-test pass. Run mvn clean test-compile failsafe:integration-test to make sure integration-test pass.

@karsonto
Copy link
Contributor

karsonto commented Jun 8, 2022

Why not direct upgrade to 2.7.0?

@chenhao26-nineteen
Copy link
Collaborator Author

chenhao26-nineteen commented Jun 9, 2022

Why not direct upgrade to 2.7.0?

The current version meets vulnerability repair, and it is not clear whether the higher version is compatible

@KomachiSion KomachiSion added this to the 2.1.1 milestone Jun 10, 2022
@KomachiSion KomachiSion added the dependencies Pull requests that update a dependency file label Jun 10, 2022
@KomachiSion KomachiSion merged commit 9273252 into alibaba:develop Jun 10, 2022
@onewe onewe mentioned this pull request Jun 23, 2022
Closed
This was referenced Aug 1, 2022
Closed
Closed
myoss added a commit to myoss/nacos that referenced this pull request Dec 23, 2022
@myoss
fix alibaba#8541 upgeade springboot version to 2.6.8
696db44 
Authorization bypass in Spring Security: GHSA-hh32-7344-cg2f
@myoss myoss mentioned this pull request Dec 23, 2022
Merged
5 tasks
myoss added a commit to myoss/nacos that referenced this pull request Jan 5, 2023
@myoss
fix alibaba#8541 upgeade springboot version to 2.6.8
f39ee2f
KomachiSion pushed a commit that referenced this pull request Jan 10, 2023
@myoss
fix #8541 upgeade springboot version to 2.6.8 (#9745)
88110c7 
* fix #8541 upgeade springboot version to 2.6.8

Authorization bypass in Spring Security: GHSA-hh32-7344-cg2f

* fix #8541 upgeade springboot version to 2.6.8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KomachiSion KomachiSion KomachiSion approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

2.1.1

Development

Successfully merging this pull request may close these issues.

3 participants

@chenhao26-nineteen @karsonto @KomachiSion