New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[安全相关] 2.1.8版本的依赖中带有高危漏洞，希望尽快修复 #49249

Open

ZaNksC opened this issue Mar 19, 2025 · 0 comments

ZaNksC commented Mar 19, 2025

带有漏洞的安全组件为 log4j 、Apache Commons Collections 、 jackson-databind
期望在下一个发行版本中修复，请问是否有修复计划。

log4j
- 版本：2.6.2
- 部分高危漏洞列表：
Apache Commons Collections
- 版本：3.2.1
- 部分高危漏洞列表：
  - CVE-2015-7501
  - CVE-2016-2518
jackson-databind
- 版本：2.12.7.2
- 部分高危漏洞列表：
  - CVE-2020-25649

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment