security: fix some security vulnerabilities (apache#4650)

build/pom.xml

@@ -74,6 +74,7 @@
 
         <!-- The version of spring-boot for 'spring-boot-dependencies' and 'spring-boot-maven-plugin' -->
         <spring-boot.version>2.4.13</spring-boot.version>
+        <spring-framework.version>5.3.18</spring-framework.version>
 
         <!-- Maven plugin versions -->
         <!-- Build -->

changes/en-us/develop.md

@@ -0,0 +1,22 @@
+Add changes here for all PR submitted to the develop branch.
+
+
+<!-- Please add the `changes` to the following location(feature/bugfix/optimize/test) based on the type of PR -->
+
+### feature：
+
+
+### bugfix：
+
+
+### optimize：
+- [[#4650](https://github.com/seata/seata/pull/4650)] fix some security vulnerabilities
+
+### test:
+
+Thanks to these contributors for their code commits. Please report an unintended omission.
+
+<!-- Please make sure your Github ID is in the list below -->
+- [slievrly](https://github.com/slievrly)
+
+Also, we receive many valuable issues, questions and advices from our community. Thanks for you all.

changes/zh-cn/develop.md

@@ -0,0 +1,20 @@
+所有提交到 develop 分支的 PR 请在此处登记。
+
+<!-- 请根据PR的类型添加 `变更记录` 到以下对应位置(feature/bugfix/optimize/test) 下 -->
+
+### feature：
+
+### bugfix：
+
+### optimize：
+- [[#4650](https://github.com/seata/seata/pull/4650)] 修复安全漏洞
+
+### test：
+
+
+非常感谢以下 contributors 的代码贡献。若有无意遗漏，请报告。
+
+<!-- 请确保您的 GitHub ID 在以下列表中 -->
+- [slievrly](https://github.com/slievrly)
+
+同时，我们收到了社区反馈的很多有价值的issue和建议，非常感谢大家。

dependencies/pom.xml

@@ -37,7 +37,7 @@
         <hsf.version>1.8.3</hsf.version>
         <dubbo.alibaba.version>2.6.5</dubbo.alibaba.version>
         <sofa.rpc.version>5.5.3</sofa.rpc.version>
-        <fastjson.version>1.2.73</fastjson.version>
+        <fastjson.version>1.2.83</fastjson.version>
         <protostuff.version>1.5.9</protostuff.version>
         <config.version>1.2.1</config.version>
         <commons-logging.version>1.2</commons-logging.version>
@@ -114,11 +114,26 @@
 
     <dependencyManagement>
         <dependencies>
+            <!-- spring-framework CVE-2022-22965-->
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-framework-bom</artifactId>
+                <version>${spring-framework.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+
             <!-- spring-boot -->
             <dependency>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-dependencies</artifactId>
                 <version>${spring-boot.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.springframework</groupId>
+                        <artifactId>spring-framework-bom</artifactId>
+                    </exclusion>
+                </exclusions>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

spring/pom.xml

@@ -63,18 +63,6 @@
             <groupId>org.springframework</groupId>
             <artifactId>spring-context</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-core</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-beans</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-aop</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.jetbrains.kotlin</groupId>
             <artifactId>kotlin-stdlib-jdk8</artifactId>