-
Notifications
You must be signed in to change notification settings - Fork 490
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
组件漏洞 #732
Closed
Labels
good first issue
Good for newcomers
Comments
你好,能详细解释下业务为何无法指定版本吗? |
OK, 了解了,是 sofaArk compile 依赖了这几个依赖引入导致的。 |
vcjmhg
pushed a commit
to vcjmhg/sofa-ark
that referenced
this issue
Oct 21, 2023
Closed
This was referenced Nov 24, 2023
Merged
36 tasks
15 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the question or bug
以下组件有漏洞,被打包到sofa-ark-all-2.2.1.jar/lib/ 中,业务无法指定pom版本来进行升级
Guava-30.1-jre:CVE-2023-2976 -高危
Netty Handler-4.1.90.Final:CVE-2023-34462 -中危
Environment
java -version
):1.8uname -a
):LinuxThe text was updated successfully, but these errors were encountered: