From febd0f256c6cd0bbb8249f1db68e47997706a2ef Mon Sep 17 00:00:00 2001 From: slievrly Date: Tue, 6 Feb 2024 14:34:15 +0800 Subject: [PATCH 1/2] security: upgrade spring mvc and tomcat.embed --- console/pom.xml | 16 ++++++++++++++++ dependencies/pom.xml | 19 +++++++++++++++++++ server/pom.xml | 14 ++++++++++++++ test-mock-server/pom.xml | 1 + test/pom.xml | 2 ++ 5 files changed, 52 insertions(+) diff --git a/console/pom.xml b/console/pom.xml index befec3fb346..52cb7daba2a 100644 --- a/console/pom.xml +++ b/console/pom.xml @@ -35,6 +35,7 @@ 2.7.17 5.3.30 2.0 + 9.0.83 @@ -80,6 +81,11 @@ snakeyaml ${snakeyaml-for-server.version} + + org.apache.tomcat.embed + tomcat-embed-core + ${tomcat-embed.version} + @@ -97,6 +103,12 @@ org.springframework.boot spring-boot-starter-web + + + org.apache.tomcat.embed + tomcat-embed-core + + org.springframework.boot @@ -124,6 +136,10 @@ jjwt-jackson runtime + + org.apache.tomcat.embed + tomcat-embed-core + diff --git a/dependencies/pom.xml b/dependencies/pom.xml index b4121788fd3..72e55a9b27d 100644 --- a/dependencies/pom.xml +++ b/dependencies/pom.xml @@ -122,6 +122,10 @@ 1.4.32 1.4.3 + + 5.3.26 + 9.0.83 + 4.11.0 3.12.2 @@ -160,6 +164,10 @@ org.springframework spring-framework-bom + + org.apache.tomcat.embed + tomcat-embed-core + pom import @@ -776,6 +784,17 @@ janino ${janino-version} + + + + org.springframework + spring-webmvc + ${spring-webmvc.version} + + + org.apache.tomcat.embed + tomcat-embed-core + diff --git a/server/pom.xml b/server/pom.xml index cc5629b176f..fb426e8c919 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -35,6 +35,7 @@ 2.7.17 5.3.30 2.0 + 9.0.83 @@ -80,6 +81,11 @@ snakeyaml ${snakeyaml-for-server.version} + + org.apache.tomcat.embed + tomcat-embed-core + ${tomcat-embed.version} + @@ -93,6 +99,10 @@ log4j-to-slf4j org.apache.logging.log4j + + org.apache.tomcat.embed + tomcat-embed-core + @@ -257,6 +267,10 @@ org.codehaus.janino janino + + org.apache.tomcat.embed + tomcat-embed-core + diff --git a/test-mock-server/pom.xml b/test-mock-server/pom.xml index 466f42f2af2..74773f94c4d 100644 --- a/test-mock-server/pom.xml +++ b/test-mock-server/pom.xml @@ -41,6 +41,7 @@ + org.apache.seata seata-server diff --git a/test/pom.xml b/test/pom.xml index dc7e8a34212..e02fd088d5f 100644 --- a/test/pom.xml +++ b/test/pom.xml @@ -49,6 +49,8 @@ seata-tm ${project.version} + + ${project.groupId} seata-server From a0c6e3cc10b3871a6e64ccaf7cb6f5204917cfa1 Mon Sep 17 00:00:00 2001 From: slievrly Date: Tue, 6 Feb 2024 14:40:55 +0800 Subject: [PATCH 2/2] add change --- changes/en-us/2.x.md | 1 + changes/zh-cn/2.x.md | 1 + 2 files changed, 2 insertions(+) diff --git a/changes/en-us/2.x.md b/changes/en-us/2.x.md index 898880d63d6..1e42e751b84 100644 --- a/changes/en-us/2.x.md +++ b/changes/en-us/2.x.md @@ -91,6 +91,7 @@ Add changes here for all PR submitted to the 2.x branch. - [[#6145](https://github.com/apache/incubator-seata/pull/6145)] upgrade jettison to 1.5.4 - [[#6144](https://github.com/apache/incubator-seata/pull/6144)] upgrade nacos client to 1.4.6 - [[#6147](https://github.com/apache/incubator-seata/pull/6147)] upgrade kafka-clients to 3.6.1 +- [[#6339](https://github.com/apache/incubator-seata/pull/6339)] upgrade spring mvc and tomcat.embed ### test: - [[#6081](https://github.com/apache/incubator-seata/pull/6081)] add `test-os.yml` for testing the OS diff --git a/changes/zh-cn/2.x.md b/changes/zh-cn/2.x.md index e8795ee2679..4f9bec517e0 100644 --- a/changes/zh-cn/2.x.md +++ b/changes/zh-cn/2.x.md @@ -90,6 +90,7 @@ - [[#6144](https://github.com/apache/incubator-seata/pull/6144)] 升级Nacos依赖版本至1.4.6 - [[#6145](https://github.com/apache/incubator-seata/pull/6145)] 升级 jettison依赖版本至1.5.4 - [[#6147](https://github.com/apache/incubator-seata/pull/6147)] 升级 kafka-clients依赖至3.6.1 +- [[#6339](https://github.com/apache/incubator-seata/pull/6339)] 升级 spring mvc 和 tomcat.embed 依赖 ### test: - [[#6081](https://github.com/apache/incubator-seata/pull/6081)] 添加 `test-os.yml` 用于测试seata在各种操作系统下的运行情况