diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6e8baca7..2920cfe8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,5 @@
# Change Log
---
+- [Upgrade: fix third-party lib CVEs & upgrade core spring libs version](https://github.com/Tencent/spring-cloud-tencent/pull/263)
- [feat:support reading configuration from application.yml or application.properties.](https://github.com/Tencent/spring-cloud-tencent/pull/262)
diff --git a/pom.xml b/pom.xml
index 2355d912..b16ae808 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
org.springframework.cloud
spring-cloud-build
- 3.1.2
+ 3.1.3
4.0.0
@@ -86,10 +86,13 @@
- 1.6.0-2021.0.2-SNAPSHOT
+ 1.6.0-2021.0.3-SNAPSHOT
- 2021.0.2
+ 2021.0.3
+
+
+ 5.3.21
0.8.3
@@ -123,6 +126,15 @@
pom
import
+
+
+
+ org.springframework
+ spring-framework-bom
+ ${spring.framework.version}
+ pom
+ import
+
diff --git a/spring-cloud-tencent-commons/pom.xml b/spring-cloud-tencent-commons/pom.xml
index 29398bbb..e8de5927 100644
--- a/spring-cloud-tencent-commons/pom.xml
+++ b/spring-cloud-tencent-commons/pom.xml
@@ -14,9 +14,8 @@
Spring Cloud Tencent Commons
- 3.2.2
- 2.5
- 2.7
+ 2.6
+ 2.11.0
@@ -47,12 +46,6 @@
spring-cloud-starter
-
- commons-collections
- commons-collections
- ${commons.collections.version}
-
-
commons-lang
commons-lang
diff --git a/spring-cloud-tencent-dependencies/pom.xml b/spring-cloud-tencent-dependencies/pom.xml
index c5be544d..9cf8882f 100644
--- a/spring-cloud-tencent-dependencies/pom.xml
+++ b/spring-cloud-tencent-dependencies/pom.xml
@@ -5,7 +5,7 @@
org.springframework.cloud
spring-cloud-dependencies-parent
- 3.1.2
+ 3.1.3
4.0.0
@@ -70,12 +70,16 @@
- 1.6.0-2021.0.2-SNAPSHOT
+ 1.6.0-2021.0.3-SNAPSHOT
+
+
1.6.1
- 31.1-jre
- 1.2.7
+ 31.0.1-jre
+ 1.2.11
4.5.1
1.12.10
+ 3.16.1
+ 1.69
3.2.0
@@ -152,6 +156,26 @@
com.google.guava
guava
${guava.version}
+
+
+ jsr305
+ com.google.code.findbugs
+
+
+ animal-sniffer-annotations
+ org.codehaus.mojo
+
+
+ error_prone_annotations
+ com.google.errorprone
+
+
+
+
+
+ ch.qos.logback
+ logback-core
+ ${logback.version}
@@ -160,6 +184,18 @@
${logback.version}
+
+ com.google.protobuf
+ protobuf-java
+ ${protobuf-java.version}
+
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+ ${bcprov-jdk15on.version}
+
+
org.mockito
mockito-inline
diff --git a/spring-cloud-tencent-polaris-loadbalancer/src/main/java/com/tencent/cloud/polaris/loadbalancer/LoadBalancerUtils.java b/spring-cloud-tencent-polaris-loadbalancer/src/main/java/com/tencent/cloud/polaris/loadbalancer/LoadBalancerUtils.java
index 33f67d2b..0a6816ba 100644
--- a/spring-cloud-tencent-polaris-loadbalancer/src/main/java/com/tencent/cloud/polaris/loadbalancer/LoadBalancerUtils.java
+++ b/spring-cloud-tencent-polaris-loadbalancer/src/main/java/com/tencent/cloud/polaris/loadbalancer/LoadBalancerUtils.java
@@ -27,10 +27,10 @@ import com.tencent.polaris.api.pojo.DefaultServiceInstances;
import com.tencent.polaris.api.pojo.Instance;
import com.tencent.polaris.api.pojo.ServiceInstances;
import com.tencent.polaris.api.pojo.ServiceKey;
-import org.apache.commons.collections.CollectionUtils;
import reactor.core.publisher.Flux;
import org.springframework.cloud.client.ServiceInstance;
+import org.springframework.util.CollectionUtils;
/**
* load balancer utils.
@@ -54,7 +54,7 @@ public class LoadBalancerUtils {
}).collect(Collectors.toList());
String serviceName = null;
- if (CollectionUtils.isNotEmpty(instances)) {
+ if (!CollectionUtils.isEmpty(instances)) {
serviceName = instances.get(0).getService();
}