diff --git a/CHANGELOG.md b/CHANGELOG.md
index 76d9a778b..123ff7d01 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,3 +2,4 @@
---
- [Feature: Add config change listener feature support](https://github.com/Tencent/spring-cloud-tencent/pull/254)
+- [Upgrade: fix third-party lib CVEs & upgrade core spring libs version](https://github.com/Tencent/spring-cloud-tencent/pull/258)
diff --git a/pom.xml b/pom.xml
index a5613405b..214879889 100644
--- a/pom.xml
+++ b/pom.xml
@@ -91,6 +91,9 @@
2020.0.5
+
+ 5.3.21
+
0.8.3
3.2.0
@@ -123,6 +126,15 @@
pom
import
+
+
+
+ org.springframework
+ spring-framework-bom
+ ${spring.framework.version}
+ pom
+ import
+
diff --git a/spring-cloud-tencent-commons/pom.xml b/spring-cloud-tencent-commons/pom.xml
index 29398bbbc..e8de59272 100644
--- a/spring-cloud-tencent-commons/pom.xml
+++ b/spring-cloud-tencent-commons/pom.xml
@@ -14,9 +14,8 @@
Spring Cloud Tencent Commons
- 3.2.2
- 2.5
- 2.7
+ 2.6
+ 2.11.0
@@ -47,12 +46,6 @@
spring-cloud-starter
-
- commons-collections
- commons-collections
- ${commons.collections.version}
-
-
commons-lang
commons-lang
diff --git a/spring-cloud-tencent-dependencies/pom.xml b/spring-cloud-tencent-dependencies/pom.xml
index 793b89ade..46a35f9c7 100644
--- a/spring-cloud-tencent-dependencies/pom.xml
+++ b/spring-cloud-tencent-dependencies/pom.xml
@@ -71,10 +71,16 @@
1.6.0-2020.0.5
+
+
1.6.1
- 1.2.7
+ 1.2.11
4.5.1
1.12.10
+ 2.12.7
+ 3.16.1
+ 1.69
+ 31.0.1-jre
3.2.0
@@ -147,12 +153,69 @@
${revision}
+
+
+ com.google.guava
+ guava
+ ${guava.version}
+
+
+ jsr305
+ com.google.code.findbugs
+
+
+ animal-sniffer-annotations
+ org.codehaus.mojo
+
+
+ error_prone_annotations
+ com.google.errorprone
+
+
+
+
+
+ ch.qos.logback
+ logback-core
+ ${logback.version}
+
+
ch.qos.logback
logback-classic
${logback.version}
+
+ com.fasterxml.jackson.core
+ jackson-annotations
+ ${jackson.version}
+
+
+
+ com.fasterxml.jackson.core
+ jackson-core
+ ${jackson.version}
+
+
+
+ com.fasterxml.jackson.core
+ jackson-databind
+ ${jackson.version}
+
+
+
+ com.google.protobuf
+ protobuf-java
+ ${protobuf-java.version}
+
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+ ${bcprov-jdk15on.version}
+
+
org.mockito
mockito-inline
diff --git a/spring-cloud-tencent-polaris-loadbalancer/src/main/java/com/tencent/cloud/polaris/loadbalancer/LoadBalancerUtils.java b/spring-cloud-tencent-polaris-loadbalancer/src/main/java/com/tencent/cloud/polaris/loadbalancer/LoadBalancerUtils.java
index 33f67d2b1..0a6816ba0 100644
--- a/spring-cloud-tencent-polaris-loadbalancer/src/main/java/com/tencent/cloud/polaris/loadbalancer/LoadBalancerUtils.java
+++ b/spring-cloud-tencent-polaris-loadbalancer/src/main/java/com/tencent/cloud/polaris/loadbalancer/LoadBalancerUtils.java
@@ -27,10 +27,10 @@ import com.tencent.polaris.api.pojo.DefaultServiceInstances;
import com.tencent.polaris.api.pojo.Instance;
import com.tencent.polaris.api.pojo.ServiceInstances;
import com.tencent.polaris.api.pojo.ServiceKey;
-import org.apache.commons.collections.CollectionUtils;
import reactor.core.publisher.Flux;
import org.springframework.cloud.client.ServiceInstance;
+import org.springframework.util.CollectionUtils;
/**
* load balancer utils.
@@ -54,7 +54,7 @@ public class LoadBalancerUtils {
}).collect(Collectors.toList());
String serviceName = null;
- if (CollectionUtils.isNotEmpty(instances)) {
+ if (!CollectionUtils.isEmpty(instances)) {
serviceName = instances.get(0).getService();
}