feat:upgrade to 2023.0.5. (#1588)

pull/1596/head
Haotian Zhang 3 months ago committed by GitHub
parent 8b7ce2fe29
commit f58974bf3b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -3,3 +3,4 @@
- [fix: add gateway context config example.](https://github.com/Tencent/spring-cloud-tencent/pull/1564)
- [feat:support config empty protection.](https://github.com/Tencent/spring-cloud-tencent/pull/1586)
- [feat:upgrade to 2023.0.5.](https://github.com/Tencent/spring-cloud-tencent/pull/1588)

@ -5,7 +5,7 @@
<parent>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-build</artifactId>
<version>4.1.3</version>
<version>4.1.5</version>
<relativePath/>
</parent>
<modelVersion>4.0.0</modelVersion>
@ -90,16 +90,16 @@
<properties>
<!-- Project revision -->
<revision>2.0.2.0-2023.0.3-SNAPSHOT</revision>
<revision>2.0.2.0-2023.0.5-SNAPSHOT</revision>
<!-- Spring Framework -->
<spring.framework.version>6.1.14</spring.framework.version>
<spring.framework.version>6.1.20</spring.framework.version>
<!-- Spring Boot -->
<spring.boot.version>3.3.5</spring.boot.version>
<spring.boot.version>3.3.12</spring.boot.version>
<!-- Spring Cloud -->
<spring.cloud.version>2023.0.3</spring.cloud.version>
<spring.cloud.version>2023.0.5</spring.cloud.version>
<!-- Maven Plugin Versions -->
<jacoco.version>0.8.12</jacoco.version>

@ -5,7 +5,7 @@
<parent>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies-parent</artifactId>
<version>4.1.3</version>
<version>4.1.5</version>
<relativePath/>
</parent>
<modelVersion>4.0.0</modelVersion>
@ -71,7 +71,7 @@
<properties>
<!-- Project revision -->
<revision>2.0.2.0-2023.0.3-SNAPSHOT</revision>
<revision>2.0.2.0-2023.0.5-SNAPSHOT</revision>
<!-- Polaris SDK version -->
<polaris.version>2.0.2.0-SNAPSHOT</polaris.version>
@ -207,12 +207,6 @@
<version>${revision}</version>
</dependency>
<dependency>
<groupId>com.tencent.cloud</groupId>
<artifactId>spring-cloud-tencent-security-protection-plugin</artifactId>
<version>${revision}</version>
</dependency>
<!-- third part framework dependencies -->
<dependency>
<groupId>org.springdoc</groupId>

@ -21,7 +21,6 @@
<module>spring-cloud-starter-tencent-threadlocal-plugin</module>
<module>spring-cloud-starter-tencent-trace-plugin</module>
<module>spring-cloud-starter-tencent-fault-tolerance</module>
<module>spring-cloud-tencent-security-protection-plugin</module>
</modules>
</project>

@ -1,59 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>spring-cloud-tencent-plugin-starters</artifactId>
<groupId>com.tencent.cloud</groupId>
<version>${revision}</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>spring-cloud-tencent-security-protection-plugin</artifactId>
<name>Spring Cloud Tencent Lossless Plugin</name>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webflux</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-inline</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
</project>

@ -1,52 +0,0 @@
/*
* Tencent is pleased to support the open source community by making spring-cloud-tencent available.
*
* Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved.
*
* Licensed under the BSD 3-Clause License (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://opensource.org/licenses/BSD-3-Clause
*
* Unless required by applicable law or agreed to in writing, software distributed
* under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package com.tencent.cloud.plugin.protection;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ConfigurableApplicationContext;
/**
* ExitUtils.
*
* @author Shedfree Wu
*/
public final class ExitUtils {
private ExitUtils() {
}
public static void exit(ApplicationContext context) {
exit(context, 3000);
}
public static void exit(ApplicationContext context, int delay) {
if (context instanceof ConfigurableApplicationContext) {
ConfigurableApplicationContext configurableContext = (ConfigurableApplicationContext) context;
configurableContext.close();
}
try {
Thread.sleep(delay);
}
catch (InterruptedException e) {
// do nothing
}
System.exit(0);
}
}

@ -1,87 +0,0 @@
/*
* Tencent is pleased to support the open source community by making spring-cloud-tencent available.
*
* Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved.
*
* Licensed under the BSD 3-Clause License (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://opensource.org/licenses/BSD-3-Clause
*
* Unless required by applicable law or agreed to in writing, software distributed
* under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package com.tencent.cloud.plugin.protection;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.function.RouterFunction;
/**
* SecurityProtectionAutoConfiguration.
*
* @author Shedfree Wu
*/
@Configuration
public class SecurityProtectionAutoConfiguration {
private static final Logger LOGGER = LoggerFactory.getLogger(SecurityProtectionAutoConfiguration.class);
@Configuration
@ConditionalOnProperty(name = "spring.cloud.tencent.security.protection.servlet.enabled", matchIfMissing = true)
@ConditionalOnClass(name = {"org.springframework.web.servlet.function.RouterFunction"})
static class ServletProtectionConfiguration implements InitializingBean {
@Autowired(required = false)
List<RouterFunction> routerFunctions;
@Autowired
ApplicationContext applicationContext;
@Override
public void afterPropertiesSet() {
if (routerFunctions != null && !routerFunctions.isEmpty()) {
LOGGER.error("Detected the presence of webmvc RouterFunction-related beans, which may trigger the CVE-2024-38819 vulnerability. The program will soon exit.");
LOGGER.error("routerFunctions:{}: ", routerFunctions);
ExitUtils.exit(applicationContext);
}
}
}
@Configuration
@ConditionalOnProperty(name = "spring.cloud.tencent.security.protection.reactive.enabled", matchIfMissing = true)
@ConditionalOnClass(name = {"org.springframework.web.reactive.function.server.RouterFunction"})
static class ReactiveProtectionConfiguration implements InitializingBean {
@Autowired(required = false)
List<org.springframework.web.reactive.function.server.RouterFunction> routerFunctions;
@Autowired
ApplicationContext applicationContext;
@Override
public void afterPropertiesSet() {
if (routerFunctions != null && !routerFunctions.isEmpty()) {
LOGGER.error("Detected the presence of webflux RouterFunction-related beans, which may trigger the CVE-2024-38819 vulnerability. The program will soon exit.");
LOGGER.error("routerFunctions:{}: ", routerFunctions);
ExitUtils.exit(applicationContext);
}
}
}
}
Loading…
Cancel
Save