Vulnerability fixing experience in SpringBoot projects
illustrate
The development environment belongs to the local area network environment and is not connected to the external network.
Causes you to encounter various version dependencies when downloading maven packages
The best way is to build a same development environment in the external network environment, so that maven packages can be updated.
The vulnerabilities involved in this vulnerability scan include
Tomcat, jackson-databind, fastjson, logback, etc., the common solutions are all through upgraded versions.
1. Tomcat version upgrade
(1) Check the current Tomcat version, which can be seen through the project startup log; another method is to check the Tomcat version through dependencies in Maven in the navigation bar on the right of the idea editor.
(2) Update the spring-boot-starter-parent version in the parent file, where the Tomcat version corresponding to the spring-boot-starter-parent version can be searched in the maven resource library to get /.
2. Jackson-databind version upgrade
(1) Check the current version of jackson-databind, you can check the jackson-databind version through dependencies in Maven in the navigation bar on the right of the idea editor.
(2) Add in the parent
<properties>
<>${What is requiredjacksonVersion}</>
</properties>3. Fastjson version upgrade
(1) This upgrade is relatively simple. Find the corresponding fastjson dependency in it and modify the version.
4. Logback version upgrade
(1) The vulnerability of HIDS scanning shows that there is a problem with the logback-classic version, so you only need to upgrade the logback-classic version.
(2) Add content to the file as follows:
<dependency>
<groupId></groupId>
<artifactId>logback-classic</artifactId>
<version>${Required version number}</version>
</dependency>Summarize
The above is personal experience. I hope you can give you a reference and I hope you can support me more.