zhuangchong opened a new pull request #3882:
URL: https://github.com/apache/incubator-dolphinscheduler/pull/3882
## What is the purpose of the pull request
#3788
9月20日,VMware Tanzu发布安全公告,公布了一个存在于Spring Framework中的反射型文件下载(Reflected File
Download,RFD)漏洞CVE-2020-5421。CVE-2020-5421
可通过jsessionid路径参数,绕过防御RFD攻击的保护。先前针对RFD的防护是为应对 CVE-2015-5211 添加的。
使用的springboot版本还是2.1.3,建议升级版本到2.1.17
## Brief change log
pom.xml update version spring,spring boot
## Verify this pull request
This change added tests and can be verified as follows:
- *Manually verified the change by testing locally.*
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
