Thank you very much for your feedback. Let's see if it will affect our old version. Welcome everyone to discuss
| | Kirs | | 邮箱:[email protected] | Signature is customized by Netease Mail Master On 10/14/2020 09:41, zhuangchong6 wrote: https://github.com/apache/incubator-dolphinscheduler/issues/3788 --- 9月20日,VMware Tanzu发布安全公告,公布了一个存在于Spring Framework中的反射型文件下载(Reflected File Download,RFD)漏洞CVE-2020-5421。CVE-2020-5421 可通过jsessionid路径参数,绕过防御RFD攻击的保护。先前针对RFD的防护是为应对 CVE-2015-5211 添加的。 当前的1.3.2版本,使用的springboot版本还是2.1.3,建议升级版本到2.1.17
