done
Best Regards --------------- DolphinScheduler(Incubator) PPMC Lidong Dai 代立冬 [email protected] --------------- On Wed, Oct 14, 2020 at 8:05 PM CalvinKirs <[email protected]> wrote: > Thank you very much for your feedback. Let's see if it will affect our > old version. Welcome everyone to discuss > > > > > | | > Kirs > | > | > 邮箱:[email protected] > | > > Signature is customized by Netease Mail Master > > On 10/14/2020 09:41, zhuangchong6 wrote: > https://github.com/apache/incubator-dolphinscheduler/issues/3788 > > > --- > 9月20日,VMware Tanzu发布安全公告,公布了一个存在于Spring Framework中的反射型文件下载(Reflected File > Download,RFD)漏洞CVE-2020-5421。CVE-2020-5421 > 可通过jsessionid路径参数,绕过防御RFD攻击的保护。先前针对RFD的防护是为应对 CVE-2015-5211 添加的。 > 当前的1.3.2版本,使用的springboot版本还是2.1.3,建议升级版本到2.1.17
