[incubator-shenyu] branch master updated: upgrade apache dubbo due to security issues (#3265)

Mon, 18 Apr 2022 03:42:41 -0700 

This is an automated email from the ASF dual-hosted git repository.

xiaoyu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-shenyu.git


The following commit(s) were added to refs/heads/master by this push:
     new 993f86a3d upgrade apache dubbo due to security issues (#3265)
993f86a3d is described below

commit 993f86a3d180cf9b77a0885df0b6bd6464ab79ec
Author: PJ Fanning <[email protected]>
AuthorDate: Mon Apr 18 12:42:26 2022 +0200

    upgrade apache dubbo due to security issues (#3265)
    
    * upgrade apache dubbo due to security issues
    
    * add missing constants
    
    * Update ApacheDubboServiceBeanListener.java
---
 pom.xml                                                |  2 +-
 shenyu-bootstrap/pom.xml                               |  4 ++--
 .../shenyu-client-apache-dubbo/pom.xml                 |  2 +-
 .../apache/dubbo/ApacheDubboServiceBeanListener.java   | 18 ++++++++++++------
 .../pom.xml                                            |  2 +-
 .../shenyu-examples-apache-dubbo-service-xml/pom.xml   |  2 +-
 .../shenyu-examples-apache-dubbo-service/pom.xml       |  2 +-
 shenyu-integrated-test/pom.xml                         |  2 +-
 8 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/pom.xml b/pom.xml
index 7c99cc567..3d7b03faa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -94,7 +94,7 @@
         <kryo.version>4.0.0</kryo.version>
         <pagehelper.version>5.1.2</pagehelper.version>
         <alibaba.dubbo.version>2.6.5</alibaba.dubbo.version>
-        <apache.dubbo.version>2.7.8</apache.dubbo.version>
+        <apache.dubbo.version>2.7.15</apache.dubbo.version>
         <gson.version>2.8.0</gson.version>
         <okhttp.version>3.7.0</okhttp.version>
         <prometheus-java-client.version>0.10.0</prometheus-java-client.version>
diff --git a/shenyu-bootstrap/pom.xml b/shenyu-bootstrap/pom.xml
index 95411847e..1df8c578e 100644
--- a/shenyu-bootstrap/pom.xml
+++ b/shenyu-bootstrap/pom.xml
@@ -284,13 +284,13 @@
         <dependency>
             <groupId>org.apache.dubbo</groupId>
             <artifactId>dubbo</artifactId>
-            <version>2.7.5</version>
+            <version>2.7.15</version>
         </dependency>
         <!-- Dubbo Nacos registry dependency -->
       <!--  <dependency>
             <groupId>org.apache.dubbo</groupId>
             <artifactId>dubbo-registry-nacos</artifactId>
-            <version>2.7.5</version>
+            <version>2.7.15</version>
         </dependency>
         <dependency>
             <groupId>com.alibaba.nacos</groupId>
diff --git 
a/shenyu-client/shenyu-client-dubbo/shenyu-client-apache-dubbo/pom.xml 
b/shenyu-client/shenyu-client-dubbo/shenyu-client-apache-dubbo/pom.xml
index 07b1cb2c3..a30da96d2 100644
--- a/shenyu-client/shenyu-client-dubbo/shenyu-client-apache-dubbo/pom.xml
+++ b/shenyu-client/shenyu-client-dubbo/shenyu-client-apache-dubbo/pom.xml
@@ -26,7 +26,7 @@
     <artifactId>shenyu-client-apache-dubbo</artifactId>
 
     <properties>
-        <apache.dubbo.version>2.7.0</apache.dubbo.version>
+        <apache.dubbo.version>2.7.15</apache.dubbo.version>
     </properties>
     
     <dependencies>
diff --git 
a/shenyu-client/shenyu-client-dubbo/shenyu-client-apache-dubbo/src/main/java/org/apache/shenyu/client/apache/dubbo/ApacheDubboServiceBeanListener.java
 
b/shenyu-client/shenyu-client-dubbo/shenyu-client-apache-dubbo/src/main/java/org/apache/shenyu/client/apache/dubbo/ApacheDubboServiceBeanListener.java
index 389da5b3a..f520cf05a 100644
--- 
a/shenyu-client/shenyu-client-dubbo/shenyu-client-apache-dubbo/src/main/java/org/apache/shenyu/client/apache/dubbo/ApacheDubboServiceBeanListener.java
+++ 
b/shenyu-client/shenyu-client-dubbo/shenyu-client-apache-dubbo/src/main/java/org/apache/shenyu/client/apache/dubbo/ApacheDubboServiceBeanListener.java
@@ -19,7 +19,7 @@ package org.apache.shenyu.client.apache.dubbo;
 
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.dubbo.common.Constants;
+import org.apache.dubbo.common.constants.CommonConstants;
 import org.apache.dubbo.config.spring.ServiceBean;
 import org.apache.shenyu.client.core.constant.ShenyuClientConstants;
 import 
org.apache.shenyu.client.core.disruptor.ShenyuClientRegisterEventPublisher;
@@ -48,12 +48,18 @@ import java.util.concurrent.Executors;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.stream.Collectors;
 
+import static org.apache.dubbo.remoting.Constants.DEFAULT_CONNECT_TIMEOUT;
+
 /**
  * The Apache Dubbo ServiceBean Listener.
  */
 @SuppressWarnings("all")
 public class ApacheDubboServiceBeanListener implements 
ApplicationListener<ContextRefreshedEvent> {
 
+    private static final String DEFAULT_CLUSTER = "failover";
+
+    private static final Boolean DEFAULT_SENT = Boolean.FALSE;
+
     private ShenyuClientRegisterEventPublisher publisher = 
ShenyuClientRegisterEventPublisher.getInstance();
 
     private final AtomicBoolean registered = new AtomicBoolean(false);
@@ -162,11 +168,11 @@ public class ApacheDubboServiceBeanListener implements 
ApplicationListener<Conte
         DubboRpcExt build = DubboRpcExt.builder()
                 .group(StringUtils.isNotEmpty(serviceBean.getGroup()) ? 
serviceBean.getGroup() : "")
                 .version(StringUtils.isNotEmpty(serviceBean.getVersion()) ? 
serviceBean.getVersion() : "")
-                
.loadbalance(StringUtils.isNotEmpty(serviceBean.getLoadbalance()) ? 
serviceBean.getLoadbalance() : Constants.DEFAULT_LOADBALANCE)
-                .retries(Objects.isNull(serviceBean.getRetries()) ? 
Constants.DEFAULT_RETRIES : serviceBean.getRetries())
-                .timeout(Objects.isNull(serviceBean.getTimeout()) ? 
Constants.DEFAULT_CONNECT_TIMEOUT : serviceBean.getTimeout())
-                .sent(Objects.isNull(serviceBean.getSent()) ? 
Constants.DEFAULT_SENT : serviceBean.getSent())
-                .cluster(StringUtils.isNotEmpty(serviceBean.getCluster()) ? 
serviceBean.getCluster() : Constants.DEFAULT_CLUSTER)
+                
.loadbalance(StringUtils.isNotEmpty(serviceBean.getLoadbalance()) ? 
serviceBean.getLoadbalance() : CommonConstants.DEFAULT_LOADBALANCE)
+                .retries(Objects.isNull(serviceBean.getRetries()) ? 
CommonConstants.DEFAULT_RETRIES : serviceBean.getRetries())
+                .timeout(Objects.isNull(serviceBean.getTimeout()) ? 
DEFAULT_CONNECT_TIMEOUT : serviceBean.getTimeout())
+                .sent(Objects.isNull(serviceBean.getSent()) ? DEFAULT_SENT : 
serviceBean.getSent())
+                .cluster(StringUtils.isNotEmpty(serviceBean.getCluster()) ? 
serviceBean.getCluster() : DEFAULT_CLUSTER)
                 .url("")
                 .build();
         return GsonUtils.getInstance().toJson(build);
diff --git 
a/shenyu-examples/shenyu-examples-dubbo/shenyu-examples-apache-dubbo-service-annotation/pom.xml
 
b/shenyu-examples/shenyu-examples-dubbo/shenyu-examples-apache-dubbo-service-annotation/pom.xml
index 2ca655cf9..c4c3e66f4 100644
--- 
a/shenyu-examples/shenyu-examples-dubbo/shenyu-examples-apache-dubbo-service-annotation/pom.xml
+++ 
b/shenyu-examples/shenyu-examples-dubbo/shenyu-examples-apache-dubbo-service-annotation/pom.xml
@@ -30,7 +30,7 @@
     <properties>
         <curator.version>4.0.1</curator.version>
         <nacos-client.version>1.1.4</nacos-client.version>
-        <apache.dubbo.version>2.7.5</apache.dubbo.version>
+        <apache.dubbo.version>2.7.15</apache.dubbo.version>
         <zookeeper.version>3.4.6</zookeeper.version>
     </properties>
 
diff --git 
a/shenyu-examples/shenyu-examples-dubbo/shenyu-examples-apache-dubbo-service-xml/pom.xml
 
b/shenyu-examples/shenyu-examples-dubbo/shenyu-examples-apache-dubbo-service-xml/pom.xml
index 78f09be05..b94066a4e 100644
--- 
a/shenyu-examples/shenyu-examples-dubbo/shenyu-examples-apache-dubbo-service-xml/pom.xml
+++ 
b/shenyu-examples/shenyu-examples-dubbo/shenyu-examples-apache-dubbo-service-xml/pom.xml
@@ -29,7 +29,7 @@
     <properties>
         <curator.version>4.0.1</curator.version>
         <nacos-client.version>1.1.4</nacos-client.version>
-        <apache.dubbo.version>2.7.5</apache.dubbo.version>
+        <apache.dubbo.version>2.7.15</apache.dubbo.version>
         <zookeeper.version>3.4.6</zookeeper.version>
     </properties>
 
diff --git 
a/shenyu-examples/shenyu-examples-dubbo/shenyu-examples-apache-dubbo-service/pom.xml
 
b/shenyu-examples/shenyu-examples-dubbo/shenyu-examples-apache-dubbo-service/pom.xml
index fe21ab9cf..bb4db19c0 100644
--- 
a/shenyu-examples/shenyu-examples-dubbo/shenyu-examples-apache-dubbo-service/pom.xml
+++ 
b/shenyu-examples/shenyu-examples-dubbo/shenyu-examples-apache-dubbo-service/pom.xml
@@ -30,7 +30,7 @@
     <properties>
         <curator.version>4.0.1</curator.version>
         <nacos-client.version>1.1.4</nacos-client.version>
-        <apache.dubbo.version>2.7.5</apache.dubbo.version>
+        <apache.dubbo.version>2.7.15</apache.dubbo.version>
         <zookeeper.version>3.4.6</zookeeper.version>
     </properties>
 
diff --git a/shenyu-integrated-test/pom.xml b/shenyu-integrated-test/pom.xml
index 0a9b8728d..268af851b 100644
--- a/shenyu-integrated-test/pom.xml
+++ b/shenyu-integrated-test/pom.xml
@@ -55,7 +55,7 @@
         <tars-client.version>1.7.2</tars-client.version>
         <sofa-rpc-all.version>5.7.6</sofa-rpc-all.version>
         <curator.version>4.0.1</curator.version>
-        <apache.dubbo.version>2.7.5</apache.dubbo.version>
+        <apache.dubbo.version>2.7.15</apache.dubbo.version>
     </properties>
 
     <dependencies>

Reply via email to