[dubbo] branch master updated: add visual-studio-code ignore (#6221)
This is an automated email from the ASF dual-hosted git repository. mercyblitz pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/dubbo.git The following commit(s) were added to refs/heads/master by this push: new 83afabe add visual-studio-code ignore (#6221) 83afabe is described below commit 83afabeda133a4cac2e4e0a55c8b4d69b2b9f4aa Author: oaoit AuthorDate: Tue Jun 2 11:32:12 2020 +0800 add visual-studio-code ignore (#6221) --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 15002c4..47be2ad 100644 --- a/.gitignore +++ b/.gitignore @@ -19,6 +19,9 @@ target/ *.iml *.iws +# visual-studio-code ignore +.vscode/ + # temp ignore *.log *.cache
[dubbo] branch master updated (0791c7c -> 6a45acb)
This is an automated email from the ASF dual-hosted git repository. mercyblitz pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/dubbo.git. from 0791c7c fix-6231 (#6253) add 6a45acb fix(registry-nacos):fix nacos service name associated with group name (#6227) No new revisions were added by this update. Summary of changes: .../org/apache/dubbo/registry/nacos/util/NacosNamingServiceUtils.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
[dubbo] branch 2.6.x updated: upgrade fastjson to 1.2.70 (#6255)
This is an automated email from the ASF dual-hosted git repository. mercyblitz pushed a commit to branch 2.6.x in repository https://gitbox.apache.org/repos/asf/dubbo.git The following commit(s) were added to refs/heads/2.6.x by this push: new 59320a9 upgrade fastjson to 1.2.70 (#6255) 59320a9 is described below commit 59320a9eeb6511407cf9cd4033f5d0621b60e94f Author: 祁晓波 AuthorDate: Mon Jun 1 17:50:20 2020 +0800 upgrade fastjson to 1.2.70 (#6255) https://help.aliyun.com/noticelist/articleid/1060343604.html?spm=a2c4g.789004748.n2.6.3f576141SGmGhG 漏洞描述 fastjson采用黑白名单的方法来防御反序列化漏洞,导致当黑客不断发掘新的反序列化Gadgets类时,在autoType关闭的情况下仍然可能可以绕过黑白名单防御机制,造成远程命令执行漏洞。经研究,该漏洞利用门槛较低,可绕过autoType限制,风险影响较大。阿里云应急响应中心提醒fastjson用户尽快采取安全措施阻止漏洞攻击。 影响版本 fastjson <=1.2.68 fastjson sec版本 <= sec9 安全版本 fastjson >=1.2.69 fastjson sec版本 >= sec10 --- dependencies-bom/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies-bom/pom.xml b/dependencies-bom/pom.xml index 39f45ec..50e78e2 100644 --- a/dependencies-bom/pom.xml +++ b/dependencies-bom/pom.xml @@ -94,7 +94,7 @@ 1.1.7 2.1.4 4.5.3 -1.2.67 +1.2.70 3.4.9 0.2 2.12.0
[dubbo] branch master updated: fix-6231 (#6253)
This is an automated email from the ASF dual-hosted git repository. mercyblitz pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/dubbo.git The following commit(s) were added to refs/heads/master by this push: new 0791c7c fix-6231 (#6253) 0791c7c is described below commit 0791c7c8e1e0c3e2e50f7fa67eadfe795dfee60d Author: kexianjun AuthorDate: Mon Jun 1 17:48:55 2020 +0800 fix-6231 (#6253) --- .../spring/beans/factory/annotation/ServiceClassPostProcessor.java| 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/beans/factory/annotation/ServiceClassPostProcessor.java b/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/beans/factory/annotation/ServiceClassPostProcessor.java index ed73be4..b1c9a30 100644 --- a/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/beans/factory/annotation/ServiceClassPostProcessor.java +++ b/dubbo-config/dubbo-config-spring/src/main/java/org/apache/dubbo/config/spring/beans/factory/annotation/ServiceClassPostProcessor.java @@ -68,7 +68,7 @@ import java.util.Map; import java.util.Objects; import java.util.Set; -import static com.alibaba.spring.util.AnnotatedBeanDefinitionRegistryUtils.registerBeans; +import static com.alibaba.spring.util.BeanRegistrar.registerInfrastructureBean; import static com.alibaba.spring.util.ObjectUtils.of; import static java.util.Arrays.asList; import static org.apache.dubbo.config.spring.beans.factory.annotation.ServiceBeanNameBuilder.create; @@ -126,7 +126,7 @@ public class ServiceClassPostProcessor implements BeanDefinitionRegistryPostProc public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException { // @since 2.7.5 -registerBeans(registry, DubboBootstrapApplicationListener.class); +registerInfrastructureBean(registry, DubboBootstrapApplicationListener.BEAN_NAME, DubboBootstrapApplicationListener.class); Set resolvedPackagesToScan = resolvePackagesToScan(packagesToScan);
[dubbo-go] branch develop updated (a06fbdb -> 4af26b9)
This is an automated email from the ASF dual-hosted git repository. joezou pushed a change to branch develop in repository https://gitbox.apache.org/repos/asf/dubbo-go.git. from a06fbdb Merge pull request #576 from watermelo/fix_file_name_in_metadata new 6f321a2 update the comments in metrics new 3cd5fab revert the import block new 4af26b9 Merge pull request #547 from williamfeng323/feature/metrics-comment-optimise The 2103 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: metrics/prometheus/reporter.go | 9 - metrics/reporter.go| 2 +- 2 files changed, 5 insertions(+), 6 deletions(-)
[dubbo] branch master updated: upgrade fastjson to 1.2.70 (#6254)
This is an automated email from the ASF dual-hosted git repository. wangxin pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/dubbo.git The following commit(s) were added to refs/heads/master by this push: new fbe4d7e upgrade fastjson to 1.2.70 (#6254) fbe4d7e is described below commit fbe4d7e3badf3a9ee7464a5a0e11459699fbbddd Author: 祁晓波 AuthorDate: Mon Jun 1 14:10:03 2020 +0800 upgrade fastjson to 1.2.70 (#6254) https://help.aliyun.com/noticelist/articleid/1060343604.html?spm=a2c4g.789004748.n2.6.3f576141SGmGhG 漏洞描述 fastjson采用黑白名单的方法来防御反序列化漏洞,导致当黑客不断发掘新的反序列化Gadgets类时,在autoType关闭的情况下仍然可能可以绕过黑白名单防御机制,造成远程命令执行漏洞。经研究,该漏洞利用门槛较低,可绕过autoType限制,风险影响较大。阿里云应急响应中心提醒fastjson用户尽快采取安全措施阻止漏洞攻击。 影响版本 fastjson <=1.2.68 fastjson sec版本 <= sec9 安全版本 fastjson >=1.2.69 fastjson sec版本 >= sec10 --- dubbo-dependencies-bom/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dubbo-dependencies-bom/pom.xml b/dubbo-dependencies-bom/pom.xml index 8c4215d..eae1bc8 100644 --- a/dubbo-dependencies-bom/pom.xml +++ b/dubbo-dependencies-bom/pom.xml @@ -97,7 +97,7 @@ 2.1.4 4.5.3 4.4.6 -1.2.68 +1.2.70 3.4.13 4.0.1 2.12.0