diff --git a/src/backend/build.gradle b/src/backend/build.gradle
index 453bb86898..ea55721f5c 100644
--- a/src/backend/build.gradle
+++ b/src/backend/build.gradle
@@ -27,7 +27,7 @@ import com.dorongold.gradle.tasktree.TaskTreePlugin
buildscript {
ext {
set('springDependencyManagePluginVersion', "1.0.11.RELEASE")
- set("springBootVersion", "2.6.13")
+ set("springBootVersion", "2.7.11")
set("gradleJooqVersion", "3.0.0")
}
@@ -68,7 +68,7 @@ buildscript {
plugins {
id "java-library"
id "io.spring.dependency-management" version '1.0.11.RELEASE' apply false
- id 'org.springframework.boot' version '2.6.13' apply false
+ id 'org.springframework.boot' version '2.7.11' apply false
id "idea"
id 'nu.studer.jooq' version '3.0.0'
}
@@ -82,7 +82,7 @@ ext {
set("springVersion", "5.3.25")
// https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-dependencies
- set("springBootVersion", "2.6.13")
+ set("springBootVersion", "2.7.11")
// https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-dependencies
set('springCloudVersion', "2021.0.5")
set('springCloudOtelVersion', "1.1.3")
@@ -94,7 +94,8 @@ ext {
set('jacksonVersion', "2.13.5")
set('jaxrsVersion', "2.0")
// https://mvnrepository.com/artifact/ch.qos.logback/logback-core
- set('logbackVersion', "1.2.10")
+ // Fix CVE-2023-6378 1.2.11->1.2.13
+ set('logbackVersion', "1.2.13")
// https://mvnrepository.com/artifact/org.slf4j/slf4j-api
set('slf4jVersion', "1.7.30")
set('servletVersion', "3.0.1")
@@ -118,13 +119,14 @@ ext {
// https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient
set('apacheHttpClientVersion', "4.5.13")
set('apacheThriftVersion', "0.15.0")
- set('commonsIOVersion', "2.6")
+ // Fix CVE-2024-47554 CVE-2021-29425 2.6->2.14.0
+ set('commonsIOVersion', "2.14.0")
set('javaxServletVersion', "4.0.1")
- set('guavaVersion', "28.2-jre")
+ // Fix CVE-2023-2976 CVE-2020-8908 28.2-jre->32.0.0-android
+ set('guavaVersion', "32.0.0-android")
set('caffeineVersion', "2.9.3")
set('jjwtVersion', "0.9.1")
set('hibernateValidatorVersion', "6.1.4.Final")
- set('micrometerPrometheusVersion', "1.5.1")
set('flapdoodleEmbeddedMongdbDBVersion', "4.4.0")
set('jodaTimeVersion', "2.10.5")
set('bcprovVersion', "1.70")
@@ -137,8 +139,6 @@ ext {
set('kubernetesJavaClientVersion', "11.0.4")
set('springCloudKubernetesVersion', "2.0.6")
set('cryptoJavaSDKVersion', "1.1.3")
- // Fix CVE-2023-44487
- set('tomcat.version', "9.0.90")
// Fix CVE-2019-10086,CVE-2014-0114
set('commonsBeanutilsVersion', "1.9.4")
if (System.getProperty("bkjobVersion")) {
@@ -153,8 +153,32 @@ ext {
set('embeddedRedisVersion', "0.6")
set('openai4jVersion', "0.18.0")
set('shardingJdbcVersion', "5.4.1")
- set('snakeyamlVersion', "1.33")
set('bkDevOpsLeafVersion', "1.0.2-RELEASE")
+ // Fix CVE-2023-44981,CVE-2024-23944 3.7.1->3.8.4
+ set('zookeeperVersion', "3.8.4")
+ // Fix CVE-2023-3635 2.8.0->3.4.0
+ set('okioVersion', "3.4.0")
+ // Fix CVE-2023-34062 1.0.24->1.0.39
+ set('reactorNettyHttpVersion', "1.0.39")
+ set('reactorNettyCoreVersion', "1.0.39")
+ // Fix CVE-2023-44487 4.1.84.Final->4.1.100.Final
+ set('nettyCodecHttp2Version', "4.1.100.Final")
+ // Fix CVE-2024-38809 CVE-2024-22262 CVE-2024-22259 CVE-2024-22243 5.3.23->5.3.39
+ set('springWebVersion', "5.3.39")
+ // Fix CVE-2021-0341 4.9.1->4.9.2
+ set('okHttpVersion', "4.9.2")
+ // Fix CVE-2023-46120 5.13.1->5.18.0
+ set('amqpClientVersion', "5.18.0")
+ // Fix CVE-2023-4759 5.13.1.202206130422-r->6.6.1.202309021850-r
+ set('jgitVersion', "6.6.1.202309021850-r")
+
+ // 使用Spring Boot内置的版本号变量,不采用驼峰命名,保持与官方BOM文件一致
+ // Fix CVE-2023-22102 8.0.33->8.2.0
+ set('mysql.version', "8.2.0")
+ // Fix CVE-2023-44487, CVE-2024-52316
+ set('tomcat.version', "9.0.96")
+ // Fix CVE-2022-41854 CVE-2022-38752 CVE-2022-38751 CVE-2022-38749 CVE-2022-25857 CVE-2022-1471 1.29->1.33
+ set('snakeyaml.version', "2.0")
}
group "com.tencent.bk.job"
@@ -313,7 +337,6 @@ subprojects {
dependency "com.github.ben-manes.caffeine:caffeine:$caffeineVersion"
dependency group: 'io.jsonwebtoken', name: 'jjwt', version: "$jjwtVersion"
dependency "net.sourceforge.jchardet:jchardet:1.0"
- dependency "io.micrometer:micrometer-registry-prometheus:$micrometerPrometheusVersion"
dependency "de.flapdoodle.embed:de.flapdoodle.embed.mongo.spring26x:$flapdoodleEmbeddedMongdbDBVersion"
dependency "de.flapdoodle.embed:de.flapdoodle.embed.mongo:$flapdoodleEmbeddedMongdbDBVersion"
dependency "joda-time:joda-time:$jodaTimeVersion"
@@ -352,8 +375,16 @@ subprojects {
dependency "com.github.kstyrc:embedded-redis:$embeddedRedisVersion"
dependency "dev.ai4j:openai4j:$openai4jVersion"
dependency "org.apache.shardingsphere:shardingsphere-jdbc-core:$shardingJdbcVersion"
- dependency "org.yaml:snakeyaml:$snakeyamlVersion"
dependency "com.tencent.devops.leaf:leaf-boot-starter:$bkDevOpsLeafVersion"
+ dependency "org.apache.zookeeper:zookeeper:$zookeeperVersion"
+ dependency "com.squareup.okio:okio:$okioVersion"
+ dependency "io.projectreactor.netty:reactor-netty-http:$reactorNettyHttpVersion"
+ dependency "io.projectreactor.netty:reactor-netty-core:$reactorNettyCoreVersion"
+ dependency "io.netty:netty-codec-http2:$nettyCodecHttp2Version"
+ dependency "org.springframework:spring-web:$springWebVersion"
+ dependency "com.squareup.okhttp3:okhttp:$okHttpVersion"
+ dependency "com.rabbitmq:amqp-client:$amqpClientVersion"
+ dependency "org.eclipse.jgit:org.eclipse.jgit:$jgitVersion"
}
}
dependencies {
diff --git a/src/backend/commons/common-mysql-sharding/leaf_gen_jooq.gradle b/src/backend/commons/common-mysql-sharding/leaf_gen_jooq.gradle
index d79c2dbbe1..6ac30f1e32 100644
--- a/src/backend/commons/common-mysql-sharding/leaf_gen_jooq.gradle
+++ b/src/backend/commons/common-mysql-sharding/leaf_gen_jooq.gradle
@@ -25,7 +25,7 @@ apply plugin: 'nu.studer.jooq'
dependencies {
api "org.jooq:jooq"
- jooqRuntime "mysql:mysql-connector-java"
+ jooqRuntime "com.mysql:mysql-connector-j"
}
def databaseName = "job_leaf"
diff --git a/src/backend/commons/common-service/src/test/java/FeatureToggleTest.java b/src/backend/commons/common-service/src/test/java/FeatureToggleTest.java
index 97029e6495..16bdc4cdba 100644
--- a/src/backend/commons/common-service/src/test/java/FeatureToggleTest.java
+++ b/src/backend/commons/common-service/src/test/java/FeatureToggleTest.java
@@ -40,6 +40,7 @@
import org.junit.jupiter.api.Test;
import org.mockito.MockedStatic;
import org.mockito.Mockito;
+import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;
@@ -54,7 +55,8 @@ class FeatureToggleTest {
@BeforeAll
static void beforeAll() {
- Yaml yaml = new Yaml(new Constructor(FeatureToggleProperties.class));
+ Constructor constructor = new Constructor(FeatureToggleProperties.class, new LoaderOptions());
+ Yaml yaml = new Yaml(constructor);
InputStream inputStream = FeatureToggleTest.class.getClassLoader()
.getResourceAsStream("features_1.yaml");
FeatureToggleProperties featureToggleProperties = yaml.load(inputStream);
diff --git a/src/backend/job-analysis/boot-job-analysis/build.gradle b/src/backend/job-analysis/boot-job-analysis/build.gradle
index 2f2e65f57a..8b75387720 100644
--- a/src/backend/job-analysis/boot-job-analysis/build.gradle
+++ b/src/backend/job-analysis/boot-job-analysis/build.gradle
@@ -32,7 +32,7 @@ dependencies {
implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap'
implementation 'org.springframework:spring-webmvc'
implementation(group: 'org.springframework.boot', name: 'spring-boot-starter-data-redis')
- runtimeOnly('mysql:mysql-connector-java')
+ runtimeOnly('com.mysql:mysql-connector-j')
testImplementation("com.h2database:h2")
}
diff --git a/src/backend/job-assemble/build.gradle b/src/backend/job-assemble/build.gradle
index 80183d6905..72f42b1ffc 100644
--- a/src/backend/job-assemble/build.gradle
+++ b/src/backend/job-assemble/build.gradle
@@ -40,7 +40,7 @@ dependencies {
implementation project(":job-analysis:service-job-analysis")
implementation 'org.springframework.boot:spring-boot-starter-jdbc'
implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap'
- runtimeOnly 'mysql:mysql-connector-java'
+ runtimeOnly 'com.mysql:mysql-connector-j'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'org.junit.jupiter:junit-jupiter'
diff --git a/src/backend/job-backup/boot-job-backup/build.gradle b/src/backend/job-backup/boot-job-backup/build.gradle
index 054e3e1233..4b2e6c7189 100644
--- a/src/backend/job-backup/boot-job-backup/build.gradle
+++ b/src/backend/job-backup/boot-job-backup/build.gradle
@@ -32,7 +32,7 @@ dependencies {
implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap'
implementation 'org.springframework:spring-webmvc'
implementation(group: 'org.springframework.boot', name: 'spring-boot-starter-data-redis')
- runtimeOnly('mysql:mysql-connector-java')
+ runtimeOnly('com.mysql:mysql-connector-j')
testImplementation("com.h2database:h2")
}
diff --git a/src/backend/job-crontab/boot-job-crontab/build.gradle b/src/backend/job-crontab/boot-job-crontab/build.gradle
index 57b7f9a824..482181cb06 100644
--- a/src/backend/job-crontab/boot-job-crontab/build.gradle
+++ b/src/backend/job-crontab/boot-job-crontab/build.gradle
@@ -32,7 +32,7 @@ dependencies {
implementation(group: 'org.springframework.boot', name: 'spring-boot-starter-data-redis')
implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap'
implementation 'org.springframework:spring-webmvc'
- runtimeOnly 'mysql:mysql-connector-java'
+ runtimeOnly 'com.mysql:mysql-connector-j'
testImplementation("com.h2database:h2")
}
diff --git a/src/backend/job-execute/boot-job-execute/build.gradle b/src/backend/job-execute/boot-job-execute/build.gradle
index 33419ab984..17f84ee1a5 100644
--- a/src/backend/job-execute/boot-job-execute/build.gradle
+++ b/src/backend/job-execute/boot-job-execute/build.gradle
@@ -28,7 +28,7 @@ dependencies {
api project(":commons:common-i18n")
implementation 'org.springframework.boot:spring-boot-starter-jdbc'
implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap'
- runtimeOnly 'mysql:mysql-connector-java'
+ runtimeOnly 'com.mysql:mysql-connector-j'
testImplementation("com.h2database:h2")
}
diff --git a/src/backend/job-file-gateway/boot-job-file-gateway/build.gradle b/src/backend/job-file-gateway/boot-job-file-gateway/build.gradle
index 5e68063241..1f5cd5045b 100644
--- a/src/backend/job-file-gateway/boot-job-file-gateway/build.gradle
+++ b/src/backend/job-file-gateway/boot-job-file-gateway/build.gradle
@@ -31,7 +31,7 @@ dependencies {
implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap'
implementation 'org.springframework:spring-webmvc'
implementation(group: 'org.springframework.boot', name: 'spring-boot-starter-data-redis')
- runtimeOnly('mysql:mysql-connector-java')
+ runtimeOnly('com.mysql:mysql-connector-j')
}
springBoot {
getMainClass().set("com.tencent.bk.job.file_gateway.JobFileGatewayBootApplication")
diff --git a/src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/model/migration/BkPlatformInfo.java b/src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/model/migration/BkPlatformInfo.java
index 2c0566d465..1c6e85fb38 100644
--- a/src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/model/migration/BkPlatformInfo.java
+++ b/src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/model/migration/BkPlatformInfo.java
@@ -44,8 +44,8 @@ public class BkPlatformInfo {
@JsonProperty("appLogo")
private String appLogo = "/static/images/logo.png";
- @JsonProperty("favIcon")
- private String favIcon = "/static/images/favicon.icon";
+ @JsonProperty("favicon")
+ private String favicon = "/static/images/favicon.icon";
@JsonProperty("helperText")
private String helperText = "联系BK助手";
diff --git a/src/backend/job-manage/boot-job-manage/build.gradle b/src/backend/job-manage/boot-job-manage/build.gradle
index 914ef17644..5105e496cd 100644
--- a/src/backend/job-manage/boot-job-manage/build.gradle
+++ b/src/backend/job-manage/boot-job-manage/build.gradle
@@ -32,7 +32,7 @@ dependencies {
implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap'
implementation 'org.springframework:spring-webmvc'
implementation(group: 'org.springframework.boot', name: 'spring-boot-starter-data-redis')
- runtimeOnly('mysql:mysql-connector-java')
+ runtimeOnly('com.mysql:mysql-connector-j')
testImplementation("com.h2database:h2")
}
diff --git a/src/backend/task_gen_jooq.gradle b/src/backend/task_gen_jooq.gradle
index bf29ad52db..76d42daf0d 100644
--- a/src/backend/task_gen_jooq.gradle
+++ b/src/backend/task_gen_jooq.gradle
@@ -25,7 +25,7 @@ apply plugin: 'nu.studer.jooq'
dependencies {
api "org.jooq:jooq"
- jooqRuntime "mysql:mysql-connector-java"
+ jooqRuntime "com.mysql:mysql-connector-j"
}
def nameArr = name.split('-')
diff --git a/src/backend/task_job_package.gradle b/src/backend/task_job_package.gradle
index 26a7bc3e10..c5e00103ad 100644
--- a/src/backend/task_job_package.gradle
+++ b/src/backend/task_job_package.gradle
@@ -79,7 +79,7 @@ task postProcessRelease(type: GenCompleteDependJarListAndRemoveInfectedJarsTask)
remove "logback-classic-.*jar"
remove "logback-core-.*jar"
remove "mchange-commons-java-.*jar"
- remove "mysql-connector-java-.*jar"
+ remove "com.mysql:mysql-connector-j-.*jar"
remove "org.eclipse.jgit-.*jar"
remove "org.eclipse.jgit.http.apache-.*jar"
remove "reactive-streams-.*jar"
diff --git a/src/frontend/index-dev.html b/src/frontend/index-dev.html
index 65f2af9bd0..612073835b 100644
--- a/src/frontend/index-dev.html
+++ b/src/frontend/index-dev.html
@@ -28,11 +28,6 @@
-
-
loading...
diff --git a/src/frontend/index.html b/src/frontend/index.html
index 11c121f3b1..25d538b73d 100644
--- a/src/frontend/index.html
+++ b/src/frontend/index.html
@@ -28,12 +28,6 @@
-
-
loading...
diff --git a/src/frontend/src/App.vue b/src/frontend/src/App.vue
index 80e6bffcc8..fc10c02be0 100644
--- a/src/frontend/src/App.vue
+++ b/src/frontend/src/App.vue
@@ -256,7 +256,7 @@
});
setDocumentTitle(this.$store.state.platformConfig.i18n, routeMatchStack);
- setShortcutIcon(this.$store.state.platformConfig.favIcon);
+ setShortcutIcon(this.$store.state.platformConfig.favicon);
},
/**
* @desc 切换语言
diff --git a/src/frontend/src/store/modules/platform-config.js b/src/frontend/src/store/modules/platform-config.js
index dc15bfac2a..bce1f4c6f6 100644
--- a/src/frontend/src/store/modules/platform-config.js
+++ b/src/frontend/src/store/modules/platform-config.js
@@ -39,7 +39,6 @@ export default {
brandImg: '',
brandImgEn: '',
brandName: '', // 品牌名,会用于拼接在站点名称后面显示在网页title中
- favIcon: '',
brandNameEn: '', // 品牌名-英文
footerInfo: '', // 页脚的内容,仅支持 a 的 markdown 内容格式
footerInfoEn: '', // 页脚的内容-英文
diff --git a/support-files/dependJarInfo/md5List.txt b/support-files/dependJarInfo/md5List.txt
index 32229a38ab..2784043b23 100644
--- a/support-files/dependJarInfo/md5List.txt
+++ b/support-files/dependJarInfo/md5List.txt
@@ -1,4 +1,4 @@
-d398009d58dc7158787121d0e19a1b3c
+6f314f6a68d3d9748d496ec47b155f13
a77a4f0e9645fb5e17fb17f8b1c7cc1b
5725bdda5da45c1a62c385dcb77c7fed
a4d97c5a2f94b8b5d132761a769e5eeb
@@ -98,15 +98,15 @@ ea1e4457c0b7197df6e69cde35d2b352
d094c22570d65e132c19cea5d352e381
236b9969df6b394e88283a9f813b9b95
bafb53f0385a82d4f9c1145917908736
-64f7a68f931aed8e5ad8243470440f0b
-841fc80c6edff60d947a3872a2db4d45
+fc49f9a98304889b228adbbd7288ae43
+25736944b46d10756764364afcb455fc
badce92967671a310b5356f009ea57b2
97c4575d9d49d9afb71492e6bb4417da
190f0fcbde700574c56bf127ac32d2ad
f9092388f452855f4f41d9a294f9f4e9
d1a6c1d2717ace5be9fc4c7c889d2159
4c11f98e756dc607d6aad28469d612b1
-fdf55dcef04b09f2eaf42b75e61ccc9a
+a331817ab5c572777e25539a70b51bb6
583a5b0db40c45508feefd900c9513f1
739701e8e7cd9a1a37c6e2b215b6e13a
adefee7023c7df6aa3ce1c991be1cc81
@@ -123,8 +123,8 @@ b851ccee6b416361992d43f861fa3306
63e24bf59ed6cb64eb62e8cd0e495a6c
1a5d6d1073dd2f5d026852dea49e23d4
848917322d5b4e121e53cc512d01a2f4
-84aeabf86d2950a53e33ae331870bed1
-0e0a533627085c406ac7eb57a4b22632
+5081e9662b2e83dc9ee89c5214522a48
+c9b7ceabcfc3cfca14709667dd8ec121
c4ceefed77d79affded2a1302e74606d
d7299dbaec0e0ed7af281b07cc40c8c1
69122b098fff1c6b1bf2cd3b355e7e03
diff --git a/support-files/dependJarInfo/nameList.txt b/support-files/dependJarInfo/nameList.txt
index 54b20bbf13..3a00912a65 100644
--- a/support-files/dependJarInfo/nameList.txt
+++ b/support-files/dependJarInfo/nameList.txt
@@ -106,7 +106,7 @@ micrometer-core
micrometer-registry-prometheus
mongodb-driver-core
mongodb-driver-sync
-mysql-connector-java
+mysql-connector-j
netflix-commons-util
netflix-statistics
netty-buffer
diff --git a/support-files/dependJarInfo/versionList.txt b/support-files/dependJarInfo/versionList.txt
index a2c45ca855..8f62acf36d 100644
--- a/support-files/dependJarInfo/versionList.txt
+++ b/support-files/dependJarInfo/versionList.txt
@@ -1,4 +1,4 @@
-5.13.1
+5.18.0
0.7.6
1.9.7
1.9.7
@@ -98,15 +98,15 @@
9999.0-empty-to-avoid-conflict-with-guava
2.13.3
2.13.3
-1.2.10
-1.2.10
+1.2.13
+1.2.13
1.2.0.Final
0.2.15
1.5.5
1.5.1
4.0.5
4.0.5
-8.0.25
+8.2.0
0.3.0
0.1.1
4.1.52.Final
@@ -123,8 +123,8 @@
4.1.52.Final
1.1.0
1.1.3
-5.13.1.202206130422-r
-5.13.1.202206130422-r
+6.6.1.202309021850-r
+6.6.1.202309021850-r
3.11.4
2.3.2
1.0.4