123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233 |
- <?xml version="1.0" encoding="UTF-8"?>
- <project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <parent>
- <artifactId>ruoyi</artifactId>
- <groupId>com.ruoyi</groupId>
- <version>3.8.7</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <artifactId>ruoyi-common</artifactId>
- <description>
- common通用工具
- </description>
- <dependencies>
- <!-- swagger3 -->
- <dependency>
- <groupId>io.springfox</groupId>
- <artifactId>springfox-boot-starter</artifactId>
- </dependency>
- <!-- 防止进入swagger页面报类型转换错误,排除3.0.0中的引用,手动增加1.6.2版本 -->
- <dependency>
- <groupId>io.swagger</groupId>
- <artifactId>swagger-models</artifactId>
- <version>1.6.2</version>
- </dependency>
- <!-- mybatis plus-->
- <dependency>
- <groupId>com.baomidou</groupId>
- <artifactId>mybatis-plus-boot-starter</artifactId>
- <version>3.5.1</version>
- </dependency>
- <!-- Spring框架基本的核心工具 -->
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-context-support</artifactId>
- </dependency>
- <!-- SpringWeb模块 -->
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-web</artifactId>
- </dependency>
- <!--
- Spring Boot 2.5.15的内置版本
- <spring-security.version>5.5.8</spring-security.version>
- 强制修改依赖版本为:5.7.12
- 存在漏洞的JAR包:spring-security-core-5.5.8.jar
- 漏洞说明:Spring Security存在安全漏洞,在处理Authentication参数时没有对null值进行检查。当应用程序直接使用AuthenticatedVoter#vote方法,传入null作为认证参数时会错误地返回true值。攻击者可利用该漏洞绕过身份验证,进行提权或窃取系统敏感信息。
- 安全版本: Spring Security 5.7.12、5.8.11、6.0.10、6.1.8、6.2.3 及以上版本,下载地址:https://github.com/spring-projects/spring-security/releases
- -->
- <!-- spring security 安全认证-->
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
- <version>2.5.15</version>
- <exclusions>
- <exclusion>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-config</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-core</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-crypto</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-web</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-config</artifactId>
- <version>5.7.12</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-core</artifactId>
- <version>5.7.12</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-crypto</artifactId>
- <version>5.7.12</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-web</artifactId>
- <version>5.7.12</version>
- <scope>compile</scope>
- </dependency>
- <!-- pagehelper 分页插件 -->
- <dependency>
- <groupId>com.github.pagehelper</groupId>
- <artifactId>pagehelper-spring-boot-starter</artifactId>
- </dependency>
- <!-- 自定义验证注解 -->
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-validation</artifactId>
- </dependency>
- <!--常用工具类 -->
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-lang3</artifactId>
- </dependency>
- <!-- JSON工具类 -->
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-databind</artifactId>
- <!--<version>2.15.2</version>
- <version>2.13.1</version>
- -->
- </dependency>
- <!-- 动态数据源 -->
- <dependency>
- <groupId>com.baomidou</groupId>
- <artifactId>dynamic-datasource-spring-boot-starter</artifactId>
- <version>3.5.2</version>
- </dependency>
- <!-- 阿里JSON解析器 -->
- <dependency>
- <groupId>com.alibaba.fastjson2</groupId>
- <artifactId>fastjson2</artifactId>
- </dependency>
- <!-- io常用工具类 -->
- <dependency>
- <groupId>commons-io</groupId>
- <artifactId>commons-io</artifactId>
- </dependency>
- <!-- excel工具 -->
- <dependency>
- <groupId>org.apache.poi</groupId>
- <artifactId>poi-ooxml</artifactId>
- </dependency>
- <!--
- yml解析器
- 漏洞修复,安全版本2.0及以上:https://mvnrepository.com/artifact/org.yaml/snakeyaml
- -->
- <dependency>
- <groupId>org.yaml</groupId>
- <artifactId>snakeyaml</artifactId>
- <version>2.0</version>
- <!--<snakeyaml.version>2.0</snakeyaml.version>-->
- </dependency>
- <!-- Token生成与解析-->
- <dependency>
- <groupId>io.jsonwebtoken</groupId>
- <artifactId>jjwt</artifactId>
- </dependency>
- <!-- Jaxb -->
- <dependency>
- <groupId>javax.xml.bind</groupId>
- <artifactId>jaxb-api</artifactId>
- </dependency>
- <!-- redis 缓存操作 -->
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-data-redis</artifactId>
- </dependency>
- <!-- pool 对象池 -->
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-pool2</artifactId>
- </dependency>
- <!-- 解析客户端操作系统、浏览器等 -->
- <dependency>
- <groupId>eu.bitwalker</groupId>
- <artifactId>UserAgentUtils</artifactId>
- </dependency>
- <!-- servlet包 -->
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
- </dependency>
- <!--lombok表达式自动生成 Get Set方法-->
- <dependency>
- <groupId>org.projectlombok</groupId>
- <artifactId>lombok</artifactId>
- </dependency>
- <!--
- 甲方工业互联网平台CAS依赖包
- -->
- <dependency>
- <groupId>net.unicon.cas</groupId>
- <artifactId>cas-client-autoconfig-support</artifactId>
- <version>2.0.0-GA</version>
- </dependency>
- </dependencies>
- </project>
|