fix 修复 nacos seata sentinel 低版本tomcat相关漏洞

2025-10-14 14:10:24 +00:00 · 2025-03-14 09:38:07 +08:00
parent 9981d6ad58
commit 84a1540c19
3 changed files with 54 additions and 0 deletions
--- a/ruoyi-visual/ruoyi-nacos/pom.xml
+++ b/ruoyi-visual/ruoyi-nacos/pom.xml
@@ -200,8 +200,28 @@
                    <artifactId>log4j-to-slf4j</artifactId>
                    <groupId>org.apache.logging.log4j</groupId>
                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.tomcat.embed</groupId>
+                    <artifactId>tomcat-*</artifactId>
+                </exclusion>
            </exclusions>
        </dependency>
+        <!--  覆盖 tomcat version 避免CVE-2024-24549-->
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-websocket</artifactId>
+            <version>9.0.98</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-core</artifactId>
+            <version>9.0.98</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-el</artifactId>
+            <version>9.0.98</version>
+        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-jdbc</artifactId>
--- a/ruoyi-visual/ruoyi-seata-server/pom.xml
+++ b/ruoyi-visual/ruoyi-seata-server/pom.xml
@@ -70,6 +70,23 @@
            </exclusions>
        </dependency>

+        <!--  覆盖 tomcat version 避免CVE-2024-24549-->
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-websocket</artifactId>
+            <version>9.0.98</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-core</artifactId>
+            <version>9.0.98</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-el</artifactId>
+            <version>9.0.98</version>
+        </dependency>
+
        <!-- jedis -->
        <dependency>
            <groupId>redis.clients</groupId>
--- a/ruoyi-visual/ruoyi-sentinel-dashboard/pom.xml
+++ b/ruoyi-visual/ruoyi-sentinel-dashboard/pom.xml
@@ -87,6 +87,23 @@
            </exclusions>
        </dependency>

+        <!--  覆盖 tomcat version 避免CVE-2024-24549-->
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-websocket</artifactId>
+            <version>9.0.98</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-core</artifactId>
+            <version>9.0.98</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-el</artifactId>
+            <version>9.0.98</version>
+        </dependency>
+
        <!-- starter-actuator -->
        <dependency>
            <groupId>org.springframework.boot</groupId>