sermant1.3.0版本开源组件漏洞修复

Signed-off-by: daizhenyu <[email protected]>

pom.xml

@@ -42,7 +42,7 @@
         <http.client.version>4.5.13</http.client.version>
         <http.core.version>4.4.13</http.core.version>
         <Java-WebSocket.version>1.5.1</Java-WebSocket.version>
-        <netty.version>4.1.94.Final</netty.version>
+        <netty.version>4.1.100.Final</netty.version>
         <protobuf.version>3.19.6</protobuf.version>
         <fastjson.version>1.2.83</fastjson.version>
         <xml.apis.version>1.4.01</xml.apis.version>
@@ -57,7 +57,7 @@
 
         <slf4j.version>1.7.35</slf4j.version>
         <log4j2.version>2.17.2</log4j2.version>
-        <logback.version>1.2.9</logback.version>
+        <logback.version>1.2.13</logback.version>
 
         <junit.version>4.13.1</junit.version>
         <junit.jupiter.version>5.8.1</junit.jupiter.version>

sermant-agentcore/sermant-agentcore-implement/pom.xml

@@ -28,7 +28,7 @@
         <gpg.plugin.version>3.0.1</gpg.plugin.version>
         <javadoc.plugin.version>3.3.2</javadoc.plugin.version>
         <nexus.staging.plugin.version>1.6.7</nexus.staging.plugin.version>
-        <nacos.version>2.1.0</nacos.version>
+        <nacos.version>2.1.2</nacos.version>
         <jackson-databind.version>2.13.4.2</jackson-databind.version>
     </properties>
 

sermant-backend/pom.xml

@@ -13,10 +13,9 @@
         <sermant.basedir>${pom.basedir}/..</sermant.basedir>
         <package.output.dir>${package.server.dir}/sermant</package.output.dir>
         <jdk.version>1.8</jdk.version>
-        <spring.boot.version>2.5.3</spring.boot.version>
+        <spring-boot.version>2.7.18</spring-boot.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <io.netty.version>4.1.86.Final</io.netty.version>
-        <spring-boot.version>2.7.17</spring-boot.version>
+        <io.netty.version>4.1.100.Final</io.netty.version>
         <protobuf-java.version>3.19.6</protobuf-java.version>
         <lombok.version>1.18.22</lombok.version>
         <fastjson.version>1.2.83</fastjson.version>
@@ -26,7 +25,7 @@
         <mockito-core.version>2.28.2</mockito-core.version>
         <slf4j-api.version>1.7.32</slf4j-api.version>
         <commons-lang3.version>3.9</commons-lang3.version>
-        <jedis.version>4.3.1</jedis.version>
+        <jedis.version>4.4.0</jedis.version>
         <powermock.version>2.0.9</powermock.version>
         <expiringmap.version>0.5.8</expiringmap.version>
         <jackson-databind.version>2.13.4.2</jackson-databind.version>
@@ -38,7 +37,7 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-dependencies</artifactId>
-            <version>${spring.boot.version}</version>
+            <version>${spring-boot.version}</version>
             <type>pom</type>
             <scope>import</scope>
         </dependency>
@@ -194,7 +193,7 @@
                     <plugin>
                         <groupId>org.springframework.boot</groupId>
                         <artifactId>spring-boot-maven-plugin</artifactId>
-                        <version>${spring.boot.version}</version>
+                        <version>${spring-boot.version}</version>
                         <configuration>
                             <mainClass>com.huaweicloud.sermant.backend.Backend</mainClass>
                             <outputDirectory>${package.output.dir}</outputDirectory>
@@ -217,7 +216,7 @@
                     <plugin>
                         <groupId>org.springframework.boot</groupId>
                         <artifactId>spring-boot-maven-plugin</artifactId>
-                        <version>${spring.boot.version}</version>
+                        <version>${spring-boot.version}</version>
                         <configuration>
                             <mainClass>com.huaweicloud.sermant.backend.Backend</mainClass>
                             <outputDirectory>${package.output.dir}</outputDirectory>
@@ -240,7 +239,7 @@
                     <plugin>
                         <groupId>org.springframework.boot</groupId>
                         <artifactId>spring-boot-maven-plugin</artifactId>
-                        <version>${spring.boot.version}</version>
+                        <version>${spring-boot.version}</version>
                         <executions>
                             <execution>
                                 <goals>

sermant-plugins/sermant-service-registry/dubbo-registry-service/pom.xml

@@ -24,6 +24,7 @@
         <surefire.plugin.version>2.22.2</surefire.plugin.version>
         <package.plugin.type>service</package.plugin.type>
         <config.skip.flag>false</config.skip.flag>
+        <gson.version>2.8.9</gson.version>
     </properties>
 
     <dependencies>
@@ -83,6 +84,18 @@
             <groupId>org.apache.dubbo</groupId>
             <artifactId>dubbo-config-api</artifactId>
             <version>${dubbo.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
+            </exclusions>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <version>${gson.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>

sermant-plugins/sermant-service-registry/pom.xml

@@ -15,7 +15,7 @@
         <sermant.basedir>${pom.basedir}/../../..</sermant.basedir>
         <package.plugin.name>service-registry</package.plugin.name>
         <service-center-version>2.7.6</service-center-version>
-        <guava.version>31.0.1-jre</guava.version>
+        <guava.version>32.1.3-jre</guava.version>
         <nacos.version>2.0.4</nacos.version>
     </properties>
     <profiles>