⬆️ XStream < 1.4.15 反序列化漏洞（CVE-2020-26258、CVE-2020-26259）

2021-03-16 11:00:26 +08:00 · 2021-03-16 11:00:26 +08:00 · ab45193ae8
commit ab45193ae8
parent e7afb5e67e
1 changed files with 10 additions and 1 deletions
--- a/pom.xml
+++ b/pom.xml
@ -172,7 +172,7 @@
        <dependency>
            <groupId>com.github.binarywang</groupId>
            <artifactId>weixin-java-open</artifactId>
-            <version>3.9.0</version>
+            <version>4.0.0</version>
            <exclusions>
                <exclusion>
                    <groupId>commons-codec</groupId>
@ -182,8 +182,17 @@
                    <groupId>commons-io</groupId>
                    <artifactId>commons-io</artifactId>
                </exclusion>
+                <exclusion>
+                    <groupId>com.thoughtworks.xstream</groupId>
+                    <artifactId>xstream</artifactId>
+                </exclusion>
            </exclusions>
        </dependency>
+        <dependency>
+            <groupId>com.thoughtworks.xstream</groupId>
+            <artifactId>xstream</artifactId>
+            <version>1.4.15</version>
+        </dependency>
        <dependency>
            <groupId>com.github.jedis-lock</groupId>
            <artifactId>jedis-lock</artifactId>