Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rocketmq-acl introduces fastjson #849

Open
3 tasks done
Hintic opened this issue Oct 25, 2024 · 1 comment
Open
3 tasks done

Rocketmq-acl introduces fastjson #849

Hintic opened this issue Oct 25, 2024 · 1 comment
Labels
stale Pull request is stale type/bug Something isn't working

Comments

@Hintic
Copy link

Hintic commented Oct 25, 2024

Before Creating the Bug Report

  • I found a bug, not just asking a question, which should be created in GitHub Discussions.

  • I have searched the GitHub Issues and GitHub Discussions of this repository and believe that this is not a duplicate.

  • I have confirmed that this bug belongs to the current repository, not other repositories of RocketMQ.

Programming Language of the Client

Java

Runtime Platform Environment

Linux

RocketMQ Version of the Client/Server

rocketmq-acl: 4.9.6; rocketmq-client 4.9.6

Run or Compiler Version

No response

Describe the Bug

Rocket-acl java client introduced fastjson, vulnerability number: CNVD-2022-40233

  1. We upgraded acl and found that fastjson was removed after version 5.3.0, but rocketmq-client in version 5.3.0 introduced fastjson in common
  2. We now remove it through exclusion in maven, and would like to consult whether it will affect the overall function

Steps to Reproduce

null

What Did You Expect to See?

null

What Did You See Instead?

null

Additional Context

No response
@Hintic Hintic added the type/bug Something isn't working label Oct 25, 2024
@github-actions GitHub Actions
Copy link

This issue is stale because it has been open for 30 days with no activity. It will be closed in 3 days if no further activity occurs.

@github-actions github-actions bot added the stale Pull request is stale label Nov 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale Pull request is stale type/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Hintic