Skip to content

Commit

Permalink
【优化】任务信息、执行日志API完善,避免越权隐患;
Browse files Browse the repository at this point in the history
  • Loading branch information
xuxueli committed Nov 10, 2024
1 parent a09f7f3 commit e578539
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 13 deletions.
12 changes: 6 additions & 6 deletions doc/XXL-JOB官方文档.md
Original file line number Diff line number Diff line change
Expand Up @@ -2389,17 +2389,17 @@ public void execute() {
- 7、【优化】执行器注册节点显示优化,解决注册节点过多时无法展示问题。
### 7.35 版本 v2.4.2 Release Notes[规划中]
- 1、【升级】多个项目依赖升级至较新稳定版本,涉及netty、groovy、gson、springboot、mybatis等;
- 2、【修复】漏洞修复,包括 "CVE-2024-42681" 子任务越权漏洞修复、"CVE-2023-33779" 任务API越权问题修复;
- 3、【优化】Cron解析组件优化代码优化。
- 4、【优化】修改密码交互调整,避免CSRF隐患。
- 5、【优化】任务信息、执行日志API完善,避免越权隐患;
- 1、【优化】调度中心任务Next计算逻辑调整,避免Cron解析失败导致重复执行问题。
- 2、【优化】Cron解析组件代码重构微调,健壮性提升;
- 3、【优化】修改密码交互调整,避免CSRF隐患;
- 4、【优化】任务信息、执行日志API飞功能设计完善,避免越权隐患;
- 5、【修复】漏洞修复,包括 "CVE-2024-42681" 子任务越权漏洞修复、"CVE-2023-33779" 任务API越权问题修复;
- 6、【升级】多个项目依赖升级至较新稳定版本,涉及netty、groovy、gson、springboot、mybatis等;
备注:“CVE-2024-38820”漏洞源自spring,当前使用spring5.x及springboot2.x软件普遍受该问题影响。
该问题修复需要升级至spring6.x与springboot3.x,如有诉求可自行升级,计划下个大版本升级spring相关版本解决该问题。
### 7.35 版本 v2.5.0 Release Notes[规划中]
- 1、[规划中]升级springboot3.x,解决2.x老版本漏洞类问题。注意,springboot3.x依赖jdk17。
- 2、[规划中]安全功能增强,通讯加密参数改用加密数据避免AccessToken明文, 降低token泄漏风险。
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -270,16 +270,27 @@ public void run() {
}

private void refreshNextValidTime(XxlJobInfo jobInfo, Date fromTime) throws Exception {
Date nextValidTime = generateNextValidTime(jobInfo, fromTime);
if (nextValidTime != null) {
jobInfo.setTriggerLastTime(jobInfo.getTriggerNextTime());
jobInfo.setTriggerNextTime(nextValidTime.getTime());
} else {
try {
Date nextValidTime = generateNextValidTime(jobInfo, fromTime);
if (nextValidTime != null) {
jobInfo.setTriggerLastTime(jobInfo.getTriggerNextTime());
jobInfo.setTriggerNextTime(nextValidTime.getTime());
} else {
// generateNextValidTime fail, stop job
jobInfo.setTriggerStatus(0);
jobInfo.setTriggerLastTime(0);
jobInfo.setTriggerNextTime(0);
logger.error(">>>>>>>>>>> xxl-job, refreshNextValidTime fail for job: jobId={}, scheduleType={}, scheduleConf={}",
jobInfo.getId(), jobInfo.getScheduleType(), jobInfo.getScheduleConf());
}
} catch (Exception e) {
// generateNextValidTime error, stop job
jobInfo.setTriggerStatus(0);
jobInfo.setTriggerLastTime(0);
jobInfo.setTriggerNextTime(0);
logger.warn(">>>>>>>>>>> xxl-job, refreshNextValidTime fail for job: jobId={}, scheduleType={}, scheduleConf={}",
jobInfo.getId(), jobInfo.getScheduleType(), jobInfo.getScheduleConf());

logger.error(">>>>>>>>>>> xxl-job, refreshNextValidTime error for job: jobId={}, scheduleType={}, scheduleConf={}",
jobInfo.getId(), jobInfo.getScheduleType(), jobInfo.getScheduleConf(), e);
}
}

Expand Down

0 comments on commit e578539

Please sign in to comment.