您好,开发者: 在使用springboot 中遇到spring fromwork 5.1.3有漏洞,请问如何修复spring fromwork中的漏洞,官方提示是修改spring 版本,但是spring boot 是集成spring。 请问如何修改spring到5.1.14
Comment From: wilkinsona
From Google translate:
Hello, developer: I encountered a vulnerability in spring fromwork 5.1.3 when using spring boot. How to fix the vulnerability in spring fromwork. The official tip is to modify the spring version, but spring boot integrates spring. How to modify spring to 5.1.14
You can use the spring-framework.version property to override the version of Spring Framework that's used. The general approach is described in the documentation for both Gradle and Maven.
That said, to be using Spring Framework 5.1.3, you must also be using an old version of Spring Boot. Rather than just upgrading Spring Framework, I would recommend upgrading the version of Spring Boot that you're using. This will also upgrade the Spring Framework version.
If you have any further questions, please follow up on Stack Overflow or Gitter. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements.