Springboot版本升级
链接:https://blog.csdn.net/xhf852963/article/details/121494936。链接:https://blog.csdn.net/java_zjn/article/details/108711513。| Spring Boot | Spring Security | 是否受CVE-2022-22978影响 || 2.5.13| 5.5.6| 是|---->
## 简介
此次升级是为了解决旧版本的各种漏洞问题。
开发软件:IDEA2019
项目环境:java 8,springboot2.0.5
目标版本:java 8,springboot2.5.5
本文档前后变化对比,旧代码使用<!-- -->、// 等表示。
## 依赖升级
### 升级版本
```
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<!-- <version>2.0.5.RELEASE</version> -->
<version>2.5.5</version> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<!-- <spring-cloud.version>Finchley.RELEASE</spring-cloud.version> -->
<spring-cloud.version>2020.0.3</spring-cloud.version>
<skipTests>true</skipTests>
<easypoi.version>3.2.0</easypoi.version>
<!-- <tomcat.version>8.5.81</tomcat.version> -->
<tomcat.version>9.0.50</tomcat.version>
</properties>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-all</artifactId>
<!-- <version>4.1.28.Final</version> -->
<version>4.1.6.Final</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<!-- <version>1.4.0</version> -->
<version>1.7.1</version>
</dependency>
```
### 新增
```
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<!-- Swagger 2 -->
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.9.2</version>
</dependency>
```
## 代码调整
### import变化
```
import org.apache.commons.lang.StringUtils;
改为
import org.apache.commons.lang3.StringUtils;
```
### CollectionUtils变化
```
set.addAll(CollectionUtils.arrayToList(str.split(",")));
// set.addAll(CollectionUtils.arrayToList(str.split(",")));//2.0.5
```
### 验证变化
Length变为Size
```
//import org.hibernate.validator.constraints.Length;
import org.checkerframework.checker.units.qual.Length;
```
注解修改
```
//@Length(min = 1, max = 100, message = "发送对象不能为空")
@Size(min = 1, max = 100, message = "发送对象不能为空")
```
## Shiro
提示ShiroFilterFactoryBean不存在
```
//@Bean
@Bean(name = "shiroFilterFactoryBean")
public ShiroFilterFactoryBean factory(SecurityManager securityManager) {
```
## 跨域问题
使用addAllowedOrigin导致跨域不成功,提示不允许使用*
```
// corsConfiguration.addAllowedOrigin("*");
//原本是addAllowedOrigin,改为addAllowedOriginPattern
corsConfiguration.addAllowedOriginPattern("*");
```
增加启动配置
```
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowCredentials(true).allowedOriginPatterns("*");
}
};
}
```
## 版本说明
spring-boot-starter-parent 2.2.5使用 Spring Framework 是哪个版本
链接:https://blog.csdn.net/java_zjn/article/details/108711513
springBoot 和 spring security 版本对应关系 (至2.3.12.RELEASE)
链接:https://blog.csdn.net/xhf852963/article/details/121494936
| Spring Boot | Spring Security | 是否受CVE-2022-22978影响 |
| ----------- | --------------- | ------------------- |
| 2.5.13 | 5.5.6 | 是 |
| 2.5.14 | 5.5.8 | 否(可用) |
| 2.6.5 | 5.6.2 | 是 |
| 2.6.7 | 5.6.3 | 是 |
| 2.6.8 | 5.6.5 | 否(可用) |
更多推荐



所有评论(0)