mirror of
				https://github.com/getrebuild/rebuild.git
				synced 2025-10-26 00:37:35 +08:00 
			
		
		
		
	Fix 3.6.3 (#751)
* fix: CVE-2024-1021 * fix: poi-ooxml-schemas * be: ALWAYS_PARSE_INTEGRAL_NUMBER_INTO_DECIMAL
This commit is contained in:
		
							parent
							
								
									efcb801aab
								
							
						
					
					
						commit
						d35dd2c7b8
					
				
					 6 changed files with 17 additions and 9 deletions
				
			
		
							
								
								
									
										2
									
								
								@rbv
									
										
									
									
									
								
							
							
						
						
									
										2
									
								
								@rbv
									
										
									
									
									
								
							|  | @ -1 +1 @@ | ||||||
| Subproject commit d42ae420345c31581e65f1fbac7085a9c4dad5d9 | Subproject commit d9a1e4f8e2dad6f0f3d33c1a2ddfd18e38f89350 | ||||||
							
								
								
									
										11
									
								
								pom.xml
									
										
									
									
									
								
							
							
						
						
									
										11
									
								
								pom.xml
									
										
									
									
									
								
							|  | @ -10,7 +10,7 @@ | ||||||
|     </parent> |     </parent> | ||||||
|     <groupId>com.rebuild</groupId> |     <groupId>com.rebuild</groupId> | ||||||
|     <artifactId>rebuild</artifactId> |     <artifactId>rebuild</artifactId> | ||||||
|     <version>3.6.2</version> |     <version>3.6.3</version> | ||||||
|     <name>rebuild</name> |     <name>rebuild</name> | ||||||
|     <description>Building your business-systems freely!</description> |     <description>Building your business-systems freely!</description> | ||||||
|     <url>https://getrebuild.com/</url> |     <url>https://getrebuild.com/</url> | ||||||
|  | @ -403,6 +403,10 @@ | ||||||
|                     <artifactId>ehcache</artifactId> |                     <artifactId>ehcache</artifactId> | ||||||
|                     <groupId>org.ehcache</groupId> |                     <groupId>org.ehcache</groupId> | ||||||
|                 </exclusion> |                 </exclusion> | ||||||
|  |                 <exclusion> | ||||||
|  |                     <groupId>org.apache.poi</groupId> | ||||||
|  |                     <artifactId>poi-ooxml-schemas</artifactId> | ||||||
|  |                 </exclusion> | ||||||
|             </exclusions> |             </exclusions> | ||||||
|         </dependency> |         </dependency> | ||||||
|         <dependency> |         <dependency> | ||||||
|  | @ -420,11 +424,6 @@ | ||||||
|             <artifactId>poi-ooxml</artifactId> |             <artifactId>poi-ooxml</artifactId> | ||||||
|             <version>5.2.5</version> |             <version>5.2.5</version> | ||||||
|         </dependency> |         </dependency> | ||||||
|         <dependency> |  | ||||||
|             <groupId>org.apache.poi</groupId> |  | ||||||
|             <artifactId>poi-ooxml-schemas</artifactId> |  | ||||||
|             <version>4.1.2</version> |  | ||||||
|         </dependency> |  | ||||||
|         <dependency> |         <dependency> | ||||||
|             <groupId>com.h2database</groupId> |             <groupId>com.h2database</groupId> | ||||||
|             <artifactId>h2</artifactId> |             <artifactId>h2</artifactId> | ||||||
|  |  | ||||||
|  | @ -74,11 +74,11 @@ public class Application implements ApplicationListener<ApplicationStartedEvent> | ||||||
|     /** |     /** | ||||||
|      * Rebuild Version |      * Rebuild Version | ||||||
|      */ |      */ | ||||||
|     public static final String VER = "3.6.2"; |     public static final String VER = "3.6.3"; | ||||||
|     /** |     /** | ||||||
|      * Rebuild Build [MAJOR]{1}[MINOR]{2}[PATCH]{2}[BUILD]{2} |      * Rebuild Build [MAJOR]{1}[MINOR]{2}[PATCH]{2}[BUILD]{2} | ||||||
|      */ |      */ | ||||||
|     public static final int BUILD = 3060207; |     public static final int BUILD = 3060308; | ||||||
| 
 | 
 | ||||||
|     static { |     static { | ||||||
|         // Driver for DB |         // Driver for DB | ||||||
|  |  | ||||||
|  | @ -37,6 +37,7 @@ public class AviatorUtils { | ||||||
|     static { |     static { | ||||||
|         // https://www.yuque.com/boyan-avfmj/aviatorscript/yr1oau |         // https://www.yuque.com/boyan-avfmj/aviatorscript/yr1oau | ||||||
|         AVIATOR.setOption(Options.ALWAYS_PARSE_FLOATING_POINT_NUMBER_INTO_DECIMAL, Boolean.TRUE); |         AVIATOR.setOption(Options.ALWAYS_PARSE_FLOATING_POINT_NUMBER_INTO_DECIMAL, Boolean.TRUE); | ||||||
|  |         AVIATOR.setOption(Options.ALWAYS_PARSE_INTEGRAL_NUMBER_INTO_DECIMAL, Boolean.TRUE); | ||||||
|         AVIATOR.setOption(Options.ENABLE_PROPERTY_SYNTAX_SUGAR, Boolean.FALSE); |         AVIATOR.setOption(Options.ENABLE_PROPERTY_SYNTAX_SUGAR, Boolean.FALSE); | ||||||
|         AVIATOR.setOption(Options.ALLOWED_CLASS_SET, Collections.emptySet()); |         AVIATOR.setOption(Options.ALLOWED_CLASS_SET, Collections.emptySet()); | ||||||
|         AVIATOR.setOption(Options.TRACE_EVAL, Boolean.FALSE); |         AVIATOR.setOption(Options.TRACE_EVAL, Boolean.FALSE); | ||||||
|  |  | ||||||
|  | @ -181,6 +181,7 @@ public class FileDownloader extends BaseController { | ||||||
| 
 | 
 | ||||||
|         if (CommonsUtils.isExternalUrl(filepath)) { |         if (CommonsUtils.isExternalUrl(filepath)) { | ||||||
|             String text = OkHttpUtils.get(filepath, null, charset); |             String text = OkHttpUtils.get(filepath, null, charset); | ||||||
|  |             ServletUtils.setContentType(response, ServletUtils.CT_PLAIN); | ||||||
|             ServletUtils.write(response, text); |             ServletUtils.write(response, text); | ||||||
|             return; |             return; | ||||||
|         } |         } | ||||||
|  | @ -212,6 +213,7 @@ public class FileDownloader extends BaseController { | ||||||
|             } |             } | ||||||
|         } |         } | ||||||
| 
 | 
 | ||||||
|  |         ServletUtils.setContentType(response, ServletUtils.CT_PLAIN); | ||||||
|         ServletUtils.write(response, text); |         ServletUtils.write(response, text); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -119,4 +119,10 @@ class AviatorUtilsTest { | ||||||
|         Assertions.assertTrue((Boolean) AviatorUtils.eval("12.34560 == 12.3456", env)); |         Assertions.assertTrue((Boolean) AviatorUtils.eval("12.34560 == 12.3456", env)); | ||||||
|         Assertions.assertTrue((Boolean) AviatorUtils.eval("1 != 2", env)); |         Assertions.assertTrue((Boolean) AviatorUtils.eval("1 != 2", env)); | ||||||
|     } |     } | ||||||
|  | 
 | ||||||
|  |     @Test | ||||||
|  |     void intdiv() { | ||||||
|  |         System.out.println(AviatorUtils.eval("1/2.333")); | ||||||
|  |         System.out.println(AviatorUtils.eval("1/3")); | ||||||
|  |     } | ||||||
| } | } | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue