Fix 3.6.3 (#751)

* fix: CVE-2024-1021 * fix: poi-ooxml-schemas * be: ALWAYS_PARSE_INTEGRAL_NUMBER_INTO_DECIMAL
2024-09-20 07:25:54 +08:00 · 2024-04-25 11:27:28 +08:00 · 2024-04-25 11:27:28 +08:00 · d35dd2c7b8
parent efcb801aab
commit d35dd2c7b8
6 changed files with 17 additions and 9 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit d42ae420345c31581e65f1fbac7085a9c4dad5d9
+Subproject commit d9a1e4f8e2dad6f0f3d33c1a2ddfd18e38f89350
--- a/pom.xml
+++ b/pom.xml
@ -10,7 +10,7 @@
    </parent>
    <groupId>com.rebuild</groupId>
    <artifactId>rebuild</artifactId>
-    <version>3.6.2</version>
+    <version>3.6.3</version>
    <name>rebuild</name>
    <description>Building your business-systems freely!</description>
    <url>https://getrebuild.com/</url>
@ -403,6 +403,10 @@
                    <artifactId>ehcache</artifactId>
                    <groupId>org.ehcache</groupId>
                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.poi</groupId>
+                    <artifactId>poi-ooxml-schemas</artifactId>
+                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
@ -420,11 +424,6 @@
            <artifactId>poi-ooxml</artifactId>
            <version>5.2.5</version>
        </dependency>
-        <dependency>
-            <groupId>org.apache.poi</groupId>
-            <artifactId>poi-ooxml-schemas</artifactId>
-            <version>4.1.2</version>
-        </dependency>
        <dependency>
            <groupId>com.h2database</groupId>
            <artifactId>h2</artifactId>
--- a/src/main/java/com/rebuild/core/Application.java
+++ b/src/main/java/com/rebuild/core/Application.java
@ -74,11 +74,11 @@ public class Application implements ApplicationListener<ApplicationStartedEvent>
    /**
     * Rebuild Version
     */
-    public static final String VER = "3.6.2";
+    public static final String VER = "3.6.3";
    /**
     * Rebuild Build [MAJOR]{1}[MINOR]{2}[PATCH]{2}[BUILD]{2}
     */
-    public static final int BUILD = 3060207;
+    public static final int BUILD = 3060308;

    static {
        // Driver for DB
--- a/src/main/java/com/rebuild/core/service/trigger/aviator/AviatorUtils.java
+++ b/src/main/java/com/rebuild/core/service/trigger/aviator/AviatorUtils.java
@ -37,6 +37,7 @@ public class AviatorUtils {
    static {
        // https://www.yuque.com/boyan-avfmj/aviatorscript/yr1oau
        AVIATOR.setOption(Options.ALWAYS_PARSE_FLOATING_POINT_NUMBER_INTO_DECIMAL, Boolean.TRUE);
+        AVIATOR.setOption(Options.ALWAYS_PARSE_INTEGRAL_NUMBER_INTO_DECIMAL, Boolean.TRUE);
        AVIATOR.setOption(Options.ENABLE_PROPERTY_SYNTAX_SUGAR, Boolean.FALSE);
        AVIATOR.setOption(Options.ALLOWED_CLASS_SET, Collections.emptySet());
        AVIATOR.setOption(Options.TRACE_EVAL, Boolean.FALSE);
--- a/src/main/java/com/rebuild/web/commons/FileDownloader.java
+++ b/src/main/java/com/rebuild/web/commons/FileDownloader.java
@ -181,6 +181,7 @@ public class FileDownloader extends BaseController {

        if (CommonsUtils.isExternalUrl(filepath)) {
            String text = OkHttpUtils.get(filepath, null, charset);
+            ServletUtils.setContentType(response, ServletUtils.CT_PLAIN);
            ServletUtils.write(response, text);
            return;
        }
@ -212,6 +213,7 @@ public class FileDownloader extends BaseController {
            }
        }

+        ServletUtils.setContentType(response, ServletUtils.CT_PLAIN);
        ServletUtils.write(response, text);
    }

--- a/src/test/java/com/rebuild/core/service/trigger/aviator/AviatorUtilsTest.java
+++ b/src/test/java/com/rebuild/core/service/trigger/aviator/AviatorUtilsTest.java
@ -119,4 +119,10 @@ class AviatorUtilsTest {
        Assertions.assertTrue((Boolean) AviatorUtils.eval("12.34560 == 12.3456", env));
        Assertions.assertTrue((Boolean) AviatorUtils.eval("1 != 2", env));
    }
+
+    @Test
+    void intdiv() {
+        System.out.println(AviatorUtils.eval("1/2.333"));
+        System.out.println(AviatorUtils.eval("1/3"));
+    }
 }