Code Monkey home page Code Monkey logo

light-security's People

Contributors

eacdy avatar xkcoding avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

feng-dan skyformat99 zhanyue76 louiskoozzx daimaxiansheng ppyang010 xkcoding diffblue-benchmarks formersoldier azkoss layjustdoit kioyong xiany-peng pojackwang lwq-owesome ziyinjava gohysen ice24for tomlongjoy clawjqq hellosx luagam luogeger xiaoyumo 82kg rwindwh lhxcc james1006 tommyhxh sitylight charlicheng zcjlq maclezhou amanurat wesleyweitianqi

light-security's Issues

同学,您这个项目引入了196个开源组件,存在258个漏洞,辛苦升级一下

检测到 eacdy/light-security 一共引入了196个开源组件,存在258个漏洞

漏洞标题:netty 安全漏洞
缺陷组件:io.netty:[email protected]
漏洞编号:CVE-2021-37137
漏洞描述:Netty是Netty社区的一款非阻塞I/O客户端-服务器框架,它主要用于开发Java网络应用程序,如协议服务器和客户端等。
netty存在安全漏洞,该漏洞源于Snappy frame decoder函数不限制块长度,这可能会导致过度内存使用。
影响范围:(∞, 4.1.68.Final)
最小修复版本:4.1.68.Final
缺陷组件引入路径:com.itmuch.security:[email protected]>org.springframework.boot:[email protected]>org.springframework.boot:[email protected]>io.projectreactor.netty:[email protected]>io.netty:[email protected]>io.netty:[email protected]

另外还有258个漏洞,详细报告:https://mofeisec.com/jr?p=ic5099

跨域问题

AuthInterceptor里会拦截OPTIONS请求,项目里如果配置跨域的话,这里也需要处理,不然还是还是会报no header的异常,所以为了兼容性,我觉得不如在这里过滤下OPTIONS?

README.md 单词拼写错误

基于代码的权限配置
@configuration
public class LightSecurityConfigurtion {
@bean
public SpecRegistry specRegistry() {
return new SpecRegistry()
.add(HttpMethod.GET, "/user", "hasAnyRoles('user')")
.add(HttpMethod.ANY, "/**", "hasLogin()");
}
}

LightSecurityConfigurtion = LightSecurityConfigur_a_tion

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.