我最近通过spring Boot 升级到2. 6. 6,出现了一个RCE漏洞。但是,应用程序无法启动,并出现以下错误:
***************************
APPLICATION FAILED TO START
***************************
Description:
An attempt was made to call a method that does not exist. The attempt was made from the following location:
org.springframework.boot.SpringApplication.run(SpringApplication.java:301)
The following method did not exist:
'void org.springframework.context.ConfigurableApplicationContext.setApplicationStartup(org.springframework.core.metrics.ApplicationStartup)'
The calling method's class, org.springframework.boot.SpringApplication, was loaded from the following location:
jar:file:/Users/mahulivishal/.m2/repository/org/springframework/boot/spring-boot/2.6.6/spring-boot-2.6.6.jar!/org/springframework/boot/SpringApplication.class
The called method's class, org.springframework.context.ConfigurableApplicationContext, is available from the following locations:
jar:file:/Users/mahulivishal/.m2/repository/org/springframework/spring-context/5.2.5.RELEASE/spring-context-5.2.5.RELEASE.jar!/org/springframework/context/ConfigurableApplicationContext.class
The called method's class hierarchy was loaded from the following locations:
org.springframework.context.ConfigurableApplicationContext: file:/Users/mahulivishal/.m2/repository/org/springframework/spring-context/5.2.5.RELEASE/spring-context-5.2.5.RELEASE.jar
行动:
更正应用程序的类路径,使其包含类org.springframework.boot.SpringApplication and org.springframework.context.ConfigurableApplicationContext
的兼容版本
进程已完成,退出代码为1
以下是我的pom.xml
的依赖项:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.6</version>
</parent>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.6.6</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>5.2.5.RELEASE</version>
</dependency>
1条答案
按热度按时间j13ufse21#
我找到了解决办法。这里总共有两个问题:
1.Spring引导2.6.6与Spring上下文5.2.5不兼容。版本
解决方案:将spring-boot降级到2.4.12(2.4.x)以获得Zuul支持,并将spring版本升级到5.3.18以防止暴露于RCE漏洞。此外,使用spring-cloud-starter-bootstrap 3.0.1以解决spring-context不兼容问题。删除spring-context依赖项。