java 更正应用程序的类路径,使其包含 Boot 类的兼容版本

4nkexdtk  于 2023-03-11  发布在  Java
关注(0)|答案(1)|浏览(189)

我最近通过spring Boot 升级到2. 6. 6,出现了一个RCE漏洞。但是,应用程序无法启动,并出现以下错误:

***************************
APPLICATION FAILED TO START
***************************

Description:

An attempt was made to call a method that does not exist. The attempt was made from the following location:
org.springframework.boot.SpringApplication.run(SpringApplication.java:301)

The following method did not exist:
'void org.springframework.context.ConfigurableApplicationContext.setApplicationStartup(org.springframework.core.metrics.ApplicationStartup)'

The calling method's class, org.springframework.boot.SpringApplication, was loaded from the following location:

jar:file:/Users/mahulivishal/.m2/repository/org/springframework/boot/spring-boot/2.6.6/spring-boot-2.6.6.jar!/org/springframework/boot/SpringApplication.class

The called method's class, org.springframework.context.ConfigurableApplicationContext, is available from the following locations:

jar:file:/Users/mahulivishal/.m2/repository/org/springframework/spring-context/5.2.5.RELEASE/spring-context-5.2.5.RELEASE.jar!/org/springframework/context/ConfigurableApplicationContext.class

The called method's class hierarchy was loaded from the following locations:

org.springframework.context.ConfigurableApplicationContext: file:/Users/mahulivishal/.m2/repository/org/springframework/spring-context/5.2.5.RELEASE/spring-context-5.2.5.RELEASE.jar

行动:
更正应用程序的类路径,使其包含类org.springframework.boot.SpringApplication and org.springframework.context.ConfigurableApplicationContext的兼容版本
进程已完成,退出代码为1
以下是我的pom.xml的依赖项:

<parent>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-parent</artifactId>
            <version>2.6.6</version>
        </parent>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
            <version>2.6.6</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context</artifactId>
            <version>5.2.5.RELEASE</version>
        </dependency>
Java

1条答案

按热度按时间
j13ufse2

j13ufse21#

我找到了解决办法。这里总共有两个问题:
1.Spring引导2.6.6与Spring上下文5.2.5不兼容。版本

  1. Spring已经将对netflix-zuul的支持转移到了维护模式,所以Zuul不能在2.6.6中使用
    解决方案:将spring-boot降级到2.4.12(2.4.x)以获得Zuul支持,并将spring版本升级到5.3.18以防止暴露于RCE漏洞。此外,使用spring-cloud-starter-bootstrap 3.0.1以解决spring-context不兼容问题。删除spring-context依赖项。
<groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.4.12</version>
    <properties>
       <java.version>11</java.version>
       <log4j2.version>2.16.0</log4j2.version>
       <spring.version>5.3.18</spring.version>
    </properties>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
        <version>2.4.12</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-bootstrap</artifactId>
        <version>3.0.1</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-netflix-zuul</artifactId>
        <version>2.2.2.RELEASE</version>
    </dependency>
赞(0)分享  回复(0)举报  2023-03-11
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com