Skip to content

Commit

Permalink
"CVE-2022-36157"授权漏洞修复。
Browse files Browse the repository at this point in the history
  • Loading branch information
xuxueli committed Mar 23, 2023
1 parent 4cd8636 commit 730c106
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 5 deletions.
13 changes: 8 additions & 5 deletions doc/XXL-JOB官方文档.md
Original file line number Diff line number Diff line change
Expand Up @@ -2303,11 +2303,9 @@ public void execute() {
### 7.33 版本 v2.4.0 Release Notes[规划中]
- 1、【优化】执行器任务Bean扫描逻辑优化:解决懒加载注解失效问题。
- 2、【优化】[规划中]任务日志重构:一次调度只记录一条主任务,维护起止时间和状态。
- 普通任务:只记录一条主任务;
- 广播任务:记录一条主任务,每个分片任务记录一条次任务,关联在主任务上;
- 重试任务:失败时,新增主任务。所有调度记录,包括入口调度和重试调度,均挂载主任务上。
- 3、【优化】[规划中]分片任务:全部完成后才会出发后置节点;
- 2、【优化】多个项目依赖升级至较新稳定版本,涉及netty、groovy、spring、springboot、mybatis等;
- 3、【修复】"CVE-2022-36157"授权漏洞修复。
### 7.34 新版本规划 [规划中]
- 1、[规划中]DAG流程任务
Expand All @@ -2317,6 +2315,11 @@ public void execute() {
- 3、[规划中]告警增强:邮件告警 + webhook告警;
- 4、[规划中]安全强化:AccessToken动态生成、动态启停;控制调度、回调;
- 5、[规划中]任务导入导出工具,灵活支持版本升级、迁移等场景。
- 6、【优化】[规划中]任务日志重构:一次调度只记录一条主任务,维护起止时间和状态。
- 普通任务:只记录一条主任务;
- 广播任务:记录一条主任务,每个分片任务记录一条次任务,关联在主任务上;
- 重试任务:失败时,新增主任务。所有调度记录,包括入口调度和重试调度,均挂载主任务上。
- 7、【优化】[规划中]分片任务:全部完成后才会出发后置节点;
### TODO LIST
- 1、任务分片路由:分片采用一致性Hash算法计算出尽量稳定的分片顺序,即使注册机器存在波动也不会引起分批分片顺序大的波动;目前采用IP自然排序,可以满足需求,待定;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.xxl.job.admin.controller;

import com.xxl.job.admin.controller.annotation.PermissionLimit;
import com.xxl.job.admin.core.model.XxlJobGroup;
import com.xxl.job.admin.core.model.XxlJobRegistry;
import com.xxl.job.admin.core.util.I18nUtil;
Expand Down Expand Up @@ -34,12 +35,14 @@ public class JobGroupController {
private XxlJobRegistryDao xxlJobRegistryDao;

@RequestMapping
@PermissionLimit(adminuser = true)
public String index(Model model) {
return "jobgroup/jobgroup.index";
}

@RequestMapping("/pageList")
@ResponseBody
@PermissionLimit(adminuser = true)
public Map<String, Object> pageList(HttpServletRequest request,
@RequestParam(required = false, defaultValue = "0") int start,
@RequestParam(required = false, defaultValue = "10") int length,
Expand All @@ -59,6 +62,7 @@ public Map<String, Object> pageList(HttpServletRequest request,

@RequestMapping("/save")
@ResponseBody
@PermissionLimit(adminuser = true)
public ReturnT<String> save(XxlJobGroup xxlJobGroup){

// valid
Expand Down Expand Up @@ -102,6 +106,7 @@ public ReturnT<String> save(XxlJobGroup xxlJobGroup){

@RequestMapping("/update")
@ResponseBody
@PermissionLimit(adminuser = true)
public ReturnT<String> update(XxlJobGroup xxlJobGroup){
// valid
if (xxlJobGroup.getAppname()==null || xxlJobGroup.getAppname().trim().length()==0) {
Expand Down Expand Up @@ -170,6 +175,7 @@ private List<String> findRegistryByAppName(String appnameParam){

@RequestMapping("/remove")
@ResponseBody
@PermissionLimit(adminuser = true)
public ReturnT<String> remove(int id){

// valid
Expand All @@ -189,6 +195,7 @@ public ReturnT<String> remove(int id){

@RequestMapping("/loadById")
@ResponseBody
@PermissionLimit(adminuser = true)
public ReturnT<XxlJobGroup> loadById(int id){
XxlJobGroup jobGroup = xxlJobGroupDao.load(id);
return jobGroup!=null?new ReturnT<XxlJobGroup>(jobGroup):new ReturnT<XxlJobGroup>(ReturnT.FAIL_CODE, null);
Expand Down

0 comments on commit 730c106

Please sign in to comment.