【安全漏洞】jackson-databind漏洞、 异常NoClassDefFoundError: Could not initialize class com.fasterxml.jackson

一、jackson-databind漏洞

       国家信息安全漏洞库:http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201906-867 

        

 

二、发现项目中有使用2.6.3版本的jackson,所以进行升级

     jackson-databind 升级到2.9.9.1、  jackson-core升级到2.9.9

             <dependency>
                <groupId>com.fasterxml.jackson.core</groupId>
                <artifactId>jackson-core</artifactId>
                <version>2.9.9</version>
            </dependency>
            <dependency>
                <groupId>com.fasterxml.jackson.core</groupId>
                <artifactId>jackson-databind</artifactId>
                <version>2.9.9.1</version>
            </dependency>
 

 

 

三、测试环境发布时,报错,如下

2019-07-24 20:59:52,770 ERROR  localhost-startStop-1 [TomcatStarter] Error starting Tomcat context. 
Exception: org.springframework.beans.factory.BeanCreationException. 
Message: Error creating bean with name 'httpPutFormContentFilter' defined in class path resource [org/springframework/boot/autoconfigure/web/WebMvcAutoConfiguration.class]: Bean instantiation via factory method failed; 
nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.filter.OrderedHttpPutFormContentFilter]: Factory method 'httpPutFormContentFilter' threw exception; 
nested exception is java.lang.NoClassDefFoundError: Could not initialize class com.fasterxml.jackson.databind.ObjectMapper
2019-07-24 20:59:52,836 INFO   main [StandardService] Stopping service [Tomcat]
2019-07-24 20:59:52,983 WARN   localhost-startStop-1 [WebappClassLoaderBase] The web application [express-as] appears to have started a thread named [RxIoScheduler-1 (Evictor)] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
 sun.misc.Unsafe.park(Native Method)
 java.util.concurrent.locks.LockSupport.parkNanos(LockSupport.java:215)
 java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.awaitNanos(AbstractQueuedSynchronizer.java:2078)
 java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:1093)
 java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:8
评论 5
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值