修复国家信息安全漏洞共享平台披露的漏洞CNVD-2024-34975，避免/dataSetParam/verification;swagger-ui的RCE漏洞

2025-12-12 08:18:05 +08:00 · 2024-08-26 10:32:55 +08:00
parent af73727e40
commit 3e70a273f1
1 changed files with 3 additions and 0 deletions
--- a/report-core/src/main/resources/bootstrap.yml
+++ b/report-core/src/main/resources/bootstrap.yml
@@ -72,6 +72,9 @@ spring:
        #  secret-key: secret-key
        #  bucket-name: AJ-Report
        #若minio和amazonS3都没有，使用服务器高可用的nfs共享盘
+    Security:
+      # jwt密钥，生产环境请自行修改，避免被远程伪造登录攻击
+      jwtSecret: TybmmfrgsIqpPsBOYxvygCMVJWKNfDJU

 mybatis-plus:
  configuration: