mysql-connector-java-8.0.x 升级到 8.0.29
漏洞描述
Oracle MySQL JDBC XXE 漏洞(CVE-2021-2471)建议将 mysql-connector-java 升级到 8.0.27 及以上版本,参考如下
1、下载地址
2、升级步骤(以下操作均用安装用户操作如 isearch 用户)
1、备份原文件
mv /isearch/isa/datas/tomcat/Snapshot/WEB-INF/lib/mysql-connector-java-8.0.25.jar /isearch/isa/datas/tomcat/Snapshot/WEB-INF/lib/mysql-connector-java-8.0.25.jar.bak(此目录不存在可不备份)
mv /isearch/isa/datas/tomcat/ROOT/WEB-INF/lib/mysql-connector-java-8.0.25.jar /isearch/isa/datas/tomcat/ROOT/WEB-INF/lib/mysql-connector-java-8.0.25.jar.bak
2、上传文件(注意jar包权限,安装用户权限)
把附件中的mysql-connector-java-8.0.29.jar上传到如下两个路径下
/isearch/isa/datas/tomcat/Snapshot/WEB-INF/lib/(此目录不存在可不上传)
/isearch/isa/datas/tomcat/ROOT/WEB-INF/lib/
4、重启mysql、重启tomcat
3、还原
1、备份文件还原
mv /isearch/isa/datas/tomcat/Snapshot/WEB-INF/lib/mysql-connector-java-8.0.29.jar /isearch/isa/datas/tomcat/Snapshot/WEB-INF/lib/mysql-connector-java-8.0.29.jar.bak(此目录不存在可不备份)
mv /isearch/isa/datas/tomcat/ROOT/WEB-INF/lib/mysql-connector-java-8.0.29.jar /isearch/isa/datas/tomcat/ROOT/WEB-INF/lib/mysql-connector-java-8.0.29.jar.bak
2、将替换文件重命名
mv /isearch/isa/datas/tomcat/Snapshot/WEB-INF/lib/mysql-connector-java-8.0.25.jar.bak /isearch/isa/datas/tomcat/Snapshot/WEB-INF/lib/mysql-connector-java-8.0.25.jar(此目录不存在可不备份)
mv /isearch/isa/datas/tomcat/ROOT/WEB-INF/lib/mysql-connector-java-8.0.25.jar.bak /isearch/isa/datas/tomcat/ROOT/WEB-INF/lib/mysql-connector-java-8.0.25.jar
3、重启mysql、重启tomcat
