spring 5.3.19 CVE-2022-22968: Spring Framework Data Binding Rules Vulnerability

gradle.properties

@@ -62,7 +62,7 @@ poiVersion                      =5.1.0
 tomcatVersion                   =9.0.62
 tomcatembedloggingjuliVersion   =8.5.2
 #spring
-springVersion                   =5.3.18
+springVersion                   =5.3.19
 springBootVersion               =2.6.6
 springSecurityVersion           =5.6.2
 springDataVersion               =2.6.2

maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java

@@ -121,7 +121,7 @@ public class SocialSignOnEndpoint  extends AbstractSocialSignOnEndpoint{
     		socialsAssociate =new SocialsAssociate();
     		socialsAssociate.setProvider(provider);
     		socialsAssociate.setSocialUserId(this.accountId);
-    		socialsAssociate.setInstId(WebContext.getInst(WebContext.getRequest()));
+    		//socialsAssociate.setInstId(WebContext.getInst(WebContext.getRequest()));
     		
     		//for login
     		String socialSignOnType= 

maxkey-core/src/main/java/org/maxkey/web/WebContext.java

@@ -1,5 +1,5 @@
 /*
- * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,10 +29,8 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.LogFactory;
 import org.maxkey.configuration.ApplicationConfig;
-import org.maxkey.entity.Institutions;
 import org.maxkey.util.DateUtils;
 import org.maxkey.util.IdGenerator;
 import org.maxkey.web.message.Message;
@@ -104,19 +102,6 @@ public final class WebContext {
         logoutAttributeNameList.add(WebConstants.REMEBER_ME_SESSION);
         
     }
-     
-  
-    public static String getInst(HttpServletRequest request) {
-    	String instId = "1";
-    	//from session
-    	if(getAttribute(WebConstants.CURRENT_INST) != null) {
-    		instId = ((Institutions)request.getSession().getAttribute(WebConstants.CURRENT_INST)).getId();
-    	}else {
-    	//from cookie
-    		instId = WebContext.getCookie(request, WebConstants.INST_COOKIE_NAME).getValue();
-    	}
-        return StringUtils.isBlank(instId) ? "1" : instId;
-    }
 
     /**
      * set Message to session,session id is Constants.MESSAGE
@@ -163,7 +148,7 @@ public final class WebContext {
      * @return Object
      */
     public static Object getBean(String name){
-        if(applicationContext==null) {
+        if(applicationContext == null) {
             return getApplicationContext().getBean(name);
         }else {
             return applicationContext.getBean(name);

maxkey-core/src/main/java/org/maxkey/web/tag/LocaleTagDirective.java

@@ -71,21 +71,13 @@ public class LocaleTagDirective implements TemplateDirectiveModel {
                 || code.equals("application.version")) {
             message = WebContext.properties.getProperty("application.formatted-version");
         } else if (code.equals("global.logo")) {
-        	message = localizationService.getLocale(
-        						code,
-        						htmlTag,
-        						WebContext.getLocale(),
-        						WebContext.getInst(request));
+
         	if(!message.startsWith("http")) {
             	message = request.getContextPath() + message;
             }
         }else if (code.equals("global.title")
         			||code.equals("global.consoleTitle")) {
-        	message = localizationService.getLocale(
-        						code,
-        						htmlTag,
-        						WebContext.getLocale(),
-        						WebContext.getInst(request));
+   
         } else {
             try {
                 message = webApplicationContext.getMessage(

maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEntryPoint.java

@@ -180,7 +180,7 @@ public class LoginEntryPoint {
     public String produceOtp(@PathVariable("mobile") String mobile,HttpServletRequest request) {
         UserInfo queryUserInfo=userInfoService.findByEmailMobile(mobile);
         if(queryUserInfo!=null) {
-        	otpAuthnService.getByInstId(WebContext.getInst(request)).produce(queryUserInfo);
+        	//otpAuthnService.getByInstId(WebContext.getInst(request)).produce(queryUserInfo);
             return "ok";
         }
         

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/jobs/OnlineTicketListenerJob.java

@@ -28,7 +28,6 @@ public class OnlineTicketListenerJob   implements Job , Serializable {
 	
 	private static final long serialVersionUID = 4782358765969474833L;
 
-	
 	@Override
 	public void execute(JobExecutionContext context) throws JobExecutionException {
 		// TODO Auto-generated method stub