How can I locate the pom.xml where the jar is imported?
Currently, I'm developing a web project based on SpringBoot and the building tool is Maven.
A few days ago, a vulnerability was found in the commons-fileupload(jar) 1.4 which is from Apache. Unexpectedly, when I was trying to located it in Intelij Idea(the IDE), the searching list is empty as follows.
But the jar is include in the package after compiling.
Maybe it is imported directly from another dependency.So I tried to find it in the dependencies diagram. In vain. How can I find it? Thank you indeed for you reply.
Try to get the dependency tree, that way you will see the dependencies and where they come from.
In Maven you can do that by using the command mvn dependency:tree
This command will scan all your direct and transitory dependencies, and then you can ignore and replace the specific dependency on your project. Still, you must be sure the versions are compatible.
- How to override default Tomcat 404 not found html page in Spring Boot 3.2?
- How to log SQL parameters binding in JPA queries with Spring Boot 3?
- How to log SQL statements with query param values in Spring Boot 3/Hibernate 6
- Spring Boot - Logback Configuration - Annoying Boilerplate at beginning of log
- Java Spring Boot: How to map my app root (“/”) to index.html?
- Unable to Insert image from classpath into PDF using PDFBox
- Spring boot ddl auto generator
- SpringBoot 3, hibernate 6 tables not created
- UTF-8 encoding of application.properties attributes in Spring-Boot
- Implementing Custom Expression Handling with Spring Security 6
- my Spring CustomSecurityExpressionRoot not working
- MySQL Testcontainer Timezone Issue When Using Spring Data JDBC
- How to read data from java properties file using Spring Boot
- Does adding @Transactional annotation to method is a must when making database calls?
- @EnableGlobalMethodSecurity is deprecated in the new spring boot 3.0
- Scheduler not running in Spring Boot
- SpringBoot EventListener don't receive events
- http call with Multipart form data is failing after spring upgrade
- Karate framework fails to find tests in multi module Spring Framework
- Connecting to queue or creating on non-existence in spring-rabbitmq
- Spring Security blocks POST requests despite SecurityConfig
- Weird autoincrement issue on Spring Boot 3.3.0 with MySQL 8
- Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing this as a fallback with no error in console
- Disable exemplars support in Spring Boot 3.2 to avoid Prometheus problem with scrapping metrics
- What happened to SimpleRemoteStatelessSessionProxyFactoryBean?
- Spring Boot Restful Service and CORS problem
- What is the best way to test that a spring application context fails to start?
- Using org.commonsources.correlation.filter.CorrelationHeaderFilter throws Caused by: java.io.IOException: Failed to load class [javax.servlet.Filter]
- Cannot convert grib2 to geotiff in SpringBoot app
- Spring Boot JPA H2 Console not running, application.properties file ignored