安全漏洞修复导致SpringBoot2.7与Springfox不兼容_springboot和springfox-swagger2对应版本spring-boot-start-优快云博客

项目基于 springboot2.5.2 实现的，用 springfox-swagger2 生成与前端对接的 API 文档；pom.xml 中依赖如下

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.5.2</version>
</parent>

<properties>
    <maven.compiler.source>8</maven.compiler.source>
    <maven.compiler.target>8</maven.compiler.target>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>io.springfox</groupId>
        <artifactId>springfox-boot-starter</artifactId>
        <version>3.0.0</version>
    </dependency>
</dependencies>

启动服务后，就可以访问 Swagger UI

http://localhost:8080/swagger-ui/index.html

swagger2-ui

前端同事就可以访问这个来对接接口了，后端省去了写接口文档的工作，一切都是那么美好！可突然有一天，安全部门发来报告，说服务存在很多安全漏洞

CVE-2023-20860、CVE-2022-45143、CVE-2023-46589、...

让我们根据报告中的建议进行修复，然后就开始了我的踩坑之旅！

springboot 与 springfox 兼容问题

粗略看了一眼，将 spring-boot 升级，可以解决很多漏洞，既然要升，那就升到可升的最高版本；因为是基于 JDK8，所以 spring-boot 最高能升级到 2.7.8。那就升嘛，不要怂就是干！

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.7.18</version>
</parent>

启动服务，第一个坑来了：NullPointerException

2025-05-30 21:13:42.264|ERROR|main|818|o.s.boot.SpringApplication              :Application run failed
org.springframework.context.ApplicationContextException: Failed to start bean 'documentationPluginsBootstrapper'; nested exception is java.lang.NullPointerException
	at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:182)
	at org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:54)
	at org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:357)
	at java.lang.Iterable.forEach(Iterable.java:75)
	at org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:156)
	at org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:124)
	at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:946)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:594)
	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:147)
	at org.springframework.boot.SpringApplication.refre