JeecgBoot latest default branch (master) HEAD: 32a8dfe94f014f7a9d472bce83e08bb8cf9c10c3 Resolved via: git ls-remote https://github.com/jeecgboot/JeecgBoot.git HEAD Comparison: All four OpenAPI controllers (OpenApiAuthController, OpenApiPermissionController, OpenApiLogController, OpenApiController) fetched at master HEAD are BYTE-IDENTICAL to the v3.9.2 tag (commit 7df07a823fd558be857d0208ccae96342539fbc1). Conclusion: No fix has been applied to master. The latest release tag is v3.9.2 (== vulnerable).