国家信息安全漏洞（请务必保持cipherKey密钥唯一性）

ruoyi-admin/src/main/resources/application.yml

@@ -108,6 +108,8 @@ shiro:
     httpOnly: true
     # 设置Cookie的过期时间，天为单位
     maxAge: 30
+    # 设置密钥，务必保持唯一性（生成方式，直接拷贝到main运行即可）KeyGenerator keygen = KeyGenerator.getInstance("AES"); SecretKey deskey = keygen.generateKey(); System.out.println(Base64.encodeToString(deskey.getEncoded()));
+    cipherKey: zSyK5Kp6PZAAjlT+eeNMlg==
   session:
     # Session超时时间，-1代表永不过期（默认30分钟）
     expireTime: 30

ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java

@@ -85,6 +85,10 @@ public class ShiroConfig
     @Value("${shiro.cookie.maxAge}")
     private int maxAge;
 
+    // 设置cipherKey密钥
+    @Value("${shiro.cookie.cipherKey}")
+    private String cipherKey;
+
     // 登录地址
     @Value("${shiro.user.loginUrl}")
     private String loginUrl;
@@ -328,7 +332,7 @@ public class ShiroConfig
     {
         CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
         cookieRememberMeManager.setCookie(rememberMeCookie());
-        cookieRememberMeManager.setCipherKey(Base64.decode("fCq+/xW488hMTCD+cmJ3aQ=="));
+        cookieRememberMeManager.setCipherKey(Base64.decode(cipherKey));
         return cookieRememberMeManager;
     }