Spring security Spring hybris中基于路径的漏洞

我们在Qualys报告中发现了基于路径的漏洞问题。我已经处理了stackoverflow问题，例如，并将UseDefaultSuffExpattern配置为false，如下所示

即使在控制器中我以@RequestMapping（value=“/about”）的形式给出，我仍然能够加载带有/about.anything的页面

我们是否需要更新任何其他配置来阻止这种情况发生

    <bean
    class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
    <property name="order" value="0" />
    <!-- Set whether to register paths using the default suffix pattern as 
        well: i.e. whether "/users" should be registered as "/users.*" and "/users/" 
        too. Default is "true". Turn this convention off if you intend to interpret 
        your @RequestMapping paths strictly. Note that paths which include a ".xxx" 
        suffix or end with "/" already will not be transformed using the default 
        suffix pattern in any case. -->
    <property name="useDefaultSuffixPattern" value="false" />
    <property name="pathMatcher" ref="pathMatcher" />
</bean>

---

我们使用的是hybris 1811版本，这可能是因为它忽略了URL中点（.）之后的所有内容。
要解决此问题，必须创建