fix: vulnerability

[cxhello]

• CVE-2024-22257 Upgrade Spring Security to 5.7.12.
• Use spring-framework-bom as dependencyManagement.

Closes #11904

Please do not create a Pull Request without creating an issue first.

What is the purpose of the change

XXXXX

Brief changelog

XX

Verifying this change

XXXX

Follow this checklist to help us incorporate your contribution quickly and easily:

• Make sure there is a Github issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a Github issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue.
• Format the pull request title like [ISSUE #123] Fix UnknownException when host config not exist. Each commit in the pull request should have a meaningful subject line and body.
• Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
• Write necessary unit-test to verify your logic correction, more mock a little better when cross module dependency exist. If the new feature or significant change is committed, please remember to add integration-test in test module.
• Run mvn -B clean package apache-rat:check findbugs:findbugs -Dmaven.test.skip=true to make sure basic checks pass. Run mvn clean install -DskipITs to make sure unit-test pass. Run mvn clean test-compile failsafe:integration-test to make sure integration-test pass.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.63%. Comparing base (8af8519) to head (aa9e58a).

Additional details and impacted files

@@            Coverage Diff             @@
##             develop   #11914   +/-   ##
==========================================
  Coverage      68.62%   68.63%           
  Complexity      9034     9034           
==========================================
  Files           1239     1239           
  Lines          40610    40610           
  Branches        4317     4317           
==========================================
+ Hits           27870    27871    +1     
- Misses         10746    10747    +1     
+ Partials        1994     1992    -2     

see 2 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8af8519...aa9e58a. Read the comment docs.

[lzysuqianqiu]

Now need to upgrade to 5.3.34 to solve CVE-2024-22262

[DeBruyne2020]

@cxhello @KomachiSion
老师们您好🙏 请问一下， 我看您这次提交是升级了Security 升到了 5.7.12，也就是修复了springsecurity的漏洞，这个计划是什么时候发nacos的新包啊？

[cxhello]

@DeBruyne2020 我看社区是放到了2.4.0里程碑，具体发布日期不清楚。

[zw999]

期待尽快发布，扫描工具已经开始报高危了

[cxhello]

@zw999 着急的话可以自行修改，发布到你自己的公司私服上。社区具体什么时间发布，我也不太清楚。