diff --git a/backend/pom.xml b/backend/pom.xml
index b03cea2f01..1049621672 100644
--- a/backend/pom.xml
+++ b/backend/pom.xml
@@ -31,7 +31,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>30.1.1-jre</version>
+            <version>31.0.1-jre</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -143,7 +143,7 @@
         <dependency>
             <groupId>com.alibaba</groupId>
             <artifactId>fastjson</artifactId>
-            <version>1.2.72</version>
+            <version>1.2.79</version>
         </dependency>
         <dependency>
             <groupId>com.auth0</groupId>
diff --git a/backend/src/main/java/io/dataease/commons/utils/ExcelXlsxReader.java b/backend/src/main/java/io/dataease/commons/utils/ExcelXlsxReader.java
index fc96df9a6b..d381e754c7 100644
--- a/backend/src/main/java/io/dataease/commons/utils/ExcelXlsxReader.java
+++ b/backend/src/main/java/io/dataease/commons/utils/ExcelXlsxReader.java
@@ -142,6 +142,9 @@ public class ExcelXlsxReader extends DefaultHandler {
         stylesTable = xssfReader.getStylesTable();
         SharedStringsTable sst = xssfReader.getSharedStringsTable();
         XMLReader parser = XMLReaderFactory.createXMLReader("org.apache.xerces.parsers.SAXParser");
+        parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+        parser.setFeature("http://xml.org/sax/features/external-general-entities", false);
+        parser.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
         this.sst = sst;
         parser.setContentHandler(this);
         XSSFReader.SheetIterator sheets = (XSSFReader.SheetIterator) xssfReader.getSheetsData();
diff --git a/backend/src/main/java/io/dataease/commons/utils/ServiceUtils.java b/backend/src/main/java/io/dataease/commons/utils/ServiceUtils.java
deleted file mode 100644
index b564ad7a1f..0000000000
--- a/backend/src/main/java/io/dataease/commons/utils/ServiceUtils.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package io.dataease.commons.utils;
-
-import io.dataease.commons.exception.DEException;
-import io.dataease.controller.request.BaseQueryRequest;
-import io.dataease.controller.request.OrderRequest;
-
-import java.lang.reflect.Method;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.function.Function;
-import java.util.stream.Collectors;
-
-public class ServiceUtils {
-
-    public static List<OrderRequest> getDefaultOrder(List<OrderRequest> orders) {
-        if (orders == null || orders.size() < 1) {
-            OrderRequest orderRequest = new OrderRequest();
-            orderRequest.setName("update_time");
-            orderRequest.setType("desc");
-            orders = new ArrayList<>();
-            orders.add(orderRequest);
-            return orders;
-        }
-        return orders;
-    }
-
-    /**
-     *  获取前端全选的id列表
-     * @param queryRequest 查询条件
-     * @param func 查询id列表的数据库查询
-     * @return
-     */
-    public static<T> void getSelectAllIds( T batchRequest, BaseQueryRequest queryRequest, Function<BaseQueryRequest, List<String>> func) {
-        if (queryRequest.isSelectAll()) {
-            List<String> ids = func.apply(queryRequest);
-            if (!ids.isEmpty()) {
-                ids = ids.stream()
-                        .filter(id -> !queryRequest.getUnSelectIds().contains(id))
-                        .collect(Collectors.toList());
-            }
-            queryRequest.setIds(ids);
-            try {
-                Method setIds = batchRequest.getClass().getDeclaredMethod("setIds", List.class);
-                setIds.invoke(batchRequest, ids);
-            } catch (Exception e) {
-                LogUtil.error(e.getMessage(), e);
-                DEException.throwException("请求没有setIds方法");
-            }
-        }
-    }
-}
diff --git a/backend/src/main/java/io/dataease/controller/sys/I18nController.java b/backend/src/main/java/io/dataease/controller/sys/I18nController.java
deleted file mode 100644
index d9f826e0ba..0000000000
--- a/backend/src/main/java/io/dataease/controller/sys/I18nController.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package io.dataease.controller.sys;
-
-
-import io.dataease.commons.constants.I18nConstants;
-import io.dataease.commons.exception.DEException;
-import io.dataease.commons.utils.LogUtil;
-import io.dataease.i18n.Lang;
-import io.dataease.i18n.Translator;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RestController;
-import springfox.documentation.annotations.ApiIgnore;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * Created by liqiang on 2019/4/1.
- */
-@ApiIgnore
-@RestController
-public class I18nController {
-
-    private static final int FOR_EVER = 3600 * 24 * 30 * 12 * 10; //10 years in second
-
-    @Value("${run.mode:release}")
-    private String runMode;
-
-
-    @GetMapping("lang/change/{lang}")
-    public void changeLang(@PathVariable String lang, HttpServletRequest request, HttpServletResponse response) {
-        Lang targetLang = Lang.getLangWithoutDefault(lang);
-        if (targetLang == null) {
-            response.setStatus(HttpServletResponse.SC_NOT_ACCEPTABLE);
-            LogUtil.error("Invalid parameter: " + lang);
-            DEException.throwException(Translator.get("error_lang_invalid"));
-        }
-        Cookie cookie = new Cookie(I18nConstants.LANG_COOKIE_NAME, targetLang.getDesc());
-        cookie.setPath("/");
-        cookie.setMaxAge(FOR_EVER);
-        response.addCookie(cookie);
-        //重新登录
-        if ("release".equals(runMode)) {
-            Cookie f2cCookie = new Cookie("DE_SESSION_ID", "deleteMe");
-            f2cCookie.setPath("/");
-            f2cCookie.setMaxAge(0);
-            response.addCookie(f2cCookie);
-        }
-        //本地测试用
-        if ("local".equals(runMode)) {
-            if (request != null) {
-                request.getSession(true).setAttribute(I18nConstants.LANG_COOKIE_NAME, lang);
-            }
-        }
-    }
-}
diff --git a/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java b/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java
index 63c1a4dbdf..6544ba376a 100644
--- a/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java
+++ b/backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java
@@ -2000,30 +2000,7 @@ public class DataSetTableService {
                     data.add(r);
                 }
             }
-        } else if (StringUtils.equalsIgnoreCase(suffix, "csv")) {
-            BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8));
-            String s = reader.readLine();// first line
-            String[] split = s.split(",");
-            for (String s1 : split) {
-                TableField tableField = new TableField();
-                tableField.setFieldName(s1);
-                tableField.setRemarks(s1);
-                tableField.setFieldType("TEXT");
-                fields.add(tableField);
-            }
-            int num = 1;
-            String line;
-            while ((line = reader.readLine()) != null) {
-                if (isPreview) {
-                    if (num > 100) {
-                        break;
-                    }
-                }
-                data.add(line.split(","));
-                num++;
-            }
         }
-
         String[] fieldArray = fields.stream().map(TableField::getFieldName).toArray(String[]::new);
 
         // 校验excel字段是否重名