velocity剔除commons-collections版本,防止3.2.1版本的反序列化漏洞

This commit is contained in:
RuoYi 2021-03-14 16:48:11 +08:00
parent b2e48a2345
commit ec384f60a5
2 changed files with 16 additions and 2 deletions

16
pom.xml
View File

@ -30,6 +30,7 @@
<druid.version>1.2.4</druid.version>
<commons.io.version>2.5</commons.io.version>
<commons.fileupload.version>1.3.3</commons.fileupload.version>
<commons.collections.version>3.2.2</commons.collections.version>
<bitwalker.version>1.21</bitwalker.version>
<jwt.version>0.9.1</jwt.version>
<kaptcha.version>2.3.2</kaptcha.version>
@ -219,11 +220,24 @@
<version>${poi.version}</version>
</dependency>
<!--velocity代码生成使用模板 -->
<!-- velocity代码生成使用模板 -->
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity</artifactId>
<version>${velocity.version}</version>
<exclusions>
<exclusion>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- collections工具类 -->
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>${commons.collections.version}</version>
</dependency>
<!-- 定时任务 -->

View File

@ -25,7 +25,7 @@ import com.ruoyi.framework.web.page.TableSupport;
*/
public class BaseController
{
protected final Logger logger = LoggerFactory.getLogger(BaseController.class);
protected final Logger logger = LoggerFactory.getLogger(this.getClass());
/**
* 将前台传递过来的日期格式的字符串自动转化为Date类型