velocity剔除commons-collections版本，防止3.2.1版本的反序列化漏洞

pom.xml

@@ -30,6 +30,7 @@
 		<druid.version>1.2.4</druid.version>
 		<commons.io.version>2.5</commons.io.version>
 		<commons.fileupload.version>1.3.3</commons.fileupload.version>
+		<commons.collections.version>3.2.2</commons.collections.version>
 		<bitwalker.version>1.21</bitwalker.version>
 		<jwt.version>0.9.1</jwt.version>
 		<kaptcha.version>2.3.2</kaptcha.version>
@@ -219,11 +220,24 @@
 			<version>${poi.version}</version>
 		</dependency>
 
-		<!--velocity代码生成使用模板 -->
+		<!-- velocity代码生成使用模板 -->
 		<dependency>
 			<groupId>org.apache.velocity</groupId>
 			<artifactId>velocity</artifactId>
 			<version>${velocity.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-collections</groupId>
+                    <artifactId>commons-collections</artifactId>
+                </exclusion>
+            </exclusions>
+		</dependency>
+		
+		<!-- collections工具类 -->
+		<dependency>
+		    <groupId>commons-collections</groupId>
+		    <artifactId>commons-collections</artifactId>
+		    <version>${commons.collections.version}</version>
 		</dependency>
 		
         <!-- 定时任务 -->

src/main/java/com/ruoyi/framework/web/controller/BaseController.java

@@ -25,7 +25,7 @@ import com.ruoyi.framework.web.page.TableSupport;
  */
 public class BaseController
 {
-    protected final Logger logger = LoggerFactory.getLogger(BaseController.class);
+    protected final Logger logger = LoggerFactory.getLogger(this.getClass());
 
     /**
      * 将前台传递过来的日期格式的字符串，自动转化为Date类型