velocity剔除commons-collections版本，防止3.2.1版本的反序列化漏洞

RuoYi

2021-03-14 bf4e1ec13a05268b772a6d5e24204a77c18eaacc

velocity剔除commons-collections版本，防止3.2.1版本的反序列化漏洞

 pom.xml

@@ -30,6 +30,7 @@
        <druid.version>1.2.4</druid.version>

        <commons.io.version>2.5</commons.io.version>

        <commons.fileupload.version>1.3.3</commons.fileupload.version>

        <commons.collections.version>3.2.2</commons.collections.version>

        <bitwalker.version>1.21</bitwalker.version>

        <jwt.version>0.9.1</jwt.version>

        <kaptcha.version>2.3.2</kaptcha.version>

@@ -218,11 +219,24 @@
            <version>${poi.version}</version>

        </dependency>



        <!--velocity代码生成使用模板 -->

        <!-- velocity代码生成使用模板 -->

        <dependency>

            <groupId>org.apache.velocity</groupId>

            <artifactId>velocity</artifactId>

            <version>${velocity.version}</version>

           <groupId>org.apache.velocity</groupId>

            <artifactId>velocity</artifactId>

            <version>${velocity.version}</version>

            <exclusions>

                <exclusion>

                    <groupId>commons-collections</groupId>

                    <artifactId>commons-collections</artifactId>

                </exclusion>

            </exclusions>

        </dependency>

		
        <!-- collections工具类 -->

        <dependency>

            <groupId>commons-collections</groupId>

            <artifactId>commons-collections</artifactId>

            <version>${commons.collections.version}</version>

        </dependency>

        

        <!-- 定时任务 -->


 src/main/java/com/ruoyi/framework/web/controller/BaseController.java

@@ -25,7 +25,7 @@
 */

public class BaseController

{

    protected final Logger logger = LoggerFactory.getLogger(BaseController.class);

    protected final Logger logger = LoggerFactory.getLogger(this.getClass());



    /**

     * 将前台传递过来的日期格式的字符串，自动转化为Date类型