From bf4e1ec13a05268b772a6d5e24204a77c18eaacc Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期日, 14 三月 2021 16:44:03 +0800
Subject: [PATCH] velocity剔除commons-collections版本，防止3.2.1版本的反序列化漏洞

---
 src/main/java/com/ruoyi/framework/web/controller/BaseController.java |    2 +-
 pom.xml                                                              |   22 ++++++++++++++++++----
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index 18c3d59..15f9222 100644
--- a/pom.xml
+++ b/pom.xml
@@ -30,6 +30,7 @@
 		<druid.version>1.2.4</druid.version>
 		<commons.io.version>2.5</commons.io.version>
 		<commons.fileupload.version>1.3.3</commons.fileupload.version>
+		<commons.collections.version>3.2.2</commons.collections.version>
 		<bitwalker.version>1.21</bitwalker.version>
 		<jwt.version>0.9.1</jwt.version>
 		<kaptcha.version>2.3.2</kaptcha.version>
@@ -218,11 +219,24 @@
 			<version>${poi.version}</version>
 		</dependency>
 
-		<!--velocity浠ｇ爜鐢熸垚浣跨敤妯℃澘 -->
+		<!-- velocity浠ｇ爜鐢熸垚浣跨敤妯℃澘 -->
 		<dependency>
-			<groupId>org.apache.velocity</groupId>
-			<artifactId>velocity</artifactId>
-			<version>${velocity.version}</version>
+           <groupId>org.apache.velocity</groupId>
+            <artifactId>velocity</artifactId>
+            <version>${velocity.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-collections</groupId>
+                    <artifactId>commons-collections</artifactId>
+                </exclusion>
+            </exclusions>
+		</dependency>
+		
+		<!-- collections宸ュ叿绫� -->
+		<dependency>
+		    <groupId>commons-collections</groupId>
+		    <artifactId>commons-collections</artifactId>
+		    <version>${commons.collections.version}</version>
 		</dependency>
 		
         <!-- 瀹氭椂浠诲姟 -->
diff --git a/src/main/java/com/ruoyi/framework/web/controller/BaseController.java b/src/main/java/com/ruoyi/framework/web/controller/BaseController.java
index cb9b7d0..9662df6 100644
--- a/src/main/java/com/ruoyi/framework/web/controller/BaseController.java
+++ b/src/main/java/com/ruoyi/framework/web/controller/BaseController.java
@@ -25,7 +25,7 @@
  */
 public class BaseController
 {
-    protected final Logger logger = LoggerFactory.getLogger(BaseController.class);
+    protected final Logger logger = LoggerFactory.getLogger(this.getClass());
 
     /**
      * 灏嗗墠鍙颁紶閫掕繃鏉ョ殑鏃ユ湡鏍煎紡鐨勫瓧绗︿覆锛岃嚜鍔ㄨ浆鍖栦负Date绫诲瀷

--
Gitblit v1.9.3