From bf4e1ec13a05268b772a6d5e24204a77c18eaacc Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期日, 14 三月 2021 16:44:03 +0800
Subject: [PATCH] velocity剔除commons-collections版本，防止3.2.1版本的反序列化漏洞

---
 pom.xml |   38 ++++++++++++++++++++++++++------------
 1 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/pom.xml b/pom.xml
index f4f4941..15f9222 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 
 	<groupId>com.ruoyi</groupId>
 	<artifactId>ruoyi</artifactId>
-	<version>3.2.1</version>
+	<version>3.4.0</version>
 	<packaging>jar</packaging>
 
 	<name>ruoyi</name>
@@ -15,7 +15,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.1.17.RELEASE</version>
+		<version>2.2.13.RELEASE</version>
 		<relativePath />
 	</parent>
 
@@ -26,17 +26,18 @@
 		<maven-jar-plugin.version>3.1.1</maven-jar-plugin.version>
 		<mybatis.spring.boot.starter.version>2.1.3</mybatis.spring.boot.starter.version>
 		<pagehelper.spring.boot.starter.version>1.3.0</pagehelper.spring.boot.starter.version>
-		<fastjson.version>1.2.74</fastjson.version>
-		<druid.version>1.2.2</druid.version>
+		<fastjson.version>1.2.75</fastjson.version>
+		<druid.version>1.2.4</druid.version>
 		<commons.io.version>2.5</commons.io.version>
 		<commons.fileupload.version>1.3.3</commons.fileupload.version>
-		<bitwalker.version>1.19</bitwalker.version>
+		<commons.collections.version>3.2.2</commons.collections.version>
+		<bitwalker.version>1.21</bitwalker.version>
 		<jwt.version>0.9.1</jwt.version>
 		<kaptcha.version>2.3.2</kaptcha.version>
 		<swagger.version>2.9.2</swagger.version>
-		<poi.version>3.17</poi.version>
-		<oshi.version>5.2.5</oshi.version>
-        <jna.version>5.5.0</jna.version>
+		<poi.version>4.1.2</poi.version>
+		<oshi.version>5.6.0</oshi.version>
+        <jna.version>5.7.0</jna.version>
 		<velocity.version>1.7</velocity.version>
 	</properties>
 
@@ -218,11 +219,24 @@
 			<version>${poi.version}</version>
 		</dependency>
 
-		<!--velocity浠ｇ爜鐢熸垚浣跨敤妯℃澘 -->
+		<!-- velocity浠ｇ爜鐢熸垚浣跨敤妯℃澘 -->
 		<dependency>
-			<groupId>org.apache.velocity</groupId>
-			<artifactId>velocity</artifactId>
-			<version>${velocity.version}</version>
+           <groupId>org.apache.velocity</groupId>
+            <artifactId>velocity</artifactId>
+            <version>${velocity.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-collections</groupId>
+                    <artifactId>commons-collections</artifactId>
+                </exclusion>
+            </exclusions>
+		</dependency>
+		
+		<!-- collections宸ュ叿绫� -->
+		<dependency>
+		    <groupId>commons-collections</groupId>
+		    <artifactId>commons-collections</artifactId>
+		    <version>${commons.collections.version}</version>
 		</dependency>
 		
         <!-- 瀹氭椂浠诲姟 -->

--
Gitblit v1.9.3