From c0f1569ad98aa44bd4ee2712ff1f3de974a28091 Mon Sep 17 00:00:00 2001
From: hh44h1144 <huyongquan@ecloude.com>
Date: 星期五, 12 三月 2021 16:59:06 +0800
Subject: [PATCH] 修复commons-collections引起的反序列化漏洞

---
 pom.xml |   26 ++++++++++++++++++--------
 1 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/pom.xml b/pom.xml
index e5954a9..ecc6df1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,26 +6,26 @@
 	
     <groupId>com.ruoyi</groupId>
     <artifactId>ruoyi</artifactId>
-    <version>3.3.0</version>
+    <version>3.4.0</version>
 
     <name>ruoyi</name>
     <url>http://www.ruoyi.vip</url>
     <description>若依管理系统</description>
     
     <properties>
-        <ruoyi.version>3.3.0</ruoyi.version>
+        <ruoyi.version>3.4.0</ruoyi.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <java.version>1.8</java.version>
         <maven-jar-plugin.version>3.1.1</maven-jar-plugin.version>
-        <druid.version>1.2.2</druid.version>
+        <druid.version>1.2.4</druid.version>
         <bitwalker.version>1.21</bitwalker.version>
         <swagger.version>2.9.2</swagger.version>
 		<kaptcha.version>2.3.2</kaptcha.version>
         <pagehelper.boot.version>1.3.0</pagehelper.boot.version>
-        <fastjson.version>1.2.74</fastjson.version>
-        <oshi.version>5.3.6</oshi.version>
-        <jna.version>5.6.0</jna.version>
+        <fastjson.version>1.2.75</fastjson.version>
+        <oshi.version>5.6.0</oshi.version>
+        <jna.version>5.7.0</jna.version>
         <commons.io.version>2.5</commons.io.version>
         <commons.fileupload.version>1.3.3</commons.fileupload.version>
         <poi.version>4.1.2</poi.version>
@@ -41,7 +41,7 @@
             <dependency>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-dependencies</artifactId>
-                <version>2.1.18.RELEASE</version>
+                <version>2.2.13.RELEASE</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -136,8 +136,18 @@
                 <groupId>org.apache.velocity</groupId>
                 <artifactId>velocity</artifactId>
                 <version>${velocity.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>commons-collections</groupId>
+                        <artifactId>commons-collections</artifactId>
+                    </exclusion>
+                </exclusions>
             </dependency>
-	        
+            <dependency>
+                <groupId>commons-collections</groupId>
+                <artifactId>commons-collections</artifactId>
+                <version>3.2.2</version>
+            </dependency>
             <!-- 阿里JSON解析器 -->
             <dependency>
                 <groupId>com.alibaba</groupId>

--
Gitblit v1.9.2