From c0f1569ad98aa44bd4ee2712ff1f3de974a28091 Mon Sep 17 00:00:00 2001
From: hh44h1144 <huyongquan@ecloude.com>
Date: 星期五, 12 三月 2021 16:59:06 +0800
Subject: [PATCH] 修复commons-collections引起的反序列化漏洞
---
pom.xml | 55 +++++++++++++++++++++++++++++++++++++++++++------------
1 files changed, 43 insertions(+), 12 deletions(-)
diff --git a/pom.xml b/pom.xml
index cb9ecfb..ecc6df1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,29 +6,31 @@
<groupId>com.ruoyi</groupId>
<artifactId>ruoyi</artifactId>
- <version>3.0.0</version>
+ <version>3.4.0</version>
<name>ruoyi</name>
<url>http://www.ruoyi.vip</url>
<description>若依管理系统</description>
<properties>
- <ruoyi.version>3.0.0</ruoyi.version>
+ <ruoyi.version>3.4.0</ruoyi.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
- <mybatis.boot.version>1.3.2</mybatis.boot.version>
- <druid.version>1.1.14</druid.version>
- <bitwalker.version>1.19</bitwalker.version>
+ <maven-jar-plugin.version>3.1.1</maven-jar-plugin.version>
+ <druid.version>1.2.4</druid.version>
+ <bitwalker.version>1.21</bitwalker.version>
<swagger.version>2.9.2</swagger.version>
- <pagehelper.boot.version>1.2.5</pagehelper.boot.version>
- <fastjson.version>1.2.70</fastjson.version>
- <oshi.version>3.9.1</oshi.version>
+ <kaptcha.version>2.3.2</kaptcha.version>
+ <pagehelper.boot.version>1.3.0</pagehelper.boot.version>
+ <fastjson.version>1.2.75</fastjson.version>
+ <oshi.version>5.6.0</oshi.version>
+ <jna.version>5.7.0</jna.version>
<commons.io.version>2.5</commons.io.version>
<commons.fileupload.version>1.3.3</commons.fileupload.version>
- <poi.version>3.17</poi.version>
+ <poi.version>4.1.2</poi.version>
<velocity.version>1.7</velocity.version>
- <jwt.version>0.9.0</jwt.version>
+ <jwt.version>0.9.1</jwt.version>
</properties>
<!-- 依赖声明 -->
@@ -39,7 +41,7 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
- <version>2.1.1.RELEASE</version>
+ <version>2.2.13.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -70,6 +72,18 @@
<groupId>com.github.oshi</groupId>
<artifactId>oshi-core</artifactId>
<version>${oshi.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>net.java.dev.jna</groupId>
+ <artifactId>jna</artifactId>
+ <version>${jna.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>net.java.dev.jna</groupId>
+ <artifactId>jna-platform</artifactId>
+ <version>${jna.version}</version>
</dependency>
<!-- swagger2-->
@@ -122,8 +136,18 @@
<groupId>org.apache.velocity</groupId>
<artifactId>velocity</artifactId>
<version>${velocity.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
-
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.2</version>
+ </dependency>
<!-- 阿里JSON解析器 -->
<dependency>
<groupId>com.alibaba</groupId>
@@ -137,6 +161,13 @@
<artifactId>jjwt</artifactId>
<version>${jwt.version}</version>
</dependency>
+
+ <!--验证码 -->
+ <dependency>
+ <groupId>com.github.penggle</groupId>
+ <artifactId>kaptcha</artifactId>
+ <version>${kaptcha.version}</version>
+ </dependency>
<!-- 定时任务-->
<dependency>
--
Gitblit v1.9.2