wangq
/
yisai-Cloud
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

velocity剔除commons-collections版本,防止3.2.1版本的反序列化漏洞

tags/v3.0.0
RuoYi 4 years ago
parent
6ad1df166b
commit
41fa57d778
3 changed files with 7 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      pom.xml
  2. 4
      ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/controller/BaseController.java
  3. 2
      ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/FeignRequestInterceptor.java

6
pom.xml
Unescape View File

@ -142,6 +142,12 @@ @@ -142,6 +142,12 @@
<groupId>org.apache.velocity</groupId>
<artifactId>velocity</artifactId>
<version>${velocity.version}</version>
<exclusions>
<exclusion>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- JSON 解析器和生成器 -->

4
ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/controller/BaseController.java
Unescape View File

@ -3,12 +3,10 @@ package com.ruoyi.common.core.web.controller; @@ -3,12 +3,10 @@ package com.ruoyi.common.core.web.controller;
import java.beans.PropertyEditorSupport;
import java.util.Date;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.InitBinder;
import com.github.pagehelper.PageHelper;
import com.github.pagehelper.PageInfo;
import com.ruoyi.common.core.constant.HttpStatus;
@ -27,7 +25,7 @@ import com.ruoyi.common.core.web.page.TableSupport; @@ -27,7 +25,7 @@ import com.ruoyi.common.core.web.page.TableSupport;
*/
public class BaseController
{
protected final Logger logger = LoggerFactory.getLogger(BaseController.class);
protected final Logger logger = LoggerFactory.getLogger(this.getClass());
/**
* 将前台传递过来的日期格式的字符串自动转化为Date类型

2
ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/FeignRequestInterceptor.java
Unescape View File

@ -2,7 +2,6 @@ package com.ruoyi.common.security.feign; @@ -2,7 +2,6 @@ package com.ruoyi.common.security.feign;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import com.ruoyi.common.core.utils.ip.IpUtils;
import org.springframework.stereotype.Component;
import com.ruoyi.common.core.constant.CacheConstants;
@ -45,7 +44,6 @@ public class FeignRequestInterceptor implements RequestInterceptor @@ -45,7 +44,6 @@ public class FeignRequestInterceptor implements RequestInterceptor
// 配置客户端IP
requestTemplate.header("X-Forwarded-For", IpUtils.getIpAddr(ServletUtils.getRequest()));
}
}
}
Write Preview
Loading…
Cancel
Save