Ana Sayfa Keşfet Yardım
Giriş Yap
airport
/
airport-server
İzle 2
Yıldızla 0
Çatalla 0
Files Sorunlar 0 Değişiklik İstekleri 0 Wiki
Kaynağa Gözat

velocity剔除commons-collections版本,防止3.2.1版本的反序列化漏洞

RuoYi 5 yıl önce
ebeveyn
6ad1df166b
işleme
41fa57d778
3 değiştirilmiş dosya ile 7 ekleme ve 5 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 6 0
      pom.xml
  2. 1 3
      ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/controller/BaseController.java
  3. 0 2
      ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/FeignRequestInterceptor.java

+ 6 - 0
pom.xml
Dosyayı Görüntüle 

@@ -142,6 +142,12 @@
142 142 
                 <groupId>org.apache.velocity</groupId>
143 143 
                 <artifactId>velocity</artifactId>
144 144 
                 <version>${velocity.version}</version>
145 
+                <exclusions>
146 
+                    <exclusion>
147 
+                        <groupId>commons-collections</groupId>
148 
+                        <artifactId>commons-collections</artifactId>
149 
+                    </exclusion>
150 
+                </exclusions>
145 151 
             </dependency>
146 152
147 153 
             <!-- JSON 解析器和生成器 -->

+ 1 - 3
ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/controller/BaseController.java
Dosyayı Görüntüle 

@@ -3,12 +3,10 @@ package com.ruoyi.common.core.web.controller;
3 3 
 import java.beans.PropertyEditorSupport;
4 4 
 import java.util.Date;
5 5 
 import java.util.List;
6 
-
7 6 
 import org.slf4j.Logger;
8 7 
 import org.slf4j.LoggerFactory;
9 8 
 import org.springframework.web.bind.WebDataBinder;
10 9 
 import org.springframework.web.bind.annotation.InitBinder;
11 
-
12 10 
 import com.github.pagehelper.PageHelper;
13 11 
 import com.github.pagehelper.PageInfo;
14 12 
 import com.ruoyi.common.core.constant.HttpStatus;

@@ -27,7 +25,7 @@ import com.ruoyi.common.core.web.page.TableSupport;
27 25 
  */
28 26 
 public class BaseController
29 27 
 {
30 
-    protected final Logger logger = LoggerFactory.getLogger(BaseController.class);
28 
+    protected final Logger logger = LoggerFactory.getLogger(this.getClass());
31 29
32 30 
     /**
33 31 
      * 将前台传递过来的日期格式的字符串,自动转化为Date类型

+ 0 - 2
ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/FeignRequestInterceptor.java
Dosyayı Görüntüle 

@@ -2,7 +2,6 @@ package com.ruoyi.common.security.feign;
2 2
3 3 
 import java.util.Map;
4 4 
 import javax.servlet.http.HttpServletRequest;
5 
-
6 5 
 import com.ruoyi.common.core.utils.ip.IpUtils;
7 6 
 import org.springframework.stereotype.Component;
8 7 
 import com.ruoyi.common.core.constant.CacheConstants;

@@ -45,7 +44,6 @@ public class FeignRequestInterceptor implements RequestInterceptor
45 44
46 45 
             // 配置客户端IP
47 46 
             requestTemplate.header("X-Forwarded-For", IpUtils.getIpAddr(ServletUtils.getRequest()));
48 
-
49 47 
         }
50 48 
     }
51 49 
 }