From 9502203bbee72439c8f54aa692958f443a2ceeeb Mon Sep 17 00:00:00 2001
From: 若依 <yzz_ivy@163.com>
Date: Sun, 14 Mar 2021 16:32:07 +0800
Subject: [PATCH] !187 【漏洞修复】升级commons-collections版本，解决3.2.1版本的反序列化漏洞问题 Merge pull request !187 from Delusive/master

---
 pom.xml |   16 +++++++++++++---
 1 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index a4309d8..ecc6df1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,8 +24,8 @@
 		<kaptcha.version>2.3.2</kaptcha.version>
         <pagehelper.boot.version>1.3.0</pagehelper.boot.version>
         <fastjson.version>1.2.75</fastjson.version>
-        <oshi.version>5.3.6</oshi.version>
-        <jna.version>5.6.0</jna.version>
+        <oshi.version>5.6.0</oshi.version>
+        <jna.version>5.7.0</jna.version>
         <commons.io.version>2.5</commons.io.version>
         <commons.fileupload.version>1.3.3</commons.fileupload.version>
         <poi.version>4.1.2</poi.version>
@@ -136,8 +136,18 @@
                 <groupId>org.apache.velocity</groupId>
                 <artifactId>velocity</artifactId>
                 <version>${velocity.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>commons-collections</groupId>
+                        <artifactId>commons-collections</artifactId>
+                    </exclusion>
+                </exclusions>
             </dependency>
-	        
+            <dependency>
+                <groupId>commons-collections</groupId>
+                <artifactId>commons-collections</artifactId>
+                <version>3.2.2</version>
+            </dependency>
             <!-- 阿里JSON解析器 -->
             <dependency>
                 <groupId>com.alibaba</groupId>

--
Gitblit v1.9.2