Skip to content

Commit 0fc38a7

Browse files
cowtowncodercowtowncoder
committed
Merge branch '2.9' into 2.10
2 parents b83ab88 + f6d9c66 commit 0fc38a7

File tree

2 files changed

+5
-0
lines changed

2 files changed

+5
-0
lines changed

release-notes/VERSION-2.x

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,8 @@ Project: jackson-databind
3838
(reported by Fangrun Li)
3939
#2704: Block one more gadget type (weblogic/oracle-aqjms)
4040
(reported by XuYuanzhen)
41+
#2765: Block one more gadget type (org.jsecurity))
42+
(reported by Al1ex@knownsec)
4143
4244
2.9.10.4 (11-Apr-2020)
4345

src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -194,6 +194,9 @@ public class SubTypeValidator
194194
s.add("oracle.jms.AQjmsXAQueueConnectionFactory");
195195
s.add("oracle.jms.AQjmsXAConnectionFactory");
196196

197+
// [databind#2764]: org.jsecurity:
198+
s.add("org.jsecurity.realm.jndi.JndiRealmFactory");
199+
197200
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
198201
}
199202

0 commit comments

Comments
 (0)