File tree 2 files changed +8
-1
lines changed
src/main/java/com/fasterxml/jackson/databind/jsontype/impl
2 files changed +8
-1
lines changed Original file line number Diff line number Diff line change @@ -8,7 +8,9 @@ Project: jackson-databind
88
99#2986 : Block two more gadget types (commons-dbcp2, CVE-2020 -35490 /CVE-2020 -35491 )
1010 (reported by Al1ex@knownsec)
11- #2996 : Block 2 more gadget types (placeholder)
11+ #2996 : Block 2 more gadget types (newrelic-agent)
12+ (reported by Al1ex@knownsec)
13+ #2997 : Block 2 more gadget types (tomcat/naming-factory-dbcp)
1214 (reported by Al1ex@knownsec)
1315
14162.9.10.7 (02 -Dec-2020 )
Original file line number Diff line number Diff line change @@ -216,6 +216,11 @@ public class SubTypeValidator
216216 s .add ("com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource" );
217217 s .add ("com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource" );
218218
219+ // [databind#2997]: tomcat/naming-factory-dbcp (embedded dbcp 1.x)
220+ // (derivative of #2478)
221+ s .add ("org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource" );
222+ s .add ("org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource" );
223+
219224 DEFAULT_NO_DESER_CLASS_NAMES = Collections .unmodifiableSet (s );
220225 }
221226
You can’t perform that action at this time.
0 commit comments