Merge branch '2.9' into 2.10

cowtowncoder · cowtowncoder · commit 5d2d7e58fd5e · 2020-03-26T09:37:56.000-07:00
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -192,19 +192,19 @@ Project: jackson-databind
  (reported by threedr3am & LFY)
 #2634: Block two more gadget types (ibatis-sqlmap, anteros-core; CVE-2020-9547 / CVE-2020-9548)
  (reported by threedr3am & V1ZkRA)
-#2642: Block one more gadget type (javax.swing, CVE-to-be-allocated)
+#2642: Block one more gadget type (javax.swing, CVE-2020-10969)
  (reported by threedr3am)
 #2648: Block one more gadget type (shiro-core)
 #2653: Block one more gadget type (shiro-core)
 #2658: Block one more gadget type (ignite-jta, CVE-2020-10650)
  (reported by Srikanth Ramu, threedr3am'follower)
-#2659: Block one more gadget type (aries.transaction.jms)
+#2659: Block one more gadget type (aries.transaction.jms, CVE-2020-10672)
  (reported by Srikanth Ramu)
 #2660: Block one more gadget type (caucho-quercus, CVE-2020-10673)
  (reported by threedr3am'follower)
-#2662: Block one more gadget type (bus-proxy)
+#2662: Block one more gadget type (bus-proxy, CVE-2020-10968)
  (reported by XuYuanzhen)
-#2664: Block one more gadget type (activemq)
+#2664: Block one more gadget type (activemq-pool[-jms])
  (reported by Srikanth Ramu)
 #2666: Block one more gadget type (apache/commons-proxy)
  (reported by Yiting Fan)
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -158,9 +158,18 @@ public class SubTypeValidator
         s.add("org.aoju.bus.proxy.provider.RmiProvider");
         s.add("org.aoju.bus.proxy.provider.remoting.RmiProvider");
 
-        // [databind#2664]: activemq-jms
-        s.add("org.apache.activemq.jms.pool.XaPooledConnectionFactory");
-
+        // [databind#2664]: activemq-core, activemq-pool, activemq-pool-jms
+
+        s.add("org.apache.activemq.ActiveMQConnectionFactory"); // core
+        s.add("org.apache.activemq.ActiveMQXAConnectionFactory");
+        s.add("org.apache.activemq.spring.ActiveMQConnectionFactory");
+        s.add("org.apache.activemq.spring.ActiveMQXAConnectionFactory");
+        s.add("org.apache.activemq.pool.JcaPooledConnectionFactory"); // pool
+        s.add("org.apache.activemq.pool.PooledConnectionFactory");
+        s.add("org.apache.activemq.pool.XaPooledConnectionFactory");
+        s.add("org.apache.activemq.jms.pool.XaPooledConnectionFactory"); // pool-jms
+        s.add("org.apache.activemq.jms.pool.JcaPooledConnectionFactory");
+        
         // [databind#2666]: apache/commons-jms
         s.add("org.apache.commons.proxy.provider.remoting.RmiProvider");
 
