Fix #2854

cowtowncoder · cowtowncoder · commit 7dbf51bf78d1 · 2020-09-17T20:11:25.000-07:00
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -4,6 +4,11 @@ Project: jackson-databind
 === Releases === 
 ------------------------------------------------------------------------
 
+2.9.10.7 (not yet released)
+
+#2854: Block one more gadget type (javax.swing, CVE-2020-xxx)
+ (reported by Yangkun(ICSL))
+
 2.9.10.6 (24-Aug-2020)
 
 #2798: Block one more gadget type (xxx, CVE-xxxx-xxx)
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -143,8 +143,9 @@ public class SubTypeValidator
         // [databind#2814]: anteros-dbcp
         s.add("br.com.anteros.dbcp.AnterosDBCPDataSource");
 
-        // [databind#2642]: javax.swing (jdk)
+        // [databind#2642][databind#2854]: javax.swing (jdk)
         s.add("javax.swing.JEditorPane");
+        s.add("javax.swing.JTextPane");
 
         // [databind#2648], [databind#2653]: shire-core
         s.add("org.apache.shiro.realm.jndi.JndiRealmFactory");
