File tree 2 files changed +8
-3
lines changed
src/main/java/com/fasterxml/jackson/databind/jsontype/impl
2 files changed +8
-3
lines changed Original file line number Diff line number Diff line change @@ -11,9 +11,11 @@ Project: jackson-databind
1111#2449: Block one more gadget type (HikariCP, CVE-2019-14439 / CVE-2019-16335)
1212#2462: Block two more gadget types (commons-configuration/-2)
1313#2478: Block two more gadget types (commons-dbcp, p6spy, CVE-2019-16942 / CVE-2019-16943)
14- #2498: Block one more gadget type (apache-log4j-extras/1.2, CVE-2019-17531)
15- #2526: Block two more gadget types (ehcache/JNDI - CVEs to be allocated)
16- (repoerted by UltramanGaia)
14+ #2498: Block one more gadget type (log4j-extras/1.2, CVE-2019-17531)
15+ #2526: Block two more gadget types (ehcache/JNDI, CVE-2019-20330)
16+ (reported by UltramanGaia)
17+ #2620: Block one more gadget type (xbean-reflect/JNDI - CVE-2020-xxxxx)
18+ (reported by threedr3am)
1719
18202.7.9.6 (26-Jul-2019)
1921
Original file line number Diff line number Diff line change @@ -123,6 +123,9 @@ public class SubTypeValidator
123123 s .add ("net.sf.ehcache.transaction.manager.selector.GenericJndiSelector" );
124124 s .add ("net.sf.ehcache.transaction.manager.selector.GlassfishSelector" );
125125
126+ // [databind#2620]: xbean-reflect
127+ s .add ("org.apache.xbean.propertyeditor.JndiConverter" );
128+
126129 DEFAULT_NO_DESER_CLASS_NAMES = Collections .unmodifiableSet (s );
127130 }
128131
You can’t perform that action at this time.
0 commit comments