File tree 2 files changed +14
-1
lines changed
2 files changed +14
-1
lines changed Original file line number Diff line number Diff line change @@ -504,6 +504,10 @@ Kevin Hogeland (khogeland@github)
504504 * Reported #1501: `ArrayIndexOutOfBoundsException` on non-static inner class constructor
505505 (2.7.9)
506506
507+ 508+ * Reported #2389: Block one more gadget type (CVE-2019-14361)
509+ (2.7.9.6)
510+
507511Artur Jonkisz (ajonkisz@github)
508512 * Reported #960: `@JsonCreator` not working on a factory with no arguments for ae enum type
509513 (2.8.0)
Original file line number Diff line number Diff line change @@ -14,6 +14,7 @@ Project: jackson-databind
1414#2331 : `JsonMappingException` through nested getter with generic wildcard return type
1515#2387 : Block yet another deserialization gadget (CVE-2019 -14379 )
1616#2389 : Block yet another deserialization gadget (CVE-2019 -14361 )
17+ (reported by xiexq)
1718
18192.9.9.1 (03 -Jul-2019 )
1920
@@ -353,9 +354,17 @@ Project: jackson-databind
353354 `MapperFeature.ALLOW_COERCION_OF_SCALARS`
354355 (requested by magdel@github)
355356
357+ 2.8.11.4 (25-Jul-2019)
358+
359+ #2334: Block one more gadget type (CVE-2019-12384)
360+ #2341: Block one more gadget type (CVE-2019-12814)
361+ #2387: Block one more gadget type (CVE-2019-14379)
362+ #2389: Block one more gadget type (CVE-2019-14361)
363+ (reported by xiexq)
364+
3563652.8.11.3 (23-Nov-2018)
357366
358- #2326: Block class for CVE-2019-12086
367+ #2326: Block one more gadget type ( CVE-2019-12086)
359368 (contributed by MaximilianTews@github)
360369
3613702.8.11.2 (08-Jun-2018)
You can’t perform that action at this time.
0 commit comments