Skip to content

Commit 41b8bdb

Browse files
cowtowncodercowtowncoder
committed
Fixed #2986 
1 parent 7c24053 commit 41b8bdb

File tree

2 files changed

+9
-0
lines changed

2 files changed

+9
-0
lines changed

release-notes/VERSION-2.x

+5
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,11 @@ Project: jackson-databind
44
=== Releases ===
55
------------------------------------------------------------------------
66

7+
2.9.10.8 (not yet released)
8+
9+
#2986: Block two more gadget types
10+
(reported by Al1ex@knownsec)
11+
712
2.9.10.7 (02-Dec-2020)
813

914
#2589: `DOMDeserializer`: setExpandEntityReferences(false) may not prevent

src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java

+4
Original file line numberDiff line numberDiff line change
@@ -207,6 +207,10 @@ public class SubTypeValidator
207207
s.add("com.nqadmin.rowset.JdbcRowSetImpl");
208208
s.add("org.arrah.framework.rdbms.UpdatableJdbcRowsetImpl");
209209

210+
// [databind#2986]: dbcp2
211+
s.add("org.apache.commons.dbcp2.datasources.PerUserPoolDataSource");
212+
s.add("org.apache.commons.dbcp2.datasources.SharedPoolDataSource");
213+
210214
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
211215
}
212216

0 commit comments

Comments
 (0)