File tree 2 files changed +13
-0
lines changed
src/main/java/com/fasterxml/jackson/databind/jsontype/impl
2 files changed +13
-0
lines changed Original file line number Diff line number Diff line change @@ -3,6 +3,13 @@ Project: jackson-databind
33=== Releases ===
44------------------------------------------------------------------------
55
6+ Unreleased but backported
7+
8+ #2410: Block one more gadget type (CVE-2019-14540)
9+ (reported by iSafeBlue@github /
[email protected] )
10+ #2420: Block one more gadget type (no CVE allocated yet)
11+ 12+
6132.8.11.4 (25-Jul-2019)
714
815#2334: Block one more gadget type (CVE-2019-12384)
Original file line number Diff line number Diff line change @@ -98,6 +98,12 @@ public class SubTypeValidator
9898 // [databind#2389]: logback/jndi
9999 s .add ("ch.qos.logback.core.db.JNDIConnectionSource" );
100100
101+ // [databind#2410]: HikariCP/metricRegistry config
102+ s .add ("com.zaxxer.hikari.HikariConfig" );
103+
104+ // [databind#2420]: CXF/JAX-RS provider/XSLT
105+ s .add ("org.apache.cxf.jaxrs.provider.XSLTJaxbProvider" );
106+
101107 DEFAULT_NO_DESER_CLASS_NAMES = Collections .unmodifiableSet (s );
102108 }
103109
You can’t perform that action at this time.
0 commit comments