Skip to content

Commit

Permalink
Fixing issues #2631 and #2634
Browse files Browse the repository at this point in the history
  • Loading branch information
cowtowncoder committed Mar 10, 2020
1 parent 9bb52c7 commit 1e64db6
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
4 changes: 4 additions & 0 deletions release-notes/VERSION
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ Project: jackson-databind

2.7.9.7 (not yet released)

#2631: Block one more gadget type (shaded-hikari-config, CVE-to-be-allocated)
(reported by threedr3am & LFY)
#2634: Block two more gadget types (ibatis-sqlmap, anteros-core; CVE-to-be-allocated)
(reported by threedr3am & V1ZkRA)
#2410: Block one more gadget type (HikariCP, CVE-2019-14540)
#2420: Block one more gadget type (cxf-jax-rs, no CVE allocated yet)
#2449: Block one more gadget type (HikariCP, CVE-2019-14439 / CVE-2019-16335)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,14 @@ public class SubTypeValidator

// [databind#2620]: xbean-reflect
s.add("org.apache.xbean.propertyeditor.JndiConverter");


// [databind#2631]: shaded hikari-config
s.add("org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig");

// [databind#2634]: ibatis-sqlmap, anteros-core
s.add("com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig");
s.add("br.com.anteros.dbcp.AnterosDBCPConfig");

DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
}

Expand Down

0 comments on commit 1e64db6

Please sign in to comment.