From c66d4ee92ffbfac74f62349451501e0635841c1d Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Mon, 24 Aug 2020 15:19:43 -0700
Subject: [PATCH 1/5] Prepare for 2.9.10.6 release

---
 pom.xml                   | 2 +-
 release-notes/VERSION-2.x | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 6bf7d8d48a..38cd09b9dd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.fasterxml.jackson</groupId>
     <artifactId>jackson-base</artifactId>
-    <version>2.9.10.20200621</version>
+    <version>2.9.10.20200824</version>
   </parent>
 
   <groupId>com.fasterxml.jackson.core</groupId>
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
index c24809b05a..3c6724f353 100644
--- a/release-notes/VERSION-2.x
+++ b/release-notes/VERSION-2.x
@@ -4,7 +4,7 @@ Project: jackson-databind
 === Releases === 
 ------------------------------------------------------------------------
 
-2.9.10.6 (not yet released)
+2.9.10.6 (24-Aug-2020)
 
 #2798: Block one more gadget type (xxx, CVE-xxxx-xxx)
  (reported by Al1ex@knownsec)

From f797abcbf63fa4b5faf20a2f567c29d1e513b450 Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Mon, 24 Aug 2020 15:20:53 -0700
Subject: [PATCH 2/5] [maven-release-plugin] prepare release
 jackson-databind-2.9.10.6

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 38cd09b9dd..45536723ac 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
 
   <groupId>com.fasterxml.jackson.core</groupId>
   <artifactId>jackson-databind</artifactId>
-  <version>2.9.10.6-SNAPSHOT</version>
+  <version>2.9.10.6</version>
   <name>jackson-databind</name>
   <packaging>bundle</packaging>
   <description>General data-binding functionality for Jackson: works on core streaming API</description>
@@ -21,7 +21,7 @@
     <connection>scm:git:git@github.com:FasterXML/jackson-databind.git</connection>
     <developerConnection>scm:git:git@github.com:FasterXML/jackson-databind.git</developerConnection>
     <url>http://github.com/FasterXML/jackson-databind</url>
-    <tag>HEAD</tag>
+    <tag>jackson-databind-2.9.10.6</tag>
   </scm>
 
   <properties>

From 30f811a6a5e0a43a857eea7826ff56eb863b2988 Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Mon, 24 Aug 2020 15:21:00 -0700
Subject: [PATCH 3/5] [maven-release-plugin] prepare for next development
 iteration

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 45536723ac..57efc169a8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
 
   <groupId>com.fasterxml.jackson.core</groupId>
   <artifactId>jackson-databind</artifactId>
-  <version>2.9.10.6</version>
+  <version>2.9.10.7-SNAPSHOT</version>
   <name>jackson-databind</name>
   <packaging>bundle</packaging>
   <description>General data-binding functionality for Jackson: works on core streaming API</description>
@@ -21,7 +21,7 @@
     <connection>scm:git:git@github.com:FasterXML/jackson-databind.git</connection>
     <developerConnection>scm:git:git@github.com:FasterXML/jackson-databind.git</developerConnection>
     <url>http://github.com/FasterXML/jackson-databind</url>
-    <tag>jackson-databind-2.9.10.6</tag>
+    <tag>HEAD</tag>
   </scm>
 
   <properties>

From 2d6d4b9e063800332256e7730eef88afb2db808d Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Wed, 26 Aug 2020 09:42:49 -0700
Subject: [PATCH 4/5] add cve id for db/2814 issue in release notes

---
 release-notes/VERSION-2.x | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
index 3c6724f353..41b686ad15 100644
--- a/release-notes/VERSION-2.x
+++ b/release-notes/VERSION-2.x
@@ -8,7 +8,7 @@ Project: jackson-databind
 
 #2798: Block one more gadget type (xxx, CVE-xxxx-xxx)
  (reported by Al1ex@knownsec)
-#2814: Block one more gadget type (xxx, CVE-xxxx-xxx)
+#2814: Block one more gadget type (Anteros-DBCP, CVE-2020-24616)
  (reported by ChenZhaojun)
 #2826: Block one more gadget type (xxx, CVE-xxxx-xxx)
  (reported by ChenZhaojun)

From 7dbf51bf78d157098074a20bd9da39bd48c18e4a Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Thu, 17 Sep 2020 20:11:25 -0700
Subject: [PATCH 5/5] Fix #2854

---
 release-notes/VERSION-2.x                                    | 5 +++++
 .../jackson/databind/jsontype/impl/SubTypeValidator.java     | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
index 41b686ad15..55fd50aec7 100644
--- a/release-notes/VERSION-2.x
+++ b/release-notes/VERSION-2.x
@@ -4,6 +4,11 @@ Project: jackson-databind
 === Releases === 
 ------------------------------------------------------------------------
 
+2.9.10.7 (not yet released)
+
+#2854: Block one more gadget type (javax.swing, CVE-2020-xxx)
+ (reported by Yangkun(ICSL))
+
 2.9.10.6 (24-Aug-2020)
 
 #2798: Block one more gadget type (xxx, CVE-xxxx-xxx)
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index dc706429cf..a8b5cb1ba3 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -143,8 +143,9 @@ public class SubTypeValidator
         // [databind#2814]: anteros-dbcp
         s.add("br.com.anteros.dbcp.AnterosDBCPDataSource");
 
-        // [databind#2642]: javax.swing (jdk)
+        // [databind#2642][databind#2854]: javax.swing (jdk)
         s.add("javax.swing.JEditorPane");
+        s.add("javax.swing.JTextPane");
 
         // [databind#2648], [databind#2653]: shire-core
         s.add("org.apache.shiro.realm.jndi.JndiRealmFactory");