Skip to content

Commit

Permalink
Fix #2642
Browse files Browse the repository at this point in the history
  • Loading branch information
cowtowncoder committed Mar 4, 2020
1 parent 9f4e970 commit 4d038c9
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
6 changes: 4 additions & 2 deletions release-notes/VERSION-2.x
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,12 @@ Project: jackson-databind

2.9.10.4 (not yet released)

#2631: Block one more gadget type (shaded-hikari-config, CVE-to-be-allocated)
#2631: Block one more gadget type (shaded-hikari-config, CVE-2020-9546)
(reported by threedr3am & LFY)
#2634: Block two more gadget types (ibatis-sqlmap, anteros-core; CVE-to-be-allocated)
#2634: Block two more gadget types (ibatis-sqlmap, anteros-core; CVE-2020-9547 / CVE-2020-9548)
(reported by threedr3am & V1ZkRA)
#2642: Block one more gadget type (javax.swing, CVE-to-be-allocated) #2642
(reported by threedr3am)

2.9.10.3 (23-Feb-2020)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,9 @@ public class SubTypeValidator
s.add("com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig");
s.add("br.com.anteros.dbcp.AnterosDBCPConfig");

// [databind#2642]: javax.swing (jdk)
s.add("javax.swing.JEditorPane");

DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
}

Expand Down

0 comments on commit 4d038c9

Please sign in to comment.