From 3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7 Mon Sep 17 00:00:00 2001 From: Tatu Saloranta Date: Mon, 10 Aug 2020 19:39:03 -0700 Subject: [PATCH] Add a block for #2814 --- release-notes/VERSION-2.x | 4 +++- .../jackson/databind/jsontype/impl/SubTypeValidator.java | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x index f06b7c5dc0..56375c739f 100644 --- a/release-notes/VERSION-2.x +++ b/release-notes/VERSION-2.x @@ -6,8 +6,10 @@ Project: jackson-databind 2.9.10.6 (not yet released) -#2798: Block one more gadget type (xxx, xxx) +#2798: Block one more gadget type (xxx, CVE-xxxx-xxx) (reported by Al1ex@knownsec) +#2814: Block one more gadget type (xxx, CVE-xxxx-xxx) + (reported by ChenZhaojun) 2.9.10.5 (21-Jun-2020) diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java index d0753df937..d470bb53d5 100644 --- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java +++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java @@ -137,9 +137,11 @@ public class SubTypeValidator // [databind#2631]: shaded hikari-config s.add("org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig"); - // [databind#2634]: ibatis-sqlmap, anteros-core + // [databind#2634]: ibatis-sqlmap, anteros-core/-dbcp s.add("com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig"); s.add("br.com.anteros.dbcp.AnterosDBCPConfig"); + // [databind#2814]: anteros-dbcp + s.add("br.com.anteros.dbcp.AnterosDBCPDataSource"); // [databind#2642]: javax.swing (jdk) s.add("javax.swing.JEditorPane");