Merge branch '2.10' into 2.11

FasterXML · Mar 25, 2020 · a1dfaa7 · a1dfaa7
2 parents 0dc7711 + 458541d
commit a1dfaa7
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
@@ -247,6 +247,12 @@ Project: jackson-databind
  (reported by Srikanth Ramu)
 #2660: Block one more gadget type (caucho-quercus, CVE-2020-10673)
  (reported by threedr3am'follower)
+#2662: Block one more gadget type (bus-proxy)
+ (reported by XuYuanzhen)
+#2664: Block one more gadget type (activemq)
+ (reported by Srikanth Ramu)
+#2666: Block one more gadget type (apache/commons-proxy)
+ (reported by Yiting Fan)
 
 2.9.10.3 (23-Feb-2020)
 

diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -153,7 +153,17 @@ public class SubTypeValidator
 
         // [databind#2660]: caucho-quercus
         s.add("com.caucho.config.types.ResourceRef");
-
+
+        // [databind#2662]: aoju/bus-proxy
+        s.add("org.aoju.bus.proxy.provider.RmiProvider");
+        s.add("org.aoju.bus.proxy.provider.remoting.RmiProvider");
+
+        // [databind#2664]: activemq-jms
+        s.add("org.apache.activemq.jms.pool.XaPooledConnectionFactory");
+
+        // [databind#2666]: apache/commons-jms
+        s.add("org.apache.commons.proxy.provider.remoting.RmiProvider");
+
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
     }