Skip to content

Commit a6667bc

Browse files
cowtowncodercowtowncoder
committed
Merge branch '2.10'
2 parents b2c40e7 + a704dc6 commit a6667bc

File tree

2 files changed

+6
-1
lines changed

2 files changed

+6
-1
lines changed

release-notes/VERSION-2.x

+1
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ Project: jackson-databind
5656
2.9.9.1 (not yet released)
5757

5858
#2326: Block one more gadget type (CVE-2019-12384)
59+
#2341: Block one more gadget type (CVE-2019-12814)
5960

6061
2.9.9 (16-May-2019)
6162

src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java

+5-1
Original file line numberDiff line numberDiff line change
@@ -83,9 +83,13 @@ public class SubTypeValidator
8383
// [databind#2326] (2.9.9)
8484
s.add("com.mysql.cj.jdbc.admin.MiniAdmin");
8585

86-
// [databind#2334] (2.9.9.1)
86+
// [databind#2334]: logback-core (2.9.9.1)
8787
s.add("ch.qos.logback.core.db.DriverManagerConnectionSource");
8888

89+
// [databind#2341]: jdom/jdom2 (2.9.9.1)
90+
s.add("org.jdom.transform.XSLTransformer");
91+
s.add("org.jdom2.transform.XSLTransformer");
92+
8993
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
9094
}
9195

0 commit comments

Comments
 (0)