Merge branch '2.8' into 2.9

author: Tatu Saloranta <tatu.saloranta@iki.fi> 2020-04-26 10:09:53 -0700
committer: Tatu Saloranta <tatu.saloranta@iki.fi> 2020-04-26 10:09:53 -0700
commit: 716f3f95fb82c686cc20d7255665de54c5330fa7 (patch)
tree: c3c8907a790b8e31cbc235e8a0378369b8605bfc /release-notes
parent: 2ee56b85b9b621ecb5a24da46303dbc80651259e (diff)
parent: f9a9122f78d145084b3f2dc2cd982f2ed3cbd199 (diff)
download: jackson-databind-716f3f95fb82c686cc20d7255665de54c5330fa7.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
index 340aa8b27..dff131705 100644
--- a/release-notes/VERSION-2.x
+++ b/release-notes/VERSION-2.x
@@ -440,9 +440,9 @@ Project: jackson-databind
 #1872: `NullPointerException` in `SubTypeValidator.validateSubType` when
   validating Spring interface
  (reported by Rob W)
-#1899: Another two gadgets to exploit default typing issue in jackson-databind
+#1899: Another two gadgets to exploit default typing issue (CVE-2018-5968)
  (reported by OneSourceCat@github)
-#1931: Two more `c3p0` gadgets to exploit default typing issue
+#1931: Two more `c3p0` gadgets to exploit default typing issue (c3p0, CVE-2018-7489)
 
 2.8.11 (24-Dec-2017)
author	Tatu Saloranta <tatu.saloranta@iki.fi>	2020-04-26 10:09:53 -0700
committer	Tatu Saloranta <tatu.saloranta@iki.fi>	2020-04-26 10:09:53 -0700
commit	716f3f95fb82c686cc20d7255665de54c5330fa7 (patch)
tree	c3c8907a790b8e31cbc235e8a0378369b8605bfc /release-notes
parent	2ee56b85b9b621ecb5a24da46303dbc80651259e (diff)
parent	f9a9122f78d145084b3f2dc2cd982f2ed3cbd199 (diff)
download	jackson-databind-716f3f95fb82c686cc20d7255665de54c5330fa7.tar.gz