aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--release-notes/VERSION2
-rw-r--r--src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java4
2 files changed, 6 insertions, 0 deletions
diff --git a/release-notes/VERSION b/release-notes/VERSION
index 268f90767..8d154e031 100644
--- a/release-notes/VERSION
+++ b/release-notes/VERSION
@@ -16,6 +16,8 @@ Unreleased but backported
#2469: Block one more gadget type (xalan2)
#2478: Block two more gadget types (commons-dbcp, p6spy, CVE-2019-16942 / CVE-2019-16943)
#2498: Block one more gadget type (log4j-extras/1.2, CVE-2019-17531)
+#2526: Block two more gadget types (ehcache/JNDI - CVEs to be allocated)
+ (repoerted by UltramanGaia)
2.8.11.4 (25-Jul-2019)
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index 52882670c..1b616b26a 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -123,6 +123,10 @@ public class SubTypeValidator
s.add("org.apache.log4j.receivers.db.DriverManagerConnectionSource");
s.add("org.apache.log4j.receivers.db.JNDIConnectionSource");
+ // [databind#2526]: some more ehcache
+ s.add("net.sf.ehcache.transaction.manager.selector.GenericJndiSelector");
+ s.add("net.sf.ehcache.transaction.manager.selector.GlassfishSelector");
+
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 15:47:16 +0000