packages/jackson-databind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
jackson-databind/CVE-2019-20330.patch
wangxiao65 76636253c8 fix cves
2020-09-20 00:02:00 +08:00

28 lines
1.2 KiB
Diff
Raw Blame History

From fc4214a883dc087070f25da738ef0d49c2f3387e Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Fri, 1 Nov 2019 11:12:37 -0700
Subject: [PATCH] Fix #2526
---
.../jackson/databind/jsontype/impl/SubTypeValidator.java | 4 ++++
1 files changed, 4 insertions(+)
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index 52882670c..1b616b26a 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -121,6 +121,10 @@ public class SubTypeValidator
s.add("org.apache.log4j.receivers.db.DriverManagerConnectionSource");
s.add("org.apache.log4j.receivers.db.JNDIConnectionSource");
+ // [databind#2526]: some more ehcache
+ s.add("net.sf.ehcache.transaction.manager.selector.GenericJndiSelector");
+ s.add("net.sf.ehcache.transaction.manager.selector.GlassfishSelector");
+
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
}
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink