packages/jackson-databind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
jackson-databind/CVE-2019-14540.patch
wangxiao65 76636253c8 fix cves
2020-09-20 00:02:00 +08:00

30 lines
1.1 KiB
Diff
Raw Blame History

From d4983c740fec7d5576b207a8c30a63d3ea7443de Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Fri, 9 Aug 2019 16:37:40 -0700
Subject: [PATCH] Fix #2410 #2420
---
.../jackson/databind/jsontype/impl/SubTypeValidator.java | 6 ++++++
1 files changed, 6 insertions(+)
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index 93182b5f4..0abadfdf3 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -96,6 +96,12 @@ public class SubTypeValidator
// [databind#2389]: logback/jndi
s.add("ch.qos.logback.core.db.JNDIConnectionSource");
+ // [databind#2410]: HikariCP/metricRegistry config
+ s.add("com.zaxxer.hikari.HikariConfig");
+
+ // [databind#2420]: CXF/JAX-RS provider/XSLT
+ s.add("org.apache.cxf.jaxrs.provider.XSLTJaxbProvider");
+
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
}
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink