diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
index 8d2c562a96..9d6528bfd4 100644
--- a/release-notes/VERSION-2.x
+++ b/release-notes/VERSION-2.x
@@ -59,8 +59,14 @@ Project: jackson-databind
 #2339: Suboptimal return type for `ObjectNode.set()`
  (reported by Victor N)
 
+2.9.9.2 (not yet released)
+
+#2387: Block yet another deserialization gadget (EHCache, CVE-2019-xxxxx?)
+#2389: Block yet another deserialization gadget (Logback, CVE-2019-xxxxx?)
+
 2.9.9.1 (03-Jul-2019)
 
+#2331: `JsonMappingException` through nested getter with generic wildcard return type
 #2334: Block one more gadget type (CVE-2019-12384)
 #2341: Block one more gadget type (CVE-2019-12814)
 #2374: `ObjectMapper. getRegisteredModuleIds()` throws NPE if no modules registered
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index d1aa3a56bc..8116620ee7 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -90,6 +90,12 @@ public class SubTypeValidator
         s.add("org.jdom.transform.XSLTransformer");
         s.add("org.jdom2.transform.XSLTransformer");
 
+        // [databind#2387]: EHCache
+        s.add("net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup");
+
+        // [databind#2389]: logback/jndi
+        s.add("ch.qos.logback.core.db.JNDIConnectionSource");
+
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
     }