Skip to content

Commit

Permalink
MNSTR-5023 backport security fix from jackson2
Browse files Browse the repository at this point in the history
  • Loading branch information
tkanafa-atlassian committed Apr 20, 2021
1 parent 4fca498 commit 36338a5
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
1 change: 1 addition & 0 deletions release-notes/VERSION
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ One more patch release for 1.9.
* [databind#2462]: Block two more gadget types (commons-configuration/-2, CVE-2019-14892)
* [databind#2469]: Block one more gadget type (xalan2, might be related to CVE-2019-14893)
* [databind#2704]: Block one more gadget type (xalan2, CVE-2020-14062)
* [databind#2765]: Block one more gadget type (org.jsecurity, 2020-14195)

1.9.13 (14-Jul-2013)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,9 @@ public class SubTypeValidator
s.add("oracle.jms.AQjmsXAQueueConnectionFactory");
s.add("oracle.jms.AQjmsXAConnectionFactory");

// [databind#2764]: org.jsecurity:
s.add("org.jsecurity.realm.jndi.JndiRealmFactory");

DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
}

Expand Down

0 comments on commit 36338a5

Please sign in to comment.