Skip to content

Commit 5010c29

Browse files
mtokarski-atlassianmtokarski-atlassian
committed
Block one more gadget type (javax.swing, CVE-2020-10969)
Merged from FasterXML/jackson-databind#2642
1 parent 574f312 commit 5010c29

File tree

2 files changed

+4
-0
lines changed

2 files changed

+4
-0
lines changed

release-notes/VERSION

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,7 @@ One more patch release for 1.9.
5050
* [databind#2620]: Block one more gadget type (xbean-reflect/JNDI - CVE-2020-8840)
5151
* [databind#2631]: Block one more gadget type (shaded-hikari-config, CVE-2020-9546)
5252
* [databind#2634]: Block two more gadget types (ibatis-sqlmap, anteros-core; CVE-2020-9547 / CVE-2020-9548)
53+
* [databind#2642]: Block one more gadget type (javax.swing, CVE-2020-10969)
5354

5455
1.9.13 (14-Jul-2013)
5556

src/mapper/java/org/codehaus/jackson/map/jsontype/impl/SubTypeValidator.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115,6 +115,9 @@ public class SubTypeValidator
115115
s.add("com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig");
116116
s.add("br.com.anteros.dbcp.AnterosDBCPConfig");
117117

118+
// [databind#2642]: javax.swing (jdk)
119+
s.add("javax.swing.JEditorPane");
120+
118121
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
119122
}
120123

0 commit comments

Comments
 (0)