Blame SOURCES/CVE-2019-14379.patch

1775a0
--- jackson-databind-jackson-databind-2.7.6/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java.orig	2019-09-05 10:22:43.429446495 +0200
1775a0
+++ jackson-databind-jackson-databind-2.7.6/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java	2019-09-05 10:33:48.325482004 +0200
1775a0
@@ -76,6 +76,12 @@
1775a0
         // [databind#2334] (2.9.9.1): logback-core
1775a0
         s.add("ch.qos.logback.core.db.DriverManagerConnectionSource");
1775a0
 
1775a0
+        // [databind#2387]: EHCache
1775a0
+        s.add("net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup");
1775a0
+
1775a0
+        // [databind#2389]: logback/jndi
1775a0
+        s.add("ch.qos.logback.core.db.JNDIConnectionSource");
1775a0
+
1775a0
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
1775a0
     }
1775a0