rpms / rh-maven35-jackson-databind

Clone
Source Code
GIT

Blame SOURCES/CVE-2019-17531.patch

c7
  1.   c7
  2.   SOURCES
  3.   CVE-2019-17531.patch
Blob History Raw
e5a8af 
From 91ac9210837f534d47dc7eca35eb77f8b1d94478 Mon Sep 17 00:00:00 2001
e5a8af 
From: Marian Koncek <mkoncek@redhat.com>
e5a8af 
Date: Wed, 4 Dec 2019 16:18:31 +0100
e5a8af 
Subject: [PATCH] CVE-2019-17531
e5a8af
e5a8af 
---
e5a8af 
 .../jackson/databind/jsontype/impl/SubTypeValidator.java      | 4 ++++
e5a8af 
 1 file changed, 4 insertions(+)
e5a8af
e5a8af 
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
e5a8af 
index 64e1373..907adcd 100644
e5a8af 
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
e5a8af 
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
e5a8af 
@@ -82,6 +82,10 @@ public class SubTypeValidator
e5a8af 
         // [databind#2389]: logback/jndi
e5a8af 
         s.add("ch.qos.logback.core.db.JNDIConnectionSource");
e5a8af
e5a8af 
+        // [databind#2498]: log4j-extras (1.2)
e5a8af 
+        s.add("org.apache.log4j.receivers.db.DriverManagerConnectionSource");
e5a8af 
+        s.add("org.apache.log4j.receivers.db.JNDIConnectionSource");
e5a8af 
+
e5a8af 
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
e5a8af 
     }
e5a8af
e5a8af 
--
e5a8af 
2.21.0
e5a8af

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation