rpms / rh-maven35-jackson-databind

Clone
Source Code
GIT

Blame SOURCES/CVE-2020-11620.patch

c7
  1.   c7
  2.   SOURCES
  3.   CVE-2020-11620.patch
Blob History Raw
6a8cc2
6a8cc2 
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-11620
6a8cc2
6a8cc2 
https://github.com/FasterXML/jackson-databind/commit/77040d85e3eb6710508e6445640ae1a3d5e60c22
6a8cc2
6a8cc2 
--- jackson-databind-jackson-databind-2.7.6/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java.cve11620
6a8cc2 
+++ jackson-databind-jackson-databind-2.7.6/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
6a8cc2 
@@ -107,6 +107,9 @@
6a8cc2 
         // [databind#2666]: apache/commons-jms
6a8cc2 
         s.add("org.apache.commons.proxy.provider.remoting.RmiProvider");
6a8cc2
6a8cc2 
+        // [databind#2682]: commons-jelly
6a8cc2 
+        s.add("org.apache.commons.jelly.impl.Embedded");
6a8cc2 
+
6a8cc2 
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
6a8cc2 
     }
6a8cc2

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation