From bf46ec885b33473077c15e4b46d0ae29c66c1c47 Mon Sep 17 00:00:00 2001
From: Marian Koncek <mkoncek@redhat.com>
Date: Tue, 14 Apr 2020 15:17:34 +0200
Subject: [PATCH] CVE-2020-10969, CVE-2020-11113, CVE-2020-10968,
 CVE-2020-11111, CVE-2020-11112

---
 .../jsontype/impl/SubTypeValidator.java       | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index 907adcd..789be7b 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -86,6 +86,27 @@ public class SubTypeValidator
         s.add("org.apache.log4j.receivers.db.DriverManagerConnectionSource");
         s.add("org.apache.log4j.receivers.db.JNDIConnectionSource");
 
+        // CVE-2020-10969
+        // [databind#2642]: javax.swing (jdk)
+        s.add("javax.swing.JEditorPane");
+
+        // CVE-2020-11113
+        // [databind#2670]
+        s.add("org.apache.openjpa.ee.WASRegistryManagedRuntime");
+
+        // CVE-2020-10968
+        // [databind#2662]: aoju/bus-proxy
+        s.add("org.aoju.bus.proxy.provider.RmiProvider");
+        s.add("org.aoju.bus.proxy.provider.remoting.RmiProvider");
+
+        // CVE-2020-11111
+        // [databind#2664]: activemq-jms
+        s.add("org.apache.activemq.jms.pool.XaPooledConnectionFactory");
+
+        // CVE-2020-11112
+        // [databind#2666]: apache/commons-jms
+        s.add("org.apache.commons.proxy.provider.remoting.RmiProvider");
+
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
     }
 
-- 
2.25.2