diff --git a/SOURCES/CVE-2020_10969-11113-10968-11111-11112.patch b/SOURCES/CVE-2020_10969-11113-10968-11111-11112.patch
new file mode 100644
index 0000000..19f4ef1
--- /dev/null
+++ b/SOURCES/CVE-2020_10969-11113-10968-11111-11112.patch
@@ -0,0 +1,45 @@
+From bf46ec885b33473077c15e4b46d0ae29c66c1c47 Mon Sep 17 00:00:00 2001
+From: Marian Koncek <mkoncek@redhat.com>
+Date: Tue, 14 Apr 2020 15:17:34 +0200
+Subject: [PATCH] CVE-2020-10969, CVE-2020-11113, CVE-2020-10968,
+ CVE-2020-11111, CVE-2020-11112
+
+---
+ .../jsontype/impl/SubTypeValidator.java       | 21 +++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+index 907adcd..789be7b 100644
+--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
++++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+@@ -86,6 +86,27 @@ public class SubTypeValidator
+         s.add("org.apache.log4j.receivers.db.DriverManagerConnectionSource");
+         s.add("org.apache.log4j.receivers.db.JNDIConnectionSource");
+ 
++        // CVE-2020-10969
++        // [databind#2642]: javax.swing (jdk)
++        s.add("javax.swing.JEditorPane");
++
++        // CVE-2020-11113
++        // [databind#2670]
++        s.add("org.apache.openjpa.ee.WASRegistryManagedRuntime");
++
++        // CVE-2020-10968
++        // [databind#2662]: aoju/bus-proxy
++        s.add("org.aoju.bus.proxy.provider.RmiProvider");
++        s.add("org.aoju.bus.proxy.provider.remoting.RmiProvider");
++
++        // CVE-2020-11111
++        // [databind#2664]: activemq-jms
++        s.add("org.apache.activemq.jms.pool.XaPooledConnectionFactory");
++
++        // CVE-2020-11112
++        // [databind#2666]: apache/commons-jms
++        s.add("org.apache.commons.proxy.provider.remoting.RmiProvider");
++
+         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
+     }
+ 
+-- 
+2.25.2
+
diff --git a/SPECS/jackson-databind.spec b/SPECS/jackson-databind.spec
index f0953d2..a4d7de2 100644
--- a/SPECS/jackson-databind.spec
+++ b/SPECS/jackson-databind.spec
@@ -3,7 +3,7 @@
 
 Name:          %{?scl_prefix}jackson-databind
 Version:       2.7.6
-Release:       2.8%{?dist}
+Release:       2.9%{?dist}
 Summary:       General data-binding package for Jackson (2.x)
 License:       ASL 2.0 and LGPLv2+
 URL:           http://wiki.fasterxml.com/JacksonHome
@@ -25,6 +25,7 @@ Patch13:       CVE-2018-19362.patch
 Patch14:       CVE-2019-12384.patch
 Patch15:       CVE-2019-14379.patch
 Patch16:       CVE-2019-17531.patch
+Patch17:       CVE-2020_10969-11113-10968-11111-11112.patch
 
 BuildRequires: %{?scl_prefix}maven-local
 BuildRequires: %{?scl_prefix}mvn(com.fasterxml.jackson:jackson-parent:pom:)
@@ -66,6 +67,7 @@ This package contains javadoc for %{pkg_name}.
 %patch14 -p1
 %patch15 -p1
 %patch16 -p1
+%patch17 -p1
 
 cp -p src/main/resources/META-INF/LICENSE .
 cp -p src/main/resources/META-INF/NOTICE .
@@ -104,6 +106,11 @@ rm src/test/java/com/fasterxml/jackson/databind/ser/TestJdkTypes.java \
 %license LICENSE NOTICE
 
 %changelog
+* Tue Apr 14 2020 Marian Koncek <mkoncek@redhat.com> - 2.7.6-2.9
+- Fix security vulnerabilities
+- Resolves: CVE-2020-10969, CVE-2020-11113, CVE-2020-10968, CVE-2020-11111,
+  CVE-2020-11112
+
 * Wed Dec 04 2019 Marian Koncek <mkoncek@redhat.com> - 2.7.6-2.8
 - Fix CVE-2019-17531