Skip to content

Commit

Permalink
Merge branch '2.8' into 2.9
Browse files Browse the repository at this point in the history
  • Loading branch information
@cowtowncoder
cowtowncoder committed Jun 1, 2018
2 parents 822d3cb + 7487cf7 commit bf261d4
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
View file
Expand Up @@ -61,6 +61,12 @@ public class SubTypeValidator
// [databind#2032]: more 3rd party; data exfiltration via xml parsed ext entities
s.add("org.apache.ibatis.parsing.XPathParser");

// [databind#2052]: ldap approaches; in all cases LDAP connection String is passed
// and access attempt is made:
s.add("oracle.jdbc.connector.OracleManagedConnectionFactory");
s.add("jodd.db.connection.DataSourceConnectionProvider");
s.add("oracle.jdbc.rowset.OracleJDBCRowSet");

DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
}

Expand Down

0 comments on commit bf261d4

Please sign in to comment.