diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
index 41b686ad15..55fd50aec7 100644
--- a/release-notes/VERSION-2.x
+++ b/release-notes/VERSION-2.x
@@ -4,6 +4,11 @@ Project: jackson-databind
 === Releases === 
 ------------------------------------------------------------------------
 
+2.9.10.7 (not yet released)
+
+#2854: Block one more gadget type (javax.swing, CVE-2020-xxx)
+ (reported by Yangkun(ICSL))
+
 2.9.10.6 (24-Aug-2020)
 
 #2798: Block one more gadget type (xxx, CVE-xxxx-xxx)
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index dc706429cf..a8b5cb1ba3 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -143,8 +143,9 @@ public class SubTypeValidator
         // [databind#2814]: anteros-dbcp
         s.add("br.com.anteros.dbcp.AnterosDBCPDataSource");
 
-        // [databind#2642]: javax.swing (jdk)
+        // [databind#2642][databind#2854]: javax.swing (jdk)
         s.add("javax.swing.JEditorPane");
+        s.add("javax.swing.JTextPane");
 
         // [databind#2648], [databind#2653]: shire-core
         s.add("org.apache.shiro.realm.jndi.JndiRealmFactory");