From 7dbf51bf78d157098074a20bd9da39bd48c18e4a Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Thu, 17 Sep 2020 20:11:25 -0700
Subject: [PATCH] Fix #2854

---
 release-notes/VERSION-2.x                                    | 5 +++++
 .../jackson/databind/jsontype/impl/SubTypeValidator.java     | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x
index 41b686ad15..55fd50aec7 100644
--- a/release-notes/VERSION-2.x
+++ b/release-notes/VERSION-2.x
@@ -4,6 +4,11 @@ Project: jackson-databind
 === Releases === 
 ------------------------------------------------------------------------
 
+2.9.10.7 (not yet released)
+
+#2854: Block one more gadget type (javax.swing, CVE-2020-xxx)
+ (reported by Yangkun(ICSL))
+
 2.9.10.6 (24-Aug-2020)
 
 #2798: Block one more gadget type (xxx, CVE-xxxx-xxx)
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index dc706429cf..a8b5cb1ba3 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -143,8 +143,9 @@ public class SubTypeValidator
         // [databind#2814]: anteros-dbcp
         s.add("br.com.anteros.dbcp.AnterosDBCPDataSource");
 
-        // [databind#2642]: javax.swing (jdk)
+        // [databind#2642][databind#2854]: javax.swing (jdk)
         s.add("javax.swing.JEditorPane");
+        s.add("javax.swing.JTextPane");
 
         // [databind#2648], [databind#2653]: shire-core
         s.add("org.apache.shiro.realm.jndi.JndiRealmFactory");