Skip to content

Commit

Permalink
Block one more gadget type (apache/commons-proxy, CVE-2020-11112)
Browse files Browse the repository at this point in the history
  • Loading branch information
mtokarski-atlassian committed May 8, 2020
1 parent 71128a4 commit f6bb411
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
1 change: 1 addition & 0 deletions release-notes/VERSION
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ One more patch release for 1.9.
* [databind#2660]: Block one more gadget type (caucho-quercus, CVE-2020-10673)
* [databind#2662]: Block one more gadget type (bus-proxy, CVE-2020-10968)
* [databind#2664]: Block one more gadget type (activemq-pool[-jms], CVE-2020-11111)
* [databind#2666]: Block one more gadget type (apache/commons-proxy, CVE-2020-11112)

1.9.13 (14-Jul-2013)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,9 @@ public class SubTypeValidator
s.add("org.apache.activemq.jms.pool.XaPooledConnectionFactory"); // pool-jms
s.add("org.apache.activemq.jms.pool.JcaPooledConnectionFactory");

// [databind#2666]: apache/commons-jms
s.add("org.apache.commons.proxy.provider.remoting.RmiProvider");

DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
}

Expand Down

0 comments on commit f6bb411

Please sign in to comment.