Merge branch '2.7' into 2.8

commit: 19cd7aec245f8623a505c162bc0383f358dedb47 [log] [tgz]
author: Tatu Saloranta <tatu.saloranta@iki.fi> Thu Jun 07 22:45:52 2018 -0700
committer: Tatu Saloranta <tatu.saloranta@iki.fi> Thu Jun 07 22:45:52 2018 -0700
tree: 57e0ef2e80ba73ec9de59b3fc1f20d0c3f175a1c
parent: 7487cf7eb14be2f65a1eb108e8629c07ef45e0a1 [diff] [blame]
parent: 726cbf9eee0835c71a99d7ddf1515f1dba91d9e7 [diff] [blame]
diff --git a/release-notes/VERSION b/release-notes/VERSION
index b52019b..73d786a 100644
--- a/release-notes/VERSION
+++ b/release-notes/VERSION

@@ -8,7 +8,11 @@
 #1941: `TypeFactory.constructFromCanonical()` throws NPE for Unparameterized
   generic canonical strings
  (reported by ayushgp@github)
-#2032: Blacklist another serialization gadget (ibatis)
+#2032: CVE-2018-11307: Potential information exfiltration with default typing, serialization gadget from MyBatis
+ (reported by Guixiong Wu)
+#2052: CVE-2018-12022: Block polymorphic deserialization of types from Jodd-db library
+ (reported by Guixiong Wu)
+#2058: CVE-2018-12023: Block polymorphic deserialization of types from Oracle JDBC driver
  (reported by Guixiong Wu)
 
 2.8.11.1 (11-Feb-2018)
commit	19cd7aec245f8623a505c162bc0383f358dedb47	[log] [tgz]
author	Tatu Saloranta <tatu.saloranta@iki.fi>	Thu Jun 07 22:45:52 2018 -0700
committer	Tatu Saloranta <tatu.saloranta@iki.fi>	Thu Jun 07 22:45:52 2018 -0700
tree	57e0ef2e80ba73ec9de59b3fc1f20d0c3f175a1c
parent	7487cf7eb14be2f65a1eb108e8629c07ef45e0a1 [diff] [blame]
parent	726cbf9eee0835c71a99d7ddf1515f1dba91d9e7 [diff] [blame]