Merge branch '2.7' into 2.8
diff --git a/release-notes/VERSION b/release-notes/VERSION
index 60f84df..b2c8243 100644
--- a/release-notes/VERSION
+++ b/release-notes/VERSION
@@ -9,14 +9,8 @@
2.8.11.3 (23-Nov-2018)
-#2097: Block more classes from polymorphic deserialization (CVE-2018-14718
- - CVE-2018-14721)
- (reported by Guixiong Wu)
-#2109: Canonical string for reference type is built incorrectly
- (reported by svarzee@github)
-#2186: Block more classes from polymorphic deserialization (CVE-2018-19360,
- CVE-2018-19361, CVE-2018-19362)
- (reported by Guixiong Wu)
+#2326: Block class for CVE-2019-12086
+ (contributed by MaximilianTews@github)
2.8.11.2 (08-Jun-2018)
@@ -252,6 +246,17 @@
#1277: Add caching of resolved generic types for `TypeFactory`
(requested by Andriy P)
+2.7.9.5 (23-Nov-2018)
+
+#2097: Block more classes from polymorphic deserialization (CVE-2018-14718
+ - CVE-2018-14721)
+ (reported by Guixiong Wu)
+#2109: Canonical string for reference type is built incorrectly
+ (reported by svarzee@github)
+#2186: Block more classes from polymorphic deserialization (CVE-2018-19360,
+ CVE-2018-19361, CVE-2018-19362)
+ (reported by Guixiong Wu)
+
2.7.9 (04-Feb-2017)
#1367: No Object Id found for an instance when using `@ConstructorProperties`
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index 6f66323..04db3ad 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -82,7 +82,7 @@
s.add("org.apache.openjpa.ee.JNDIManagedRuntime");
s.add("org.apache.axis2.transport.jms.JMSOutTransportInfo");
- // [databind#2326] (2.9.9): one more 3rd party gadget
+ // [databind#2326] (2.8.11.4: one more 3rd party gadget
s.add("com.mysql.cj.jdbc.admin.MiniAdmin");
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);