Add java.util.UUID to trusted classes in Jackson serializer

This class is safe to deserialize according to Jackson:
https://github.com/FasterXML/jackson-databind/blob/master/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java

This also has been checked against Jackson 2.11 to confirm
the backport of this enhancement to 4.3.x.

Resolves #4110
This commit is contained in:
Mahmoud Ben Hassine
2022-05-17 11:26:00 +02:00
parent 6c09e95987
commit 1199740407

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2008-2021 the original author or authors.
* Copyright 2008-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -254,6 +254,7 @@ public class Jackson2ExecutionContextStringSerializer implements ExecutionContex
*/
static class TrustedTypeIdResolver implements TypeIdResolver {
private static final Set<String> TRUSTED_CLASS_NAMES = Collections.unmodifiableSet(new HashSet(Arrays.asList(
"java.util.UUID",
"java.util.ArrayList",
"java.util.Arrays$ArrayList",
"java.util.LinkedList",