Add java.util.UUID to trusted classes in Jackson serializer
This class is safe to deserialize according to Jackson: https://github.com/FasterXML/jackson-databind/blob/master/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java This also has been checked against Jackson 2.11 to confirm the backport of this enhancement to 4.3.x. Resolves #4110
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2008-2021 the original author or authors.
|
||||
* Copyright 2008-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -254,6 +254,7 @@ public class Jackson2ExecutionContextStringSerializer implements ExecutionContex
|
||||
*/
|
||||
static class TrustedTypeIdResolver implements TypeIdResolver {
|
||||
private static final Set<String> TRUSTED_CLASS_NAMES = Collections.unmodifiableSet(new HashSet(Arrays.asList(
|
||||
"java.util.UUID",
|
||||
"java.util.ArrayList",
|
||||
"java.util.Arrays$ArrayList",
|
||||
"java.util.LinkedList",
|
||||
|
||||
Reference in New Issue
Block a user