Skip to content

Commit ce50e4c

Browse files
committed
Merge branch '2.12' into 2.13
2 parents 419180c + f5a84a5 commit ce50e4c

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

release-notes/VERSION-2.x

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -166,6 +166,13 @@ No changes since 2.13.2.1 but fixed Gradle Module Metadata ("module.json")
166166
via `AsNull`
167167
- Add `mvnw` wrapper
168168

169+
2.12.7.1 (12-Oct-2022)
170+
171+
#3582: Add check in `BeanDeserializer._deserializeFromArray()` to prevent
172+
use of deeply nested arrays [CVE-2022-42004]
173+
#3590: Add check in primitive value deserializers to avoid deep wrapper array
174+
nesting wrt `UNWRAP_SINGLE_VALUE_ARRAYS` [CVE-2022-42003]
175+
169176
2.12.7 (26-May-2022)
170177

171178
#2816: Optimize UntypedObjectDeserializer wrt recursion [CVE-2020-36518]

0 commit comments

Comments
 (0)