Merge branch '2.12' into 2.13

Author: cowtowncoder

release-notes/VERSION-2.x

@@ -166,6 +166,13 @@ No changes since 2.13.2.1 but fixed Gradle Module Metadata ("module.json")
   via `AsNull`
 - Add `mvnw` wrapper
 
+2.12.7.1 (12-Oct-2022)
+
+#3582: Add check in `BeanDeserializer._deserializeFromArray()` to prevent
+  use of deeply nested arrays [CVE-2022-42004]
+#3590: Add check in primitive value deserializers to avoid deep wrapper array
+  nesting wrt `UNWRAP_SINGLE_VALUE_ARRAYS` [CVE-2022-42003]
+
 2.12.7 (26-May-2022)
 
 #2816: Optimize UntypedObjectDeserializer wrt recursion [CVE-2020-36518]