Fix #2060

Author: cowtowncoder

release-notes/CREDITS-2.x

@@ -797,4 +797,8 @@ Chetan Narsude (243826@github)
   * Reported #2038: JDK Serializing and using Deserialized `ObjectMapper` loses linkage
     back from `JsonParser.getCodec()`
   (2.9.6)
-  
+
+Petar Tahchiev (ptahchiev@github)
+  * Reported #2060: `UnwrappingBeanPropertyWriter` incorrectly assumes the found
+    serializer is of type `UnwrappingBeanSerializer`
+  (2.9.6)

release-notes/VERSION-2.x

@@ -52,6 +52,9 @@ Project: jackson-databind
  (reported by Guixiong Wu)
 #2058: CVE-2018-12023: Block polymorphic deserialization of types from Oracle JDBC driver
  (reported by Guixiong Wu)
+#2060: `UnwrappingBeanPropertyWriter` incorrectly assumes the found serializer is
+  of type `UnwrappingBeanSerializer`
+ (reported by Petar T)
 
 2.9.5 (26-Mar-2018)
 

src/main/java/com/fasterxml/jackson/databind/ser/impl/UnwrappingBeanPropertyWriter.java

@@ -136,7 +136,10 @@ public void assignSerializer(JsonSerializer<Object> ser)
     {
         if (ser != null) {
             NameTransformer t = _nameTransformer;
-            if (ser.isUnwrappingSerializer()) {
+            if (ser.isUnwrappingSerializer()
+                    // as per [databind#2060], need to also check this, in case someone writes
+                    // custom implementation that does not extend standard implementation:
+                    && (ser instanceof UnwrappingBeanSerializer)) {
                 t = NameTransformer.chainedTransformer(t, ((UnwrappingBeanSerializer) ser)._nameTransformer);
             }
             ser = ser.unwrappingSerializer(t);