From ba1c3b1cdd8d32790508977b93c95bf278e63b05 Mon Sep 17 00:00:00 2001
From: Marek Tokarski <mtokarski@atlassian.com>
Date: Fri, 8 May 2020 11:04:21 +0200
Subject: [PATCH] Block one more gadget type (bus-proxy, CVE-2020-10968)

Merged from FasterXML/jackson-databind#2662
---
 release-notes/VERSION                                       | 1 +
 .../jackson/map/jsontype/impl/SubTypeValidator.java         | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/release-notes/VERSION b/release-notes/VERSION
index bcb8ecb93..e410c9787 100644
--- a/release-notes/VERSION
+++ b/release-notes/VERSION
@@ -56,6 +56,7 @@ One more patch release for 1.9.
 * [databind#2658]: Block one more gadget type (ignite-jta, CVE-2020-10650)
 * [databind#2659]: Block one more gadget type (aries.transaction.jms, CVE-2020-10672)
 * [databind#2660]: Block one more gadget type (caucho-quercus, CVE-2020-10673)
+* [databind#2662]: Block one more gadget type (bus-proxy, CVE-2020-10968)
 
 1.9.13 (14-Jul-2013)
 
diff --git a/src/mapper/java/org/codehaus/jackson/map/jsontype/impl/SubTypeValidator.java b/src/mapper/java/org/codehaus/jackson/map/jsontype/impl/SubTypeValidator.java
index 9b216a0b6..5b8ac0cdd 100644
--- a/src/mapper/java/org/codehaus/jackson/map/jsontype/impl/SubTypeValidator.java
+++ b/src/mapper/java/org/codehaus/jackson/map/jsontype/impl/SubTypeValidator.java
@@ -133,7 +133,11 @@ public class SubTypeValidator
 
         // [databind#2660]: caucho-quercus
         s.add("com.caucho.config.types.ResourceRef");
-        
+
+        // [databind#2662]: aoju/bus-proxy
+        s.add("org.aoju.bus.proxy.provider.RmiProvider");
+        s.add("org.aoju.bus.proxy.provider.remoting.RmiProvider");
+
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
     }