From eb254813cc822d0af015ce8fe05febf50721dc53 Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Fri, 1 Nov 2019 11:12:37 -0700
Subject: [PATCH] Fix #2526

---
 release-notes/VERSION                                         | 2 ++
 .../jackson/databind/jsontype/impl/SubTypeValidator.java      | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/release-notes/VERSION b/release-notes/VERSION
index 7cf9342702..293e521bcb 100644
--- a/release-notes/VERSION
+++ b/release-notes/VERSION
@@ -12,6 +12,8 @@ Project: jackson-databind
 #2462: Block two more gadget types (commons-configuration/-2)
 #2478: Block two more gadget types (commons-dbcp, p6spy, CVE-2019-16942 / CVE-2019-16943)
 #2498: Block one more gadget type (apache-log4j-extras/1.2, CVE-2019-17531)
+#2526: Block two more gadget types (ehcache/JNDI - CVEs to be allocated)
+  (repoerted by UltramanGaia)
 
 2.7.9.6 (26-Jul-2019)
 
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index a504d45f01..9b93e9ede2 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -119,6 +119,10 @@ public class SubTypeValidator
         s.add("org.apache.log4j.receivers.db.DriverManagerConnectionSource");
         s.add("org.apache.log4j.receivers.db.JNDIConnectionSource");
 
+        // [databind#2526]: some more ehcache
+        s.add("net.sf.ehcache.transaction.manager.selector.GenericJndiSelector");
+        s.add("net.sf.ehcache.transaction.manager.selector.GlassfishSelector");
+
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
     }