@JsonView by-passed for unwrapped creator parameters [CVE-2026-54518] by cowtowncoder · Pull Request #5971 · FasterXML/jackson-databind (original) (raw)
added 2 commits
cowtowncoder added a commit that referenced this pull request
Honor the active @JSONVIEW in every property-based-creator buffering path, not just the originally-patched ones (sibling of #5969/#5971):
- BuilderBasedDeserializer._deserializeUsingPropertyBased (regular-property branch)
- BuilderBasedDeserializer.deserializeUsingPropertyBasedWithUnwrapped (creator + regular)
- BeanDeserializer.deserializeUsingPropertyBasedWithUnwrapped (creator + regular)
- BeanDeserializer.deserializeUsingPropertyBasedWithExternalTypeId (creator + regular)
- BeanDeserializer._deserializeRecordForUpdate (creator)
Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com
cowtowncoder added a commit that referenced this pull request
Honor the active @JSONVIEW in every property-based-creator buffering path, not just the originally-patched ones from #5969/#5971
dongjoon-hyun added a commit to apache/spark that referenced this pull request
@JsonView by-passed for unwrapped creator parameters@JsonView by-passed for unwrapped creator parameters [CVE-2026-54518]
Issues related to public CVEs (security vuln reports)
label
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})