https://bugzilla.redhat.com/show_bug.cgi?id=1549276
--- Comment #59 from Jonathan Christison jochrist@redhat.com --- Mitigation:
Advice on how to remain safe while using JAX-RS webservices on JBoss EAP 7.x is available here:
https://access.redhat.com/solutions/3279231 https://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserializa...
General Mitigation: Try to avoid * Deserialization from sources you do not control * `enableDefaultTyping()` * `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`
java-sig-commits@lists.fedoraproject.org