Branch: refs/heads/3.15 Home: https://github.com/resteasy/resteasy Commit: 75e22768cf987bdf4d234d02ae263a2e4eb70e38 https://github.com/resteasy/resteasy/commit/75e22768cf987bdf4d234d02ae263... Author: James R. Perkins <jperkins(a)redhat.com&gt; Date: 2022-12-19 (Mon, 19 Dec 2022) Changed paths: M providers/yaml/src/main/java/org/jboss/resteasy/plugins/providers/YamlProvider.java M testsuite/integration-tests/src/test/java/org/jboss/resteasy/test/providers/yaml/BadActorYamlProviderTest.java M testsuite/integration-tests/src/test/java/org/jboss/resteasy/test/providers/yaml/resource/AttackVector.java M testsuite/integration-tests/src/test/java/org/jboss/resteasy/test/providers/yaml/resource/MessageResource.java Log Message: ----------- [RESTEASY-3260] Harden the checks to an allow list only and don't just trust java and javax namespaces. https://issues.redhat.com/browse/RESTEASY-3260 Signed-off-by: James R. Perkins <jperkins(a)redhat.com&gt; Commit: 74e1421c59b480906ea863f83af081fcffe6bfff https://github.com/resteasy/resteasy/commit/74e1421c59b480906ea863f83af08... Author: James R. Perkins <jperkins(a)redhat.com&gt; Date: 2022-12-20 (Tue, 20 Dec 2022) Changed paths: M providers/yaml/src/main/java/org/jboss/resteasy/plugins/providers/YamlProvider.java Log Message: ----------- [RESTEASY-3260] Use a regex pattern for matching allowed class names. https://issues.redhat.com/browse/RESTEASY-3260 Commit: 37c187ccd5c6a1ad03fbb665c4906036c7219416 https://github.com/resteasy/resteasy/commit/37c187ccd5c6a1ad03fbb665c4906... Author: James R. Perkins <jperkins(a)redhat.com&gt; Date: 2022-12-21 (Wed, 21 Dec 2022) Changed paths: M providers/yaml/src/main/java/org/jboss/resteasy/plugins/providers/YamlProvider.java M testsuite/integration-tests/src/test/java/org/jboss/resteasy/test/providers/yaml/BadActorYamlProviderTest.java M testsuite/integration-tests/src/test/java/org/jboss/resteasy/test/providers/yaml/resource/AttackVector.java M testsuite/integration-tests/src/test/java/org/jboss/resteasy/test/providers/yaml/resource/MessageResource.java Log Message: ----------- Merge pull request #3374 from jamezp/RESTEASY-3260 [RESTEASY-3260] Harden the checks to an allow list only Compare: https://github.com/resteasy/resteasy/compare/ef9f6049f6d0...37c187ccd5c6