FasterXML CVE fix in EAP 7.2 CP9 breaks RESTEasy PATCH requests
Issue
CVEs fixed in EAP 7.2 CP9 do not allow deserialization of com.github.fge.jsonpatch.CopyOperation
by default, resulting in:
com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Illegal type (com.github.fge.jsonpatch.CopyOperation) to deserialize: prevented for security reasons
Environment
Red Hat JBoss Enterprise Application Platform (EAP) 7.2 CP9
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.