FasterXML CVE fix in EAP 7.2 CP9 breaks RESTEasy PATCH requests

Solution Verified - Updated -

Issue

CVEs fixed in EAP 7.2 CP9 do not allow deserialization of com.github.fge.jsonpatch.CopyOperation by default, resulting in:

com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Illegal type (com.github.fge.jsonpatch.CopyOperation) to deserialize: prevented for security reasons

Environment

Red Hat JBoss Enterprise Application Platform (EAP) 7.2 CP9

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In