FasterXML CVE fix in EAP 7.2 CP9 breaks RESTEasy PATCH requests

Solution Verified - Updated -

Issue

CVEs fixed in EAP 7.2 CP9 do not allow deserialization of com.github.fge.jsonpatch.CopyOperation by default, resulting in:

com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Illegal type (com.github.fge.jsonpatch.CopyOperation) to deserialize: prevented for security reasons

Environment

Red Hat JBoss Enterprise Application Platform (EAP) 7.2 CP9

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In