Add java.util.UUID to trusted classes in Jackson serializer

This class is safe to deserialize according to Jackson: https://github.com/FasterXML/jackson-databind/blob/master/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java This also has been checked against Jackson 2.11 to confirm the backport of this enhancement to 4.3.x. Resolves #4110
spring-projects · May 17, 2022 · c0b8211 · c0b8211 · junyongz · Aug 1, 2022
1 parent 72d9177
commit c0b8211
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/...g/springframework/batch/core/repository/dao/Jackson2ExecutionContextStringSerializer.java b/...g/springframework/batch/core/repository/dao/Jackson2ExecutionContextStringSerializer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2021 the original author or authors.
+ * Copyright 2008-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -257,6 +257,7 @@ protected TypeIdResolver idResolver(MapperConfig<?> config,
      */
     static class TrustedTypeIdResolver implements TypeIdResolver {
         private static final Set<String> TRUSTED_CLASS_NAMES = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
+                "java.util.UUID",
                 "java.util.ArrayList",
                 "java.util.Arrays$ArrayList",
                 "java.util.LinkedList",