Block one more gadget type (ehcache, CVE-2019-14379)

[Heartway]

Another gadget type reported regarding a class of ehcache package.
See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

---

Fixed in:

• 2.9.10
• 2.8.11.4
• 2.7.9.6
• 2.6.7.3

[cowtowncoder]

Thank you; I'll have a look later tonight.
(mental note: this is the one about ehcache -- need to file another one)

[jdelta-RBS]

This was assigned CVE-2019-14379

[jdelta-RBS]

@cowtowncoder CVE lists 2.9.9.2 as fixing, 2.9.9.1 as affected... would this also affect 2.7.9.5 and 2.8.11.3, with 2.7.9.6 and 2.8.11.4 as fixing versions?

[cowtowncoder]

@jdelta-RBS correct, I backported this to 2.7 and 2.8, released one last micro-patch (will now close those branches). Will add a note on description here.