On behalf of the Spring Integration team, I am pleased to announce that the 4.3.11.RELEASE of Spring Integration is now available.
This release contains a few important bug fixes as well as a couple of improvements. In particular it contains a fix for the Jackson Serialization Gadgets vulnerability. Hence introduced in the version 4.3.10 custom
ObjectMapper utility doesn’t allow now to deserialize objects in the untrusted packages. The set of trusted packages can be configured or you can use
* to trust all. See
JacksonJsonUtils.messagingAwareMapper() for more information.