Patch version of 2.8, released on June 12, 2017.

Following fixes are included.

• #382: ArrayIndexOutOfBoundsException from UTF32Reader.read() on invalid input

• #1585: Invoke ServiceLoader.load() inside of a privileged block when loading modules using ObjectMapper.findModules()
• #1595: JsonIgnoreProperties.allowSetters is not working in Jackson 2.8
• #1597: Escape JSONP breaking characters
• #1599: Jackson Deserializer security vulnerability with default typing
• #1607: @JsonIdentityReference not used when setup on class only
• #1629: FromStringDeserializer ignores registered DeserializationProblemHandler for java.util.UUID
• #1642: Support READ_UNKNOWN_ENUM_VALUES_AS_NULL with @JsonCreator
• #1647: Missing properties from base class when recursive types are involved
• #1648: DateTimeSerializerBase ignores configured date format when creating contextual
• #1651: StdDateFormat fails to parse 'zulu' date when TimeZone other than UTC

• #72: parser fails with /* comment */
• #85: _decode32Bits() bug in ProtobufParser

• #228: XmlReadContext should hold current value
• #233: XmlMapper.copy() doesn't properly copy internal configurations

• #50: Duplicate key detection does not work