[ovirt-users] ovirt and jackson security

When I launch ovirt 4.3.6, I see in the command line of the ovirt-engine: -Djackson.deserialization.whitelist.packages=org,com,java,javax That whitelist almost everything. Isn't that dangerous ? When I read this: https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-... I think the white list should be as small as possible.