As a part of EAP 7.2.4 there was upgrade of jackson library which disables deserializations of common classes and following exception is thrown:

org.codehaus.jackson.map.JsonMappingException: Illegal type (java.util.ArrayList) to deserialize: prevented for security reasons

This is similar issue which was raised in RHV 3.6 when EAP 6.4.20 was released. This issue was mitigated on RHV side (BZ1580319 and BZ1577407), but AFAIR it was decided that this is only mitigation for EAP 6.4.z and EAP 7 fix will be different and will not break backward compatibility.