Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency org.postgresql:postgresql to v42.7.3 #303

Merged
merged 1 commit into from
Mar 15, 2024
Merged

fix(deps): update dependency org.postgresql:postgresql to v42.7.3 #303

merged 1 commit into from
Mar 15, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 15, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.postgresql:postgresql (source) 42.7.1 -> 42.7.3 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.3

Changed
Fixed
  • fix: boolean types not handled in SimpleQuery mode PR #​3146
    • make sure we handle boolean types in simple query mode
    • support uuid as well
    • handle all well known types in text mode and change else if to switch
  • fix: released new versions of 42.2.29, 42.3.10, 42.4.5, 42.5.6, 42.6.2 to deal with NoSuchMethodError on ByteBuffer#position when running on Java 8

v42.7.2

Security
  • security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a -
    such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
    This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.
Changed
  • fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed PR #​3101
  • perf: Avoid autoboxing bind indexes by @​bokken in PR #​1244
  • refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by @​vlsi in PR #​3084
Added
  • feat: Add PasswordUtil for encrypting passwords client side PR #​3082

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@puneetbehl puneetbehl changed the title fix(deps): update dependency org.postgresql:postgresql to v42.7.3 chore(deps): update dependency org.postgresql:postgresql to v42.7.3 Mar 15, 2024
@puneetbehl puneetbehl added chore and removed bug labels Mar 15, 2024
@puneetbehl puneetbehl merged commit b4fbe5c into 6.2.x Mar 15, 2024
8 of 9 checks passed
@renovate renovate bot deleted the renovate/org.postgresql-postgresql-42.x branch March 15, 2024 21:59
@puneetbehl puneetbehl changed the title chore(deps): update dependency org.postgresql:postgresql to v42.7.3 fix(deps): update dependency org.postgresql:postgresql to v42.7.3 Mar 15, 2024
@puneetbehl puneetbehl added bug and removed chore labels Mar 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug deps
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@puneetbehl @grails-build