[Security] Upgrade PostgreSQL JDBC Driver to fix CVE-2024-1597, CVE-2022-31197, CVE-2022-21724

## Summary

The PostgreSQL JDBC Driver used by Apache Beam (`42.2.16`) is affected by multiple security vulnerabilities:

| CVE | CVSS | Severity | Description |
|-----|------|----------|-------------|
| [CVE-2024-1597](https://www.cve.org/CVERecord?id=CVE-2024-1597) | **9.8** | Critical | SQL injection via `preferQueryMode=simple` |
| [CVE-2022-21724](https://www.cve.org/CVERecord?id=CVE-2022-21724) | **9.8** | Critical | Arbitrary code execution via connection property class loading |
| [CVE-2022-31197](https://www.cve.org/CVERecord?id=CVE-2022-31197) | **7.1** | High | SQL injection in `ResultSet.refreshRow()` |

## Proposed Fix

Upgrade `postgres_version` from `42.2.16` to `42.7.10` in `BeamModulePlugin.groovy`.

The PostgreSQL JDBC Driver maintains full JDBC 4.2 API backward compatibility across all 42.x releases. The changes between these versions are internal security and bug fixes with no public API changes.

## References

- https://jdbc.postgresql.org/security/
- https://www.postgresql.org/about/news/postgresql-jdbc-4272-4261-4255-4244-4239-42228-and-42228jre7-security-update-for-cve-2024-1597-2812/


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security] Upgrade PostgreSQL JDBC Driver to fix CVE-2024-1597, CVE-2022-31197, CVE-2022-21724 #37942

Summary

Proposed Fix

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE	CVSS	Severity	Description
CVE-2024-1597	9.8	Critical	SQL injection via `preferQueryMode=simple`
CVE-2022-21724	9.8	Critical	Arbitrary code execution via connection property class loading
CVE-2022-31197	7.1	High	SQL injection in `ResultSet.refreshRow()`

[Security] Upgrade PostgreSQL JDBC Driver to fix CVE-2024-1597, CVE-2022-31197, CVE-2022-21724 #37942

Description

Summary

Proposed Fix

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions