Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency org.postgresql:postgresql to v42.2.26 #276

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency org.postgresql:postgresql to v42.2.26 #276

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

This PR contains the following updates:

Package Type Update Change
org.postgresql:postgresql (source) compile patch 42.2.9 -> 42.2.26

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Critical 9.8 CVE-2022-21724 #114
Critical 9.8 CVE-2022-26520 #121
Critical 9.8 WS-2022-0080 #117
High 8.0 CVE-2022-31197 #140
High 7.7 CVE-2020-13692 #18

Release Notes

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.2.24

Fixed
  • Fix startup regressions caused by PR #​1949. Instead of checking all types by OID, we can return types for well known types PR #​2257
  • Backport PR #​2148
    Avoid leaking server error details through BatchUpdateException when logServerErrorDetail PR #​2254
  • Backpatch PR #​2247
    QueryExecutorImpl.receiveFastpathResult did not properly handle ParameterStatus messages.
    This in turn caused failures for some LargeObjectManager operations. Closes Issue #​2237
    Fixed by adding the missing code path, based on the existing handling in processResults. PR #​2253
  • Backpatch PR #​2242 PgDatabaseMetaData.getIndexInfo() cast operands to smallint PR#2253
    It is possible to break method PgDatabaseMetaData.getIndexInfo() by adding certain custom operators. This PR fixes it.
  • Backpatching PR #​2251 into 42.2 Clean up open connections to fix test failures on omni and appveyor
    use older syntax for COMMENT ON FUNCTION with explicit no-arg parameter parentheses as it is required on server versions before v10.
    Handle cleanup of connection creation in StatementTest, handle cleanup of privileged connection in DatabaseMetaDataTest
  • Backpatch PR #​2245 fixes case where duplicate tables are returned if there are duplicate descriptions oids are not guaranteed to be unique in the catalog PR #​2248
  • Change to updatable result set to use correctly primary or unique keys PR #​2228
    fixes issues introduced in PR #​2199 closes Issue #​2196
  • Fix NPE calling getTypeInfo when alias is null PR #​2220
  • Backpatch PR #​2217 to fix Issue #​2215. OIDs are unsigned integers and were not being handled correctly when they exceeded the size of signed integers

v42.2.23

Changed
  • Renewed the SSL keys for testing
Fixed
  • getColumnPrecision for Numeric when scale and precision not specified now returns 0 instead of 131089 fixes: Issue #​2188
  • Calling refreshRow on an updateable resultset made the row readOnly. Fixes Issue #​2193
  • results should be updateable if there is a unique index available PR#2199 Fixes Issue #​2196
  • Rework sql type gathering to use OID instead of typname.
    This does not have the issue of name shadowing / qual-names, and has the added benefit of fixing #​1948.

v42.2.22

Fixed
  • Regression caused by pgjdbc/pgjdbc@4fa2d5b. Unfortunately
    due to the blocking nature of the driver and issues with seeing if there is a byte available on a blocking stream when it is encrypted
    this introduces unacceptable delays in returning from peek(). At this time there is no simple solution to this.

v42.2.21

Changed
  • Update docs to reflect deprecated DataSource API setServerName backpatch PR#2057 PR #​2105
Fixed

v42.2.20

Fixed
  • Partitioned indexes were not found fixes #​2078 PR #​2087
  • isValid() timeout should not be blocked #​1943 Cherry-picked #​2076
    The usage of setQueryTimeout(); with the same value as the setNetworkTimeout(); is blocking the current transaction timeout.
    The timeouts are blocking each other with this approach.
  • DatabaseMetaData.getTables returns columns in UPPER case as per the spec PR #​2092 fixes Issue #​830

v42.2.19

Notable Changes

  • Now the driver uses SASLprep normalization for SCRAM authentication fixing some issues with spaces in passwords.
  • If closeOnCompletion is called on an existing statement and the statement is executed a second time it will fail.
Changed
  • Perf: avoid duplicate PGStream#changeSocket calls
  • Fix: Actually close unclosed results. Previously was not closing the first unclosed result fixes #​1903 (#​1905).
    There is a small behaviour change here as a result. If closeOnCompletion is called on an existing statement and the statement
    is executed a second time it will fail.
Added
  • Verify code via forbidden-apis (jdk-internal and jdk-non-portable signatures) PR #​2012
Fixed
  • Fix Binary transfer for numeric fixes #​1935
  • Fix Allow specifying binaryTransferEnable even for those types that are not enabled by default
  • Fix: properly set cancel socket timeout (#​2044)
  • Fix "Required class information missing" when old org.jboss:jandex parses pgjdbc classes [issue 2008]https://github.com/pgjdbc/pgjdbc/issues/200808]
  • Fix PGCopyInputStream returning the last row twice when reading with CopyOut API [issue 2016]https://github.com/pgjdbc/pgjdbc/issues/201616]
  • Fix Connection.isValid() to not wait longer than existing network timeout PR #​2040
  • Fix Passwords with spaces (ASCII and non-ASCII) now work with SCRAM authentication (driver now uses SASLprep normalization) PR #​2052
  • Fix DatabaseMetaData.getTablePrivileges() to include views, materialized views, and foreign tables PR #​2049
  • Fix Resolve ParseError in PGtokenizer fixes #​2050
  • Fix return metadata privileges for views and foreign tables

v42.2.18

Fixed
  • Unfortunately changing the default of gssEncMode to ALLOW was not enough. The GSSEncMode Enum was not changed as well
    fixed in #​1920

v42.2.17

Changed
  • Change default of gssEncMode to ALLOW. PostgreSQL can deal with PREFER but there are cloud providers that did not implement the protocol properly. Libpq gets around this by checking for a GSS credential cache before attempting the connection. This is possible in JDK 8 and up, but not JDK6, or JDK7 fixes Issue #​1868 PR #​1913
Added
Fixed
  • Avoid NullPointerException when receiving PGbox, PGcircle, PGline, PGlseg, PGpath, PGpoint, PGpolygon, and PGmoney [PR 1873] https://github.com/pgjdbc/pgjdbc/pull/18733).
  • The driver returns enum and jsonb arrays elements as String objects (like in 42.2.14 and earlier versions) PR 1879.
  • PgTokenizer was ignoring last empty token PR #​1882
  • Remove osgi from karaf fixes Issue #​1891 PR #​1902
  • Handle nulls when the following classes are used: PGbox, PGcircle, PGline, PGlseg, PGpath, PGpoint, PGpolygon, and PGmoney.

v42.2.16

Known issues
  • The driver returns enum and jsonb arrays elements are returned as PGobject instances (fixed in 42.2.17)
Fixed
  • Arrays sent in binary format are now sent as 1 based. This was a regression for multi-dimensional arrays as well as text/varchar, oid and bytea arrays.
    Since 42.2.0 single dimensional arrays were stored 0 based. They are now sent 1 based which is the SQL standard, and the default
    for Postgres when sent as strings such as '{1,2,3}'. Fixes issue 1860 in PR 1863.

v42.2.15

Known issues
  • The driver returns enum and jsonb arrays elements are returned as PGobject instances (fixed in 42.2.17)
Changed
  • Rename source distribution archive to postgresql-$version-jdbc-src.tar.gz, and add top-level archive folder ba017507
  • Add the ability to connect with a GSSAPI encrypted connection. As of PostgreSQL version 12 GSSAPI encrypted connections
    are possible. Now the driver will attempt to connect to the server with a GSSAPI encrypted connection. If that fails then
    attempt an SSL connection, finally falling back to a plain text connection. All of this is controlled using both the gssEncMode
    and sslMode parameters which, in concert with pg_hba.conf, determine if a particular mode is allowed and or required. PR 1821 ad921b9e
  • Source release archive shades dependencies (scram) by default. It affects only postgresql-version-src.tar.gz release artifact f0301eb9
  • Refactor decoding arrays PR 1194
Added
  • Verify nullness with CheckerFramework 6e524ae5
Fixed
  • Avoid preparedStatement leak when using updateable ResultSet via insert/update/refreshRow PR 1815 9a0d2b18
  • Change order of checks for oid vs primary keys. OID's have been deprecated. PR 1613
  • Close certificate file stream. PR 1837
  • Make sure socketTimeout is enforced PR 1831
  • Assume PKCS-8 SSL key format by default PR 1819
  • Preserve unquoted unicode whitespace in array literals PR 1266

v42.2.14

Changed
  • Reverted com.github.waffle:waffle-jna, org.osgi:org.osgi.core, org.osgi:org.osgi.enterprise dependencies to optional=true in Maven PR 1797.

v42.2.13

Notable Changes

  • Security: The primary reason to release this version and to continue the 42.2.x branch is for CVE-2020-13692.
    Reported by David Dworken, this is an XXE and more information can be found here.
    Sehrope Sarkuni reworked the XML parsing to provide a solution in commit 14b62aca4.
  • The build system has been changed to Gradle thanks to Vladimir PR 1627.
  • Regression: com.github.waffle:waffle-jna, org.osgi:org.osgi.core, org.osgi:org.osgi.enterprise dependencies are listed as non-optional issue 1975.
Changed
Added
  • jre-6 was added back to allow us to release fixes for all artifacts in the 42.2.x branch PR 1787
Fixed
  • I/O error ru translation PR 1756
  • Issue 1771 PgDatabaseMetaData.getFunctions() returns
    procedures fixed in PR 1774
  • getTypeMap() returning null PR 1781
  • Updated openssl example command PR 1763
  • fix documentation with ordered list to be displayed correctly PR 1783

v42.2.12

Notable changes

We have released 42.2.12 to correct regressions in this version: Specifically

  • PR 1729 was reverted as this is a breaking change
  • PR 1719 has been reverted as it introduced errors in the PgType Cache

We recommend that version 42.2.11 not be used.

Changed
  • reverted PR 1729 throw an error instead of silently rolling back a commit error.
    This change introduced a breaking change which will be moved to 42.3.0
  • reverted PR 1719 add support for full names of data types (#​1719)

v42.2.11

Notable changes
As mentioned above this version is broken and should not be used.

Changed
  • Reverted PR 1641. The driver will now wait for EOF when sending cancel signals.
  • DatabaseMetaData#getProcedures returns only procedures (not functions) for PostgreSQL 11+ PR 1723
  • Convert silent rollbacks into exception if application sends commit or xa.prepare command PR 1729
Added
  • feat: raiseExceptionOnSilentRollback connection option to configure if silent rollback should raise an exception PR 1729
  • feat: Expose ByteStreamWriter in CopyManager PR 1702
  • feat: add way to distinguish base and partitioned tables in PgDatabaseMetaData.getTables PR 1708
  • refactor: introduce tuple abstraction (rebased) PR 1701
  • refactor: make PSQLState enum consts for integrity constraint violations PR 1699
  • test: add makefile to create ssl certs PR 1706
Fixed
  • fix: Always use . as decimal separator in PGInterval PR 1705
  • fix: allow DatabaseMetaData.getColumns to describe an unset scale PR 1716
Changed
  • Build system update from Maven to Gradle PR 1627
Added
  • docker-compose image for creating test databases (see docker folder)

v42.2.10

Changed
  • (!) Regression: remove receiving EOF from backend after cancel PR 1641. The regression is that the subsequent query might receive the cancel signal.
Added
Fixed
  • Cleanup PGProperty, sort values, and add some missing to docs PR 1686
  • Fixing LocalTime rounding (losing precision) PR 1570
  • Network Performance of PgDatabaseMetaData.getTypeInfo() method PR 1668
  • Issue #​1680 updating a boolean field requires special handling to set it to t or f instead of true or false PR 1682
  • bug in pgstream for replication PR 1681
  • Issue #​1677 NumberFormatException when fetching PGInterval with small value PR 1678
  • Metadata queries improvements with large schemas. PR 1673
  • Utf 8 encoding optimizations PR 1444
  • interval overflow PR 1658
  • Issue #​1482 where the port was being added to the GSSAPI service name PR 1651
  • remove receiving EOF from backend after cancel since according to protocol the server closes the connection once cancel is sent (connection reset exception is always thrown) PR 1641
  • Unable to register out parameter Issue #​1646 PR 1648
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Jun 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants