Skip to content

Commit

Permalink
Update site for release of 42.7.2 (#3133)
Browse files Browse the repository at this point in the history
  • Loading branch information
@davecramer
davecramer committed Feb 21, 2024
1 parent df14e53 commit 9cde4f5
Show file tree
Hide file tree
Showing 10 changed files with 171 additions and 55 deletions.
17 changes: 15 additions & 2 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,29 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).

### Changed
### Added
* feat: Add PasswordUtil for encrypting passwords client side [PR #3082](https://github.com/pgjdbc/pgjdbc/pull/3082)
### Fixed

## [42.7.2] (2024-02-21 08:23:00 -0500)

### Security
* security: SQL Injection via line comment generation, it is possible in `SimpleQuery` mode to generate a line comment by having a placeholder for a numeric with a `-`
such as `-?`. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
This has been fixed in this version fixes [CVE-2024-1597](https://www.cve.org/CVERecord?id=CVE-2024-1597). Reported by [Paul Gerste](https://github.com/paul-gerste-sonarsource). See the [security advisory](https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56) for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

### Changed
* fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed [PR #3101](https://github.com/pgjdbc/pgjdbc/pull/3101)
* perf: Avoid autoboxing bind indexes by @bokken in [PR #1244](https://github.com/pgjdbc/pgjdbc/pull/1244)
* refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by @vlsi in [PR #3084](https://github.com/pgjdbc/pgjdbc/pull/3084)

### Added
* feat: Add PasswordUtil for encrypting passwords client side [PR #3082](https://github.com/pgjdbc/pgjdbc/pull/3082)

## [42.7.1] (2023-12-06 08:34:00 -0500)

### Changed
* perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing [PR #3044](https://github.com/pgjdbc/pgjdbc/pull/3044)

### Fixed

* fix: Apply connectTimeout before SSLSocket.startHandshake to avoid infinite wait in case the connection is broken [PR #3040](https://github.com/pgjdbc/pgjdbc/pull/3040)
* fix: support waffle-jna 2.x and 3.x by using reflective approach for ManagedSecBufferDesc [PR #2720](https://github.com/pgjdbc/pgjdbc/pull/2720) Fixes [Issue #2690](https://github.com/pgjdbc/pgjdbc/issues/2720).
* fix: NoSuchMethodError on ByteBuffer#position When Running on Java 8 when accessing arrays, fixes [Issue #3014](https://github.com/pgjdbc/pgjdbc/issues/3014)
Expand Down
15 changes: 15 additions & 0 deletions docs/content/changelogs/2024-02-21-42.2.28-release.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
title: PostgreSQL JDBC Driver 42.2.28 Released
date: 2024-02-21 8:23:00 -0500
categories:
- new_release
version: 42.2.28
---
**Notable changes**


### Security
* security: SQL Injection via line comment generation, it is possible in `SimpleQuery` mode to generate a line comment by having a placeholder for a numeric with a `-`
such as `-?`. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
This has been fixed in this version fixes [CVE-2024-1597](https://www.cve.org/CVERecord?id=CVE-2024-1597). Reported by [Paul Gerste](https://github.com/paul-gerste-sonarsource). See the [security advisory](https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56) for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

15 changes: 15 additions & 0 deletions docs/content/changelogs/2024-02-21-42.3.9-release.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
title: PostgreSQL JDBC Driver 42.3.9 Released
date: 2024-02-21 8:23:00 -0500
categories:
- new_release
version: 42.3.9
---
**Notable changes**


### Security
* security: SQL Injection via line comment generation, it is possible in `SimpleQuery` mode to generate a line comment by having a placeholder for a numeric with a `-`
such as `-?`. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
This has been fixed in this version fixes [CVE-2024-1597](https://www.cve.org/CVERecord?id=CVE-2024-1597). Reported by [Paul Gerste](https://github.com/paul-gerste-sonarsource). See the [security advisory](https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56) for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

15 changes: 15 additions & 0 deletions docs/content/changelogs/2024-02-21-42.4.4-release.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
title: PostgreSQL JDBC Driver 42.4.4 Released
date: 2024-02-21 8:23:00 -0500
categories:
- new_release
version: 42.4.4
---
**Notable changes**


### Security
* security: SQL Injection via line comment generation, it is possible in `SimpleQuery` mode to generate a line comment by having a placeholder for a numeric with a `-`
such as `-?`. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
This has been fixed in this version fixes [CVE-2024-1597](https://www.cve.org/CVERecord?id=CVE-2024-1597). Reported by [Paul Gerste](https://github.com/paul-gerste-sonarsource). See the [security advisory](https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56) for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

15 changes: 15 additions & 0 deletions docs/content/changelogs/2024-02-21-42.5.5-release.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
title: PostgreSQL JDBC Driver 42.5.5 Released
date: 2024-02-21 8:23:00 -0500
categories:
- new_release
version: 42.5.5
---
**Notable changes**


### Security
* security: SQL Injection via line comment generation, it is possible in `SimpleQuery` mode to generate a line comment by having a placeholder for a numeric with a `-`
such as `-?`. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
This has been fixed in this version fixes [CVE-2024-1597](https://www.cve.org/CVERecord?id=CVE-2024-1597). Reported by [Paul Gerste](https://github.com/paul-gerste-sonarsource). See the [security advisory](https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56) for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

15 changes: 15 additions & 0 deletions docs/content/changelogs/2024-02-21-42.6.1-release.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
title: PostgreSQL JDBC Driver 42.6.1 Released
date: 2024-02-21 8:23:00 -0500
categories:
- new_release
version: 42.6.1
---
**Notable changes**


### Security
* security: SQL Injection via line comment generation, it is possible in `SimpleQuery` mode to generate a line comment by having a placeholder for a numeric with a `-`
such as `-?`. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
This has been fixed in this version fixes [CVE-2024-1597](https://www.cve.org/CVERecord?id=CVE-2024-1597). Reported by [Paul Gerste](https://github.com/paul-gerste-sonarsource). See the [security advisory](https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56) for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

37 changes: 37 additions & 0 deletions docs/content/changelogs/2024-02-21-42.7.2-release.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
---
title: PostgreSQL JDBC Driver 42.7.2 Released
date: 2024-02-21 8:23:00 -0500
categories:
- new_release
version: 42.7.2
---
**Notable changes**


### Security
* security: SQL Injection via line comment generation, it is possible in `SimpleQuery` mode to generate a line comment by having a placeholder for a numeric with a `-`
such as `-?`. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
This has been fixed in this version fixes [CVE-2024-1597](https://www.cve.org/CVERecord?id=CVE-2024-1597). Reported by [Paul Gerste](https://github.com/paul-gerste-sonarsource). See the [security advisory](https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56) for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

### Changed
* fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed [PR #3101](https://github.com/pgjdbc/pgjdbc/pull/3101)
* perf: Avoid autoboxing bind indexes [PR #1244](https://github.com/pgjdbc/pgjdbc/pull/1244)
* refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword [PR #3084](https://github.com/pgjdbc/pgjdbc/pull/3084)

### Added
* feat: Add PasswordUtil for encrypting passwords client side [PR #3082](https://github.com/pgjdbc/pgjdbc/pull/3082)


**Commits by author**

Vladimir Sitnikov (1):
refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword [PR #3084](https://github.com/pgjdbc/pgjdbc/pull/3084)

Brett Okken (1):
perf: Avoid autoboxing bind indexes [PR #1244](https://github.com/pgjdbc/pgjdbc/pull/1244)

Dave Cramer (1):
* fix: Apply connectTimeout before SSLSocket.startHandshake to avoid infinite wait in case the connection is broken [PR #3040](https://github.com/pgjdbc/pgjdbc/pull/3040)

Sehrope Sarkini (1):
* feat: Add PasswordUtil for encrypting passwords client side [PR #3082](https://github.com/pgjdbc/pgjdbc/pull/3082)
41 changes: 18 additions & 23 deletions docs/data/homepagedata.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,36 +14,31 @@ path = "/icons/driver-icon.svg"

# Releases Info
[[info]]
date = "06 December 2023"
url = "/changelogs/2023-12-06-42.7.1-release/"
version = "42.7.1"
date = "21 February 2024"
url = "/changelogs/2024-02-21-42.7.2-release/"
version = "42.7.2"

[[info]]
date = "20 November 2023"
url = "/changelogs/2023-11-20-42.7.0-release/"
version = "42.7.0"
date = "21 February 2024"
url = "/changelogs/2024-02-21-42.6.1-release/"
version = "42.6.1"

[[info]]
date = "17 March 2023"
url = "/changelogs/2023-03-17-42.6.0-release/"
version = "42.6.0"
date = "21 February 2024"
url = "/changelogs/2024-02-21-42.5.5-release/"
version = "42.5.5"

[[info]]
date = "16 February 2023"
url = "/changelogs/2023-02-16-42.5.4-release/"
version = "42.5.4"
date = "21 February 2024"
url = "/changelogs/2024-02-21-42.4.4-release/"
version = "42.4.4"

[[info]]
date = "23 October 2022"
url = "/changelogs/2022-11-23-42.5.1-release/"
version = "42.4.3"
date = "21 February 2024"
url = "/changelogs/2024-02-21-42.3.9-release/"
version = "42.3.9"

[[info]]
date = "23 October 2022"
url = "/changelogs/2022-11-23-42.5.1-release/"
version = "42.3.8"

[[info]]
date = "23 October 2022"
url = "/changelogs/2022-11-23-42.5.1-release/"
version = "42.2.27"
date = "21 February 2024"
url = "/changelogs/2024-02-21-42.2.28-release/"
version = "42.2.28"
52 changes: 24 additions & 28 deletions docs/data/versions.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,24 @@

[[recent]]
j_name= "Java 8"
version= "42.7.1"
version= "42.7.2"
suffix=""
description= "If you are using Java 8 or newer then you should use the JDBC 4.2 version."
url= "/download/postgresql-42.7.2.jar"

[[recent]]
j_name= "Java 8"
version= "42.6.1"
suffix=""
description= "If you are using Java 8 or newer then you should use the JDBC 4.2 version."
url= "/download/postgresql-42.7.1.jar"
url= "/download/postgresql-42.6.1.jar"

[[recent]]
j_name= "Java 7"
version= "42.2.27"
version= "42.2.28"
suffix="jre7"
description= "If you are using Java 7 then you should use the JDBC 4.1 version."
url= "/download/postgresql-42.2.27.jre7.jar"
url= "/download/postgresql-42.2.28.jre7.jar"

[[recent]]
j_name= "Java 6"
Expand All @@ -24,10 +31,10 @@ url= "/download/postgresql-42.2.27.jre6.jar"
# Past Versions
[[past]]
j_name= "Java 8"
version= "42.7.0"
version= "42.7.1"
suffix=""
description= "This version has some minor regressions, 42.7.1 is preferred."
url= "/download/postgresql-42.7..jar"
url= "/download/postgresql-42.7.0.jar"

[[past]]
j_name= "Java 8"
Expand All @@ -44,32 +51,21 @@ description= "If you are using Java 8 or newer then you should use the JDBC 4.2
url= "/download/postgresql-42.5.4.jar"

[[past]]
v_name= "Postgresql JDBC 42.5.3"
version= "42.5.3"
v_name= "Postgresql JDBC 42.4.3"
version= "42.4.3"
suffix=""
url= "/download/postgresql-42.5.3.jar"
url= "/download/postgresql-42.4.3.jar"

[[past]]
v_name= "Postgresql JDBC 42.5.2"
version= "42.5.2"
v_name= "Postgresql JDBC 42.3.8"
version= "42.3.8"
suffix=""
url= "/download/postgresql-42.5.2.jar"
url= "/download/postgresql-42.3.8.jar"

[[past]]
v_name= "Postgresql JDBC 42.5.1"
version= "42.5.1"
suffix=""
url= "/download/postgresql-42.5.1.jar"

[[past]]
v_name= "Postgresql JDBC 42.4.2"
version= "42.4.2"
suffix=""
url= "/download/postgresql-42.4.2.jar"

[[past]]
v_name= "Postgresql JDBC 42.3.7"
version= "42.3.7"
suffix=""
url= "/download/postgresql-42.3.7.jar"
j_name= "Java 7"
version= "42.2.27"
suffix="jre7"
description= "If you are using Java 7 then you should use the JDBC 4.1 version."
url= "/download/postgresql-42.2.27.jre7.jar"

4 changes: 2 additions & 2 deletions docs/layouts/partials/home/info.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ <h2>
Latest Releases
</h2>
<p>
pgJDBC has released v42.7.1 on December 06, 2023. This release primarily fixes 2 regressions <a href="https://github.com/pgjdbc/pgjdbc/issues/3007">SET followed by SHOW in one statement returns wrong result</a>
and <a href="https://github.com/pgjdbc/pgjdbc/issues/3008">Server default DateStyle is being overwritten</a>. Notably improved blob performance as well as a number of small changes See notes below for details.
pgJDBC has released v42.7.2, v42.6.1, v42.5.5, v42.4.4, v42.3.9 and v42.2.28 on February 21, 2024.
This release primarily addresses a security issue <a href="https://www.cve.org/CVERecord?id=CVE-2024-1597">CVE-2024-1597</a> See the <a href="https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56">security advisory</a> for details.
</p>
<ul role="list">
{{ range $.Site.Data.homepagedata.info }}
Expand Down

0 comments on commit 9cde4f5

Please sign in to comment.