Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to Postgresql 42.4.2 #32183

Closed
dalbani opened this issue Aug 29, 2022 · 4 comments
Closed

Upgrade to Postgresql 42.4.2 #32183

dalbani opened this issue Aug 29, 2022 · 4 comments
Labels
status: duplicate A duplicate of another issue

Comments

@dalbani
Copy link
Contributor

dalbani commented Aug 29, 2022

Given that a security issue has been fixed in 42.4.1: see https://jdbc.postgresql.org/.
Version 42.5.0 has been released as well, but I don't know what the policy regarding major/minor/patch dependency upgrades in Spring Boot.

Wouldn't it be a good idea to upgrade the driver in the 2.6 and 2.7 branch as well, by the way?
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Aug 29, 2022
@bclozel
Copy link
Member

bclozel commented Aug 29, 2022

Closing as a duplicate of #32126 - we'll upgrade to 42.4.2 for the next Spring Boot 3.0 milestone automatically (as mentioned in our issue template).

@bclozel bclozel closed this as not planned Won't fix, can't repro, duplicate, stale Aug 29, 2022
@bclozel bclozel added status: duplicate A duplicate of another issue and removed status: waiting-for-triage An issue we've not yet triaged labels Aug 29, 2022
@dalbani
Copy link
Contributor Author

dalbani commented Aug 29, 2022

Thanks for the quick reaction.
Sorry for the duplicate, I only checked open bugs before creating mine.

@dalbani
Copy link
Contributor Author

dalbani commented Aug 30, 2022

@bclozel: just a quick question if I may, what's exactly the "automated process"?
Because main still currently uses 42.4.0, which is thus affected by the CVE: https://github.com/spring-projects/spring-boot/blob/main/spring-boot-project/spring-boot-dependencies/build.gradle#L1141.

@bclozel
Copy link
Member

bclozel commented Aug 30, 2022

@dalbani it's actually a semi-automated process. We run periodically a tool called bomr in our build and this upgrades all our managed dependencies (taking exclusions into account).

Our next milestone is in 20+ days, we'll run the tool in due course.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bclozel @dalbani @spring-projects-issues