Update dependency org.postgresql:postgresql to v42.2.13 - autoclosed

[mend-for-github-com]

This PR contains the following updates:

Package	Update	Change
org.postgresql:postgresql (source)	minor	42.1.4 -> 42.2.13

By merging this PR, the below vulnerabilities will be automatically resolved:

	Severity	CVSS Score	CVE
	High	8.1	CVE-2018-10936
	High	7.7	CVE-2020-13692

---

Release Notes

pgjdbc/pgjdbc

v42.2.13

Notable Changes

• Security: The primary reason to release this version and to continue the 42.2.x branch is for CVE-2020-13692.
  Reported by David Dworken, this is an XXE and more information can be found here.
  Sehrope Sarkuni reworked the XML parsing to provide a solution in commit 14b62aca4.
• The build system has been changed to Gradle thanks to Vladimir PR 1627.
• Regression: com.github.waffle:waffle-jna, org.osgi:org.osgi.core, org.osgi:org.osgi.enterprise dependencies are listed as non-optional issue 1975.

Changed

Added

• jre-6 was added back to allow us to release fixes for all artifacts in the 42.2.x branch PR 1787

Fixed

• I/O error ru translation PR 1756
• Issue 1771 PgDatabaseMetaData.getFunctions() returns
  procedures fixed in PR 1774
• getTypeMap() returning null PR 1781
• Updated openssl example command PR 1763
• fix documentation with ordered list to be displayed correctly PR 1783

v42.2.12

Notable changes

We have released 42.2.12 to correct regressions in this version: Specifically

• PR 1729 was reverted as this is a breaking change
• PR 1719 has been reverted as it introduced errors in the PgType Cache

We recommend that version 42.2.11 not be used.

Changed

• reverted PR 1729 throw an error instead of silently rolling back a commit error.
  This change introduced a breaking change which will be moved to 42.3.0
• reverted PR 1719 add support for full names of data types (#​1719)

v42.2.11

Notable changes
As mentioned above this version is broken and should not be used.

Changed

• Reverted PR 1641. The driver will now wait for EOF when sending cancel signals.
• DatabaseMetaData#getProcedures returns only procedures (not functions) for PostgreSQL 11+ PR 1723
• Convert silent rollbacks into exception if application sends commit or xa.prepare command PR 1729

Added

• feat: raiseExceptionOnSilentRollback connection option to configure if silent rollback should raise an exception PR 1729
• feat: Expose ByteStreamWriter in CopyManager PR 1702
• feat: add way to distinguish base and partitioned tables in PgDatabaseMetaData.getTables PR 1708
• refactor: introduce tuple abstraction (rebased) PR 1701
• refactor: make PSQLState enum consts for integrity constraint violations PR 1699
• test: add makefile to create ssl certs PR 1706

Fixed

• fix: Always use . as decimal separator in PGInterval PR 1705
• fix: allow DatabaseMetaData.getColumns to describe an unset scale PR 1716

Changed

• Build system update from Maven to Gradle PR 1627

Added

• docker-compose image for creating test databases (see docker folder)

v42.2.10

Changed

• (!) Regression: remove receiving EOF from backend after cancel PR 1641. The regression is that the subsequent query might receive the cancel signal.

Added

• Add maxResultBuffer property PR 1657
• add caller push of binary data (rebase of #​953) PR 1659

Fixed

• Cleanup PGProperty, sort values, and add some missing to docs PR 1686
• Fixing LocalTime rounding (losing precision) PR 1570
• Network Performance of PgDatabaseMetaData.getTypeInfo() method PR 1668
• Issue #​1680 updating a boolean field requires special handling to set it to t or f instead of true or false PR 1682
• bug in pgstream for replication PR 1681
• Issue #​1677 NumberFormatException when fetching PGInterval with small value PR 1678
• Metadata queries improvements with large schemas. PR 1673
• Utf 8 encoding optimizations PR 1444
• interval overflow PR 1658
• Issue #​1482 where the port was being added to the GSSAPI service name PR 1651
• remove receiving EOF from backend after cancel since according to protocol the server closes the connection once cancel is sent (connection reset exception is always thrown) PR 1641
• Unable to register out parameter Issue #​1646 PR 1648

v42.2.9

Changed

Added

• read only transactions PR 1252
• pkcs12 key functionality PR 1599
• new "escapeSyntaxCallMode" connection property PR 1560
• connection property to limit server error detail in exception exceptions PR 1579
• cancelQuery() to PGConnection public interface PR 1157
• support for large update counts (JDBC 4.2) PR 935
• Add Binary Support for Oid.NUMERIC and Oid.NUMERIC_ARRAY PR 1636

Fixed

• issue 716 getTypeInfo() may not return data in the order specified in Oracle documentation PR 1506
• PgSQLXML setCharacterStream() results in null value PR 1608
• get correct column length for simple domains PR 1605
• NPE as a result of calling executeQuery twice on a statement fixes issue #​684 [PR 1610] https://github.com/pgjdbc/pgjdbc/pull/16100)
• handle numeric domain types PR 1611
• pginterval to take iso8601 strings PR 1612
• remove currentTimeMillis from code, tests are OK PR 1617
• NPE when calling setNull on a PreparedStatement with no parameters PR 1620
• allow OUT parameter registration when using CallableStatement native CALL PR 1561
• add release save point into execute with batch PR 1583
• Prevent use of extended query protocol for BEGIN before COPY PR 1639

v42.2.8

Changed

Added

Fixed

• fix: Revert inet default Java type to PGObject and handle values with net masks PR 1568

v42.2.7

Changed

Added

• Expose parameter status messages (GUC_REPORT) to the user PR 1435
• Add automatic module name to manifest for jdk9+ PR 1538
• Log ignoring rollback when no transaction in progress PR 1549
• Map inet type to InetAddress PR 1527 issue 1134

Fixed

• fix issue 1547 As long as peek returns some bytes do not reset the timeout, this allows us to continue checking until any async notifies are consumed PR 1548
• fix: issue 1466 In logical decoding the if the backend was requesting a reply we… PR 1467
• fix: issue 1534 Proleptic java.time support PR 1539
• fix Ensure isValid() will not last more than timeout seconds PR 1557

v42.2.6

Known issues

• Waffle has dropped support for 1.6, 1.7 as such the new waffle 1.9.x is only available in jre8
• Microseconds in timestamps might be truncated when transferred in binary mode
• 24:00 time handling is not consistent issue 1385
• Unexpected packet type during stream replication issue 1466
• Driver goes missing after OSGi bundle restart issue 1476

Changed

• Change IS_GENERATED to IS_GENERATEDCOLUMN as per spec PR 1485
• Fix missing metadata columns, and misspelled columns in PgDatabaseMetaData#getTables PR 1323

Added

• CI tests with Java 11, and Java EA
• Support temporary replication slots in ReplicationCreateSlotBuilder PR 1306
• Support PostgreSQL 11, 12
• Return function (PostgreSQL 11) columns in PgDatabaseMetaData#getFunctionColumns
• Return information on create replication slot, now the snapshot_name is exported
  to allow a consistent snapshot in some uses cases. PR 1335

Fixed

• Fixed async copy performance (1ms per op) in SSL mode PR 1314
• Return Double.NaN for 'NaN'::numeric PR 1304
• Performance issue in PgDatabaseMetaData#getTypeInfo with lots of types in DB PR 1302
• PGCopyInputStream#read should cap values to [0, 255], -1 PR 1349
• Fixes LocalDateTime handling of BC dates PR 1388
• Release savepoints in autosave mode to prevent out of shared memory errors at the server side PR 1409
• Fix execution with big decimal in simple query mode. PR 1463
• Fix rounding for timestamps truncated to dates before 1970 PR 1502

v42.2.5

Known issues

• 1ms per async copy call issue 1312

Changed

• ssl=true implies sslmode=verify-full, that is it requires valid server certificate cdeeaca4

targetServerType=master has been deprecated in favour of targetServerType=primary. master
will still be accepted but not documented.

Added

• Support for sslmode=allow/prefer/require cdeeaca4

Fixed

• Security: added server hostname verification for non-default SSL factories in sslmode=verify-full (CVE-2018-10936) cdeeaca4
• Updated documentation on SSL configuration fa032732
• Updated Japanese translations PR 1275
• IndexOutOfBounds on prepared multistatement with insert values c2885dd0

v42.2.4

Changed

• PreparedStatement.setNull(int parameterIndex, int t, String typeName) no longer ignores the typeName
  argument if it is not null PR 1160

Fixed

• Fix treatment of SQL_TSI_YEAR, SQL_TSI_WEEK, SQL_TSI_MINUTE PR 1250
• Map integrity constraint violation to XA_RBINTEGRITY instead of XAER_RMFAIL PR 1175 f2d1352c

v42.2.3

Known issues

• SQL_TSI_YEAR is treated as hour, SQL_TSI_WEEK is treated as hour, SQL_TSI_MINUTE is treated as second

Changed

• Reduce the severity of the error log messages when an exception is re-thrown. The error will be
  thrown to caller to be dealt with so no need to log at this verbosity by pgjdbc PR 1187
• Deprecate Fastpath API PR 903
• Support parenthesis in {oj ...} JDBC escape syntax PR 1204
• ubenchmark module moved pgjdbc/benchmarks repository due to licensing issues PR 1215
• Include section on how to submit a bug report in CONTRIBUTING.md PR 951

Fixed

• getString for PGObject-based types returned "null" string instead of null PR 1154
• Field metadata cache can be disabled via databaseMetadataCacheFields=0 PR 1052
• Properly encode special symbols in passwords in BaseDataSource PR 1201
• Adjust date, hour, minute, second when rounding nanosecond part of a timestamp PR 1212
• perf: reduce memory allocations in query cache PR 1227
• perf: reduce memory allocations in SQL parser PR 1230, PR 1233
• Encode URL parameters in BaseDataSource PR 1201
• Improve JavaDoc formatting PR 1236

v42.2.2

Fixed

• Fix startup regressions caused by PR #​1949. Instead of checking all types by OID, we can return types for well known types PR #​2257
• Backport PR #​2148
  Avoid leaking server error details through BatchUpdateException when logServerErrorDetail PR #​2254
• Backpatch PR #​2247
  QueryExecutorImpl.receiveFastpathResult did not properly handle ParameterStatus messages.
  This in turn caused failures for some LargeObjectManager operations. Closes Issue #​2237
  Fixed by adding the missing code path, based on the existing handling in processResults. PR #​2253
• Backpatch PR #​2242 PgDatabaseMetaData.getIndexInfo() cast operands to smallint PR#​2253
  It is possible to break method PgDatabaseMetaData.getIndexInfo() by adding certain custom operators. This PR fixes it.
• Backpatching PR #​2251 into 42.2 Clean up open connections to fix test failures on omni and appveyor
  use older syntax for COMMENT ON FUNCTION with explicit no-arg parameter parentheses as it is required on server versions before v10.
  Handle cleanup of connection creation in StatementTest, handle cleanup of privileged connection in DatabaseMetaDataTest
• Backpatch PR #​2245 fixes case where duplicate tables are returned if there are duplicate descriptions oids are not guaranteed to be unique in the catalog PR #​2248
• Change to updatable result set to use correctly primary or unique keys PR #​2228
  fixes issues introduced in PR #​2199 closes Issue #​2196
• Fix NPE calling getTypeInfo when alias is null PR #​2220
• Backpatch PR #​2217 to fix Issue #​2215. OIDs are unsigned integers and were not being handled correctly when they exceeded the size of signed integers

v42.2.1

Notable Changes

• Now the driver uses SASLprep normalization for SCRAM authentication fixing some issues with spaces in passwords.
• If closeOnCompletion is called on an existing statement and the statement is executed a second time it will fail.

Changed

• Perf: avoid duplicate PGStream#changeSocket calls
• Fix: Actually close unclosed results. Previously was not closing the first unclosed result fixes #​1903 (#​1905).
  There is a small behaviour change here as a result. If closeOnCompletion is called on an existing statement and the statement
  is executed a second time it will fail.

Added

• Verify code via forbidden-apis (jdk-internal and jdk-non-portable signatures) PR #​2012

Fixed

• Fix Binary transfer for numeric fixes #​1935
• Fix Allow specifying binaryTransferEnable even for those types that are not enabled by default
• Fix: properly set cancel socket timeout (#​2044)
• Fix "Required class information missing" when old org.jboss:jandex parses pgjdbc classes [issue 2008]https://github.com/pgjdbc/pgjdbc/issues/200808]
• Fix PGCopyInputStream returning the last row twice when reading with CopyOut API [issue 2016]https://github.com/pgjdbc/pgjdbc/issues/201616]
• Fix Connnection.isValid() to not wait longer than existing network timeout PR #​2040
• Fix Passwords with spaces (ASCII and non-ASCII) now work with SCRAM authentication (driver now uses SASLprep normalization) PR #​2052
• Fix DatabaseMetaData.getTablePrivileges() to include views, materialized views, and foreign tables PR #​2049
• Fix Resolve ParseError in PGtokenizer fixes #​2050
• Fix return metadata privileges for views and foreign tables

v42.2.0

Known issues

• SCRAM does not work as scram:client library is not packaged
• client_encoding has to be UTF8 even with allowEncodingChanges=true

Added

• Support SCRAM-SHA-256 for PostgreSQL 10 in the JDBC 4.2 version (Java 8+) using the Ongres SCRAM library. PR 842
• Make SELECT INTO and CREATE TABLE AS return row counts to the client in their command tags. Issue 958 PR 962
• Support Subject Alternative Names for SSL connections. PR 952
• Support isAutoIncrement metadata for PostgreSQL 10 IDENTITY column. PR 1004
• Support for primitive arrays PR#​887 3e0491a
• Implement support for get/setNetworkTimeout() in connections. PR 849
• Make GSS JAAS login optional, add an option "jaasLogin" PR 922 see Connecting to the Database

Changed

• Improve behaviour of ResultSet.getObject(int, Class). PR 932
• Parse CommandComplete message using a regular expresion, allows complete catch of server returned commands for INSERT, UPDATE, DELETE, SELECT, FETCH, MOVE, COPY and future commands. PR 962
• Use 'time with timezone' and 'timestamp with timezone' as is and ignore the user provided Calendars, 'time' and 'timestamp' work as earlier except "00:00:00" now maps to 1970-01-01 and "24:00:00" uses the system provided Calendar ignoring the user-provided one PR 1053
• Change behaviour of multihost connection. The new behaviour is to try all secondaries first before trying the master PR 844.
• Avoid reflective access to TimeZone.defaultTimeZone in Java 9+ PR 1002 fixes Issue 986

Fixed

• Make warnings available as soon as they are received from the server. This is useful for long running queries, where it can be beneficial to know about a warning before the query completes. PR 857
• Use 00:00:00 and 24:00:00 for LocalTime.MIN/MAX. PR 992
• Now the DatabaseMetaData.getFunctions() implementation complies with the JDBC docs. PR 918
• Execute autosave/rollback savepoint via simple queries always to prevent "statement S_xx not exists" when autosaving fixes Issue #​955
• Received resultset tuples, but no field structure for them" when bind failure happens on 5th execution of a statement Issue 811

Removed

• Drop support for the (insecure) crypt authentication method. PR 1026

Deprecated

• Reintroduce Driver.getVersion for backward compatibility reasons, mark it as deprecated as application should not rely on it (regression since 42.0.0) 50d5dd3e

---

• If you want to rebase/retry this PR, click this checkbox.