Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Revert "fix: replace syncronization in Connection.close with compareAndSet" * Revert "feat: synchronize statement executions (e.g. avoid deadlock when Connection.isValid is executed from concurrent threads)" * Revert "set a timeout to get the return from requesting SSL upgrade. (#2572)" * Revert "add alias to the generated query for clarity (#2553)"
- Loading branch information
1 parent
739e599
commit bd91c4c
Showing
13 changed files
with
197 additions
and
260 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
--- | ||
title: PostgreSQL JDBC Driver 42.4.1 Released | ||
date: 2022-08-03 08:09:07 -0400 | ||
categories: | ||
- new_release | ||
version: 42.4.1 | ||
--- | ||
**Notable changes** | ||
|
||
### Security | ||
- fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection. | ||
- Previously, the column names for both key and data columns in the table were copied as-is into the generated | ||
SQL. This allowed a malicious table with column names that include statement terminator to be parsed and | ||
executed as multiple separate commands. | ||
- Also adds a new test class ResultSetRefreshTest to verify this change. | ||
- Reported by [Sho Kato](https://github.com/kato-sho) | ||
|
||
### Changed | ||
- chore: skip publishing pgjdbc-osgi-test to Central | ||
- chore: bump Gradle to 7.5 | ||
- test: update JUnit to 5.8.2 | ||
|
||
### Added | ||
- chore: added Gradle Wrapper Validation for verifying gradle-wrapper.jar | ||
- chore: added "permissions: contents: read" for GitHub Actions to avoid unintentional modifications by the CI | ||
- chore: support building pgjdbc with Java 17 | ||
|
||
<!--more--> | ||
|
||
**Commits by author** | ||
|
||
Dave Cramer (9): | ||
bump gradle to version 3 to fix compile errors with jdk17 [PR 2550](https://github.com/pgjdbc/pgjdbc/pull/2550) | ||
update the website content [PR 2578](https://github.com/pgjdbc/pgjdbc/pull/2578) | ||
|
||
Sehrope Sarkuni (1): | ||
Fix SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection. | ||
|
||
Vladimir Sitnikov (34): | ||
bump system-stubs-jupiter to 2.0.1 to support Java 16+ | ||
update JUnit to 5.8.2 | ||
migrate DriverTest to JUnit5 | ||
bump Gradle to 7.5 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.