New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-31197 in pgjdbc transitive dependency (requires manual dependency override) #5062
CVE-2022-31197 in pgjdbc transitive dependency (requires manual dependency override) #5062
Comments
We will look into doing this in 2.10.0-M2 which should be avaliable in ~2wks. |
since it's a security issue, would be great if you can also backport into the latest stable release |
Thanks for the report @dbahatSAP (I forgot to say that initially). Yes, we will look into the CVE to see if it is one that would affect SCDF. If so, we will then most likely release a patch w/ the Some further info:
Latest |
Thanks! Actually for SCDF 2.9.x we can upgrade a minor version to |
That's good to know @dbahatSAP - I will comment in that ticket. |
Hi,
Following decision by both pgjdbc maintainers and spring boot team, security issue CVE-2022-31197 in pgjdbc will only get patched with the release of spring boot 3 in a few months.
To mitigate, can we please manually override postgresql.version with version >= 42.4.1 like was suggested by both teams?
Thanks,
-David
The text was updated successfully, but these errors were encountered: