03 August 2022
PostgreSQL JDBC Driver 42.4.1 Released
Notable changes
Security
- fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection.
- Previously, the column names for both key and data columns in the table were copied as-is into the generated
SQL. This allowed a malicious table with column names that include statement terminator to be parsed and
executed as multiple separate commands.
- Also adds a new test class ResultSetRefreshTest to verify this change.
- Reported by Sho Kato
Changed
- chore: skip publishing pgjdbc-osgi-test to Central
- chore: bump Gradle to 7.5
- test: update JUnit to 5.8.2
Added
- chore: added Gradle Wrapper Validation for verifying gradle-wrapper.jar
- chore: added "permissions: contents: read" for GitHub Actions to avoid unintentional modifications by the CI
- chore: support building pgjdbc with Java 17
See full changelog for 42.4.1
09 June 2022
PostgreSQL JDBC Driver 42.4.0 Released
Notable changes
Changed
- fix: added GROUP_STARTUP_PARAMETERS boolean property to determine whether or not to group
startup parameters in a transaction (default=false like 42.2.x) fixes Issue #2425
pgbouncer cannot deal with transactions in statement pooling mode PR #2425
Fixed
- fix: queries with up to 65535 (inclusive) parameters are supported now (previous limit was 32767)
PR #2525, Issue #1311
- fix: workaround JarIndex parsing issue by using groupId/artifactId-version directory namings.
Regression since 42.2.13. PR #2531, issue #2527
- fix: use Locale.ROOT for toUpperCase() toLowerCase() calls
- doc: add Vladimir Sitnikov's PGP key
- fix: return correct base type for domain from getUDTs PR #2520 Issue #2522
- perf: utcTz static and renamed to UTC_TIMEZONE PR #2519
- doc: fix release version for #2377 (it should be 42.3.6, not 42.3.5)
See full changelog for 42.4.0
24 May 2022
PostgreSQL JDBC Driver 42.3.6 Released
Notable changes
Changed
Added
Fixed
- fix: close refcursors when underlying cursor==null instead of relying on defaultRowFetchSize PR #2377
See full changelog for 42.3.6