Skip site navigation (1) Skip section navigation (2)

03 August 2022

PostgreSQL JDBC Driver 42.4.1 Released

Notable changes

Security

  • fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection.
    • Previously, the column names for both key and data columns in the table were copied as-is into the generated SQL. This allowed a malicious table with column names that include statement terminator to be parsed and executed as multiple separate commands.
    • Also adds a new test class ResultSetRefreshTest to verify this change.
    • Reported by Sho Kato

Changed

  • chore: skip publishing pgjdbc-osgi-test to Central
  • chore: bump Gradle to 7.5
  • test: update JUnit to 5.8.2

Added

  • chore: added Gradle Wrapper Validation for verifying gradle-wrapper.jar
  • chore: added "permissions: contents: read" for GitHub Actions to avoid unintentional modifications by the CI
  • chore: support building pgjdbc with Java 17

See full changelog for 42.4.1


09 June 2022

PostgreSQL JDBC Driver 42.4.0 Released

Notable changes

Changed

  • fix: added GROUP_STARTUP_PARAMETERS boolean property to determine whether or not to group startup parameters in a transaction (default=false like 42.2.x) fixes Issue #2425 pgbouncer cannot deal with transactions in statement pooling mode PR #2425

Fixed

  • fix: queries with up to 65535 (inclusive) parameters are supported now (previous limit was 32767) PR #2525, Issue #1311
  • fix: workaround JarIndex parsing issue by using groupId/artifactId-version directory namings. Regression since 42.2.13. PR #2531, issue #2527
  • fix: use Locale.ROOT for toUpperCase() toLowerCase() calls
  • doc: add Vladimir Sitnikov's PGP key
  • fix: return correct base type for domain from getUDTs PR #2520 Issue #2522
  • perf: utcTz static and renamed to UTC_TIMEZONE PR #2519
  • doc: fix release version for #2377 (it should be 42.3.6, not 42.3.5)

See full changelog for 42.4.0


24 May 2022

PostgreSQL JDBC Driver 42.3.6 Released

Notable changes

Changed

Added

Fixed

  • fix: close refcursors when underlying cursor==null instead of relying on defaultRowFetchSize PR #2377

See full changelog for 42.3.6


Latest Releases

42.4.1 · 03 Aug 2022 · Notes
42.4.0 · 09 Jun 2022 · Notes
42.3.6 · 24 May 2022 · Notes
42.3.5 · 04 May 2022 · Notes
42.3.4 · 15 Apr 2022 · Notes

Support Us

PostgreSQL is free. Please support our work by making a donation.


Privacy Policy | About PostgreSQL
Copyright © 1996-2022 The PostgreSQL Global Development Group