- security: StreamWrapper spills to disk if setText, or setBytea sends very large Strings or arrays to the server. createTempFile creates a file which can be read by other users on unix like systems (Not macos).
This has been fixed in this version fixes CVE-2022-41946 see the security advisory for more details.
Reported by Jonathan Leitschuh
This has been fixed in versions 42.5.1, 42.4.3 42.3.8, 42.2.27.jre7.
Note there is no fix for 42.2.26.jre6. See the security advisory for work arounds.
- fix: make sure we select array_in from pg_catalog to avoid duplicate array_in functions fixes #Issue 2548 PR #2552
- fix: binary decoding of bool values PR #2640
- perf: improve performance of PgResultSet getByte/getShort/getInt/getLong for float-typed columns PR #2634
- chore: fix various spelling errors PR #2592
- chore: Feature/urlparser improve URLParser PR #2641
Commits by author
Dave Cramer (13):
Update README.md PR 2609
Ignore simplequery for postgresql 8.4 PR 2614
Single commit to move newdocs into master PR 2618
update versions PR 2619
fix grammar, fix downloads, minor edits PR 2626
fix: make sure we select array_in from pg_catalog to avoid duplicate array_in functions fixes #Issue 2548 PR 2552
clarify prepared statement usage PR 2629
fix maven coordinates PR 2631
remove javadoc links for java 17 and above PR 2637
revert change to PGProperty.get() to keep the API the same PR 2644
exclude ArrayTest versions less than 9.1 PR 2645\
Evgeniy Devyatykh (1): perf: improve performance of PgResultSet getByte/getShort/getInt/getLong for float-typed columns PR 2634
Josh Soref (1): chore: fix various spelling errors PR 2592
Knut Olav Løite (1): fix: binary decoding of bool values PR 2640
Marek Läll (1): Feature/urlparser improve3 pr1 PR 2641
Vladimir Sitnikov (4): docs: clarify we ship security fixes by default for the latest 42.x and 42.2 only PR 2586
μtkarsh (1): Optimize png files PR 2621