Changelog
*Sourced from [postgresql's changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md).*
> ## [42.2.5] (2018-08-27)
> ### Changed
> - `ssl=true` implies `sslmode=verify-full`, that is it requires valid server certificate [cdeeaca4](https://github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e4123099526e)
>
> ### Added
> - Support for `sslmode=allow/prefer/require` [cdeeaca4](https://github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e4123099526e)
>
> ### Fixed
> - Security: added server hostname verification for non-default SSL factories in `sslmode=verify-full` (CVE-2018-10936) [cdeeaca4](https://github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e4123099526e)
> - Updated documentation on SSL configuration [fa032732](https://github.com/pgjdbc/pgjdbc/commit/fa032732acfe51c6e663ee646dd5c1beaa1af857)
> - Updated Japanese translations [PR 1275](https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/1275)
> - IndexOutOfBounds on prepared multistatement with insert values [c2885dd0](https://github.com/pgjdbc/pgjdbc/commit/c2885dd0cfc793f81e5dd3ed2300bb32476eb14a)
Commits
- [`a1a5ae4`](https://github.com/pgjdbc/pgjdbc/commit/a1a5ae4f2283d4557f36756d1a0228310a3acccb) [maven-release-plugin] prepare release REL42.2.5
- [`c8a639e`](https://github.com/pgjdbc/pgjdbc/commit/c8a639edbd0cf39453048f1fd7d9412ec8e09293) docs: update site for 42.2.5
- [`237a89b`](https://github.com/pgjdbc/pgjdbc/commit/237a89bf3058a16a3de37b8c92d2a4d850c6c056) Update changelog for 42.2.5
- [`fa03273`](https://github.com/pgjdbc/pgjdbc/commit/fa032732acfe51c6e663ee646dd5c1beaa1af857) docs: improve documentation on SSL
- [`cdeeaca`](https://github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e4123099526e) security: implement SSL hostname verification for non-default (LibPQFactory) ...
- [`c2885dd`](https://github.com/pgjdbc/pgjdbc/commit/c2885dd0cfc793f81e5dd3ed2300bb32476eb14a) fix: IndexOutOfBounds on prepared multistatement with insert values
- [`9534e9c`](https://github.com/pgjdbc/pgjdbc/commit/9534e9ca0e1840445ad5f4eee75bc1e2ac102dde) docs: fix typos detected by github.com/client9/misspell ([#1287](https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/1287))
- [`203a106`](https://github.com/pgjdbc/pgjdbc/commit/203a106ddc9eb0d94cc94838f4fb0924e37f441a) fix: Correct typo in CopyManager comment ([#1285](https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/1285))
- [`b5c19af`](https://github.com/pgjdbc/pgjdbc/commit/b5c19af627c8650410495ad8e3f2ee85e687e3c1) move issue template and pull request template into github specific di… ([#1283](https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/1283))
- [`c66bf71`](https://github.com/pgjdbc/pgjdbc/commit/c66bf7108dd36f50aacebfd4f09e383aed02424b) Add issue templates ([#1263](https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/1263))
- Additional commits viewable in [compare view](https://github.com/pgjdbc/pgjdbc/compare/REL42.2.4...REL42.2.5)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps postgresql from 42.2.4 to 42.2.5.
Changelog
*Sourced from [postgresql's changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md).* > ## [42.2.5] (2018-08-27) > ### Changed > - `ssl=true` implies `sslmode=verify-full`, that is it requires valid server certificate [cdeeaca4](https://github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e4123099526e) > > ### Added > - Support for `sslmode=allow/prefer/require` [cdeeaca4](https://github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e4123099526e) > > ### Fixed > - Security: added server hostname verification for non-default SSL factories in `sslmode=verify-full` (CVE-2018-10936) [cdeeaca4](https://github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e4123099526e) > - Updated documentation on SSL configuration [fa032732](https://github.com/pgjdbc/pgjdbc/commit/fa032732acfe51c6e663ee646dd5c1beaa1af857) > - Updated Japanese translations [PR 1275](https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/1275) > - IndexOutOfBounds on prepared multistatement with insert values [c2885dd0](https://github.com/pgjdbc/pgjdbc/commit/c2885dd0cfc793f81e5dd3ed2300bb32476eb14a)Commits
- [`a1a5ae4`](https://github.com/pgjdbc/pgjdbc/commit/a1a5ae4f2283d4557f36756d1a0228310a3acccb) [maven-release-plugin] prepare release REL42.2.5 - [`c8a639e`](https://github.com/pgjdbc/pgjdbc/commit/c8a639edbd0cf39453048f1fd7d9412ec8e09293) docs: update site for 42.2.5 - [`237a89b`](https://github.com/pgjdbc/pgjdbc/commit/237a89bf3058a16a3de37b8c92d2a4d850c6c056) Update changelog for 42.2.5 - [`fa03273`](https://github.com/pgjdbc/pgjdbc/commit/fa032732acfe51c6e663ee646dd5c1beaa1af857) docs: improve documentation on SSL - [`cdeeaca`](https://github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e4123099526e) security: implement SSL hostname verification for non-default (LibPQFactory) ... - [`c2885dd`](https://github.com/pgjdbc/pgjdbc/commit/c2885dd0cfc793f81e5dd3ed2300bb32476eb14a) fix: IndexOutOfBounds on prepared multistatement with insert values - [`9534e9c`](https://github.com/pgjdbc/pgjdbc/commit/9534e9ca0e1840445ad5f4eee75bc1e2ac102dde) docs: fix typos detected by github.com/client9/misspell ([#1287](https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/1287)) - [`203a106`](https://github.com/pgjdbc/pgjdbc/commit/203a106ddc9eb0d94cc94838f4fb0924e37f441a) fix: Correct typo in CopyManager comment ([#1285](https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/1285)) - [`b5c19af`](https://github.com/pgjdbc/pgjdbc/commit/b5c19af627c8650410495ad8e3f2ee85e687e3c1) move issue template and pull request template into github specific di… ([#1283](https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/1283)) - [`c66bf71`](https://github.com/pgjdbc/pgjdbc/commit/c66bf7108dd36f50aacebfd4f09e383aed02424b) Add issue templates ([#1263](https://github-redirect.dependabot.com/pgjdbc/pgjdbc/issues/1263)) - Additional commits viewable in [compare view](https://github.com/pgjdbc/pgjdbc/compare/REL42.2.4...REL42.2.5)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.