[!WARNING]
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
pgjdbc/pgjdbc (org.postgresql:postgresql)
### [`v42.7.3`](https://togithub.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4273-2024-04-14-145100--0400)
##### Changed
- chore: gradle config enforces 17+ [PR #3147](https://togithub.com/pgjdbc/pgjdbc/pull/3147)
##### Fixed
- fix: boolean types not handled in SimpleQuery mode [PR #3146](https://togithub.com/pgjdbc/pgjdbc/pull/3146)
- make sure we handle boolean types in simple query mode
- support uuid as well
- handle all well known types in text mode and change `else if` to `switch`
- fix: released new versions of 42.2.29, 42.3.10, 42.4.5, 42.5.6, 42.6.2 to deal with `NoSuchMethodError on ByteBuffer#position` when running on Java 8
### [`v42.7.2`](https://togithub.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4272-2024-02-21-082300--0500)
##### Security
- security: SQL Injection via line comment generation, it is possible in `SimpleQuery` mode to generate a line comment by having a placeholder for a numeric with a `-`
such as `-?`. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
This has been fixed in this version fixes [CVE-2024-1597](https://www.cve.org/CVERecord?id=CVE-2024-1597). Reported by [Paul Gerste](https://togithub.com/paul-gerste-sonarsource). See the [security advisory](https://togithub.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56) for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.
##### Changed
- fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed [PR #3101](https://togithub.com/pgjdbc/pgjdbc/pull/3101)
- perf: Avoid autoboxing bind indexes by [@bokken](https://togithub.com/bokken) in [PR #1244](https://togithub.com/pgjdbc/pgjdbc/pull/1244)
- refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by [@vlsi](https://togithub.com/vlsi) in [PR #3084](https://togithub.com/pgjdbc/pgjdbc/pull/3084)
##### Added
- feat: Add PasswordUtil for encrypting passwords client side [PR #3082](https://togithub.com/pgjdbc/pgjdbc/pull/3082)
Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
42.7.1
->42.7.3
Release Notes
pgjdbc/pgjdbc (org.postgresql:postgresql)
### [`v42.7.3`](https://togithub.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4273-2024-04-14-145100--0400) ##### Changed - chore: gradle config enforces 17+ [PR #3147](https://togithub.com/pgjdbc/pgjdbc/pull/3147) ##### Fixed - fix: boolean types not handled in SimpleQuery mode [PR #3146](https://togithub.com/pgjdbc/pgjdbc/pull/3146) - make sure we handle boolean types in simple query mode - support uuid as well - handle all well known types in text mode and change `else if` to `switch` - fix: released new versions of 42.2.29, 42.3.10, 42.4.5, 42.5.6, 42.6.2 to deal with `NoSuchMethodError on ByteBuffer#position` when running on Java 8 ### [`v42.7.2`](https://togithub.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4272-2024-02-21-082300--0500) ##### Security - security: SQL Injection via line comment generation, it is possible in `SimpleQuery` mode to generate a line comment by having a placeholder for a numeric with a `-` such as `-?`. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment. This has been fixed in this version fixes [CVE-2024-1597](https://www.cve.org/CVERecord?id=CVE-2024-1597). Reported by [Paul Gerste](https://togithub.com/paul-gerste-sonarsource). See the [security advisory](https://togithub.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56) for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds. ##### Changed - fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed [PR #3101](https://togithub.com/pgjdbc/pgjdbc/pull/3101) - perf: Avoid autoboxing bind indexes by [@bokken](https://togithub.com/bokken) in [PR #1244](https://togithub.com/pgjdbc/pgjdbc/pull/1244) - refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by [@vlsi](https://togithub.com/vlsi) in [PR #3084](https://togithub.com/pgjdbc/pgjdbc/pull/3084) ##### Added - feat: Add PasswordUtil for encrypting passwords client side [PR #3082](https://togithub.com/pgjdbc/pgjdbc/pull/3082)Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.