hankinsoft
commented
1 month ago Thank you, I'll get this removed for the next build. I don't actually use the jar file, it was just for testing so it will be removed completely.
Closed 4yourithing closed 4 weeks ago
hankinsoft
commented
1 month ago Thank you, I'll get this removed for the next build. I don't actually use the jar file, it was just for testing so it will be removed completely.
hankinsoft
commented
4 weeks ago SQLPro Studio 2024.32 has now been approved and all jar files have been removed. If you get the chance, please have a check and confirm that this resolves the issue you were seeing.
4yourithing
commented
4 weeks ago looks good. thank you.
Describe the bug A clear and concise description of what the bug is. Uses snowflake-jdbc-3.12.9.jar which has CVE-2012-0507.gen vulnerability. Current version of snowflake-jdbc is 3.16.1, issue patched in versions > 3.13.29
To Reproduce snowflake-jdbc-3.12.9.jar in SQLPro Studio.app contents /Applications/SQLPro Studio.app/Contents/Frameworks/SQLProSnowflakeCore.framework/Versions/A/Resources/jdbc/snowflake-jdbc-3.12.9.jar read security advisory for versions < 3.13.29 https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-4g3j-c4wg-6j7x
Expected behavior No security advisories in packages used.
Environment details (please complete the following information):
Additional context https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-4g3j-c4wg-6j7x
Issues will be closed until environmental details are provided.
If the above template is not completed, issues with be closed with the statement
Issue has been closed. Please edit the initial post (or create a new issue) and follow the template. Once completed, the issue may be reopened.