Closed kares closed 4 years ago
scystephen
commented
4 years ago CVE-2018-3258 is applicable to the gem due to the use of mysql-connector-java-8.0.11.jar. This vulnerability is resolved in versions after 8.0.12 so a move to 8.0.17 would resolve the issue.
enebo
commented
4 years ago @kares is this safe to land?
kares
commented
4 years ago @enebo yes its released already (since the merge). except some new jdbc property names I did not found any AR-JDBC issues using 8.0
enebo
commented
4 years ago @kares sorry I read that merge statement backwards and totally spaced out a huge "MERGED" on top of that :)
of Connector/J driver, actually 8.0.17 but only 8.0.11 was ga (the firs 8.0.0 release as a pre/beta)
we will need to avoid a bit, since 50.3/51.3/52.2 do not handle the driver name change automatically.
so we'll be releasing new versions of those, note that 1.3 releases are not supported at this point