[!WARNING]
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
pgjdbc/pgjdbc (org.postgresql:postgresql)
### [`v42.7.3`](https://togithub.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4273-2024-04-14-145100--0400)
##### Changed
- chore: gradle config enforces 17+ [PR #3147](https://togithub.com/pgjdbc/pgjdbc/pull/3147)
##### Fixed
- fix: boolean types not handled in SimpleQuery mode [PR #3146](https://togithub.com/pgjdbc/pgjdbc/pull/3146)
- make sure we handle boolean types in simple query mode
- support uuid as well
- handle all well known types in text mode and change `else if` to `switch`
- fix: released new versions of 42.2.29, 42.3.10, 42.4.5, 42.5.6, 42.6.2 to deal with `NoSuchMethodError on ByteBuffer#position` when running on Java 8
### [`v42.7.2`](https://togithub.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4272-2024-02-21-082300--0500)
##### Security
- security: SQL Injection via line comment generation, it is possible in `SimpleQuery` mode to generate a line comment by having a placeholder for a numeric with a `-`
such as `-?`. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
This has been fixed in this version fixes [CVE-2024-1597](https://www.cve.org/CVERecord?id=CVE-2024-1597). Reported by [Paul Gerste](https://togithub.com/paul-gerste-sonarsource). See the [security advisory](https://togithub.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56) for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.
##### Changed
- fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed [PR #3101](https://togithub.com/pgjdbc/pgjdbc/pull/3101)
- perf: Avoid autoboxing bind indexes by [@bokken](https://togithub.com/bokken) in [PR #1244](https://togithub.com/pgjdbc/pgjdbc/pull/1244)
- refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by [@vlsi](https://togithub.com/vlsi) in [PR #3084](https://togithub.com/pgjdbc/pgjdbc/pull/3084)
##### Added
- feat: Add PasswordUtil for encrypting passwords client side [PR #3082](https://togithub.com/pgjdbc/pgjdbc/pull/3082)
### [`v42.7.1`](https://togithub.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4271-2023-12-06-083400--0500)
##### Changed
- perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing [PR #3044](https://togithub.com/pgjdbc/pgjdbc/pull/3044)
##### Fixed
- fix: Apply connectTimeout before SSLSocket.startHandshake to avoid infinite wait in case the connection is broken [PR #3040](https://togithub.com/pgjdbc/pgjdbc/pull/3040)
- fix: support waffle-jna 2.x and 3.x by using reflective approach for ManagedSecBufferDesc [PR #2720](https://togithub.com/pgjdbc/pgjdbc/pull/2720) Fixes [Issue #2690](https://togithub.com/pgjdbc/pgjdbc/issues/2720).
- fix: NoSuchMethodError on ByteBuffer#position When Running on Java 8 when accessing arrays, fixes [Issue #3014](https://togithub.com/pgjdbc/pgjdbc/issues/3014)
- Revert "[PR #2925](https://togithub.com/pgjdbc/pgjdbc/pull/2925) Use canonical DateStyle name" [PR #3035](https://togithub.com/pgjdbc/pgjdbc/pull/3035)
Fixes [Issue #3008](https://togithub.com/pgjdbc/pgjdbc/issues/3008)
- Revert "[PR ##2973](https://togithub.com/pgjdbc/pgjdbc/pull/2973) feat: support SET statements combining with other queries with semicolon in PreparedStatement" [PR #3010](https://togithub.com/pgjdbc/pgjdbc/pull/3010)
Fixes [Issue #3007](https://togithub.com/pgjdbc/pgjdbc/issues/3007)
- fix: avoid timezone conversions when sending LocalDateTime to the database [#2852](https://togithub.com/pgjdbc/pgjdbc/pull/3010) Fixes [Issue #1390](https://togithub.com/pgjdbc/pgjdbc/issues/1390)
,[Issue #2850](https://togithub.com/pgjdbc/pgjdbc/issues/2850)
Closes \[Issue [#1391](https://togithub.com/pgjdbc/pgjdbc/issues/1391)([https://github.com/pgjdbc/pgjdbc/issues/1391](https://togithub.com/pgjdbc/pgjdbc/issues/1391))
### [`v42.7.0`](https://togithub.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4270-2023-11-20-093300--0500)
##### Changed
- fix: Deprecate for removal PGPoint.setLocation(java.awt.Point) to cut dependency to `java.desktop` module. [PR #2967](https://togithub.com/pgjdbc/pgjdbc/pull/2967)
- feat: return all catalogs for getCatalogs metadata query closes [ISSUE #2949](https://togithub.com/pgjdbc/pgjdbc/issues/2949) [PR #2953](https://togithub.com/pgjdbc/pgjdbc/pull/2953)
- feat: support SET statements combining with other queries with semicolon in PreparedStatement [PR ##2973](https://togithub.com/pgjdbc/pgjdbc/pull/2973)
##### Fixed
- chore: add styleCheck Gradle task to report style violations [PR #2980](https://togithub.com/pgjdbc/pgjdbc/pull/2980)
- fix: Include currentXid in "Error rolling back prepared transaction" exception message [PR #2978](https://togithub.com/pgjdbc/pgjdbc/pull/2978)
- fix: add varbit as a basic type inside the TypeInfoCache [PR #2960](https://togithub.com/pgjdbc/pgjdbc/pull/2960)
- fix: Fix failing tests for version 16. [PR #2962](https://togithub.com/pgjdbc/pgjdbc/pull/2962)
- fix: allow setting arrays with ANSI type name [PR #2952](https://togithub.com/pgjdbc/pgjdbc/pull/2952)
- feat: Use KeepAlive to confirm LSNs [PR #2941](https://togithub.com/pgjdbc/pgjdbc/pull/2941)
- fix: put double ' around log parameter [PR #2936](https://togithub.com/pgjdbc/pgjdbc/pull/2936) fixes [ISSUE #2935](https://togithub.com/pgjdbc/pgjdbc/issues/2935)
- fix: Fix Issue [#2928](https://togithub.com/pgjdbc/pgjdbc/issues/2928) number of ports not equal to number of servers in datasource [PR #2929](https://togithub.com/pgjdbc/pgjdbc/pull/2929)
- fix: Use canonical DateStyle name ([#2925](https://togithub.com/pgjdbc/pgjdbc/issues/2925)) fixes [pgbouncer issue](https://togithub.com/pgbouncer/pgbouncer/issues/776)
- fix: Method getFastLong should be able to parse all longs [PR #2881](https://togithub.com/pgjdbc/pgjdbc/pull/2881)
- docs: Fix typos in info.html [PR #2860](https://togithub.com/pgjdbc/pgjdbc/pull/2860)
- fix: Return correct default from PgDatabaseMetaData.getDefaultTransactionIsolation [PR #2992](https://togithub.com/pgjdbc/pgjdbc/pull/2992) fixes [Issue #2991](https://togithub.com/pgjdbc/pgjdbc/issues/2991)
- test: fix assertion in RefCursorFetchTestultFetchSize rows
- test: use try-with-resources in LogicalReplicationStatusTest
Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
42.6.0
->42.7.3
Release Notes
pgjdbc/pgjdbc (org.postgresql:postgresql)
### [`v42.7.3`](https://togithub.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4273-2024-04-14-145100--0400) ##### Changed - chore: gradle config enforces 17+ [PR #3147](https://togithub.com/pgjdbc/pgjdbc/pull/3147) ##### Fixed - fix: boolean types not handled in SimpleQuery mode [PR #3146](https://togithub.com/pgjdbc/pgjdbc/pull/3146) - make sure we handle boolean types in simple query mode - support uuid as well - handle all well known types in text mode and change `else if` to `switch` - fix: released new versions of 42.2.29, 42.3.10, 42.4.5, 42.5.6, 42.6.2 to deal with `NoSuchMethodError on ByteBuffer#position` when running on Java 8 ### [`v42.7.2`](https://togithub.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4272-2024-02-21-082300--0500) ##### Security - security: SQL Injection via line comment generation, it is possible in `SimpleQuery` mode to generate a line comment by having a placeholder for a numeric with a `-` such as `-?`. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment. This has been fixed in this version fixes [CVE-2024-1597](https://www.cve.org/CVERecord?id=CVE-2024-1597). Reported by [Paul Gerste](https://togithub.com/paul-gerste-sonarsource). See the [security advisory](https://togithub.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56) for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds. ##### Changed - fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed [PR #3101](https://togithub.com/pgjdbc/pgjdbc/pull/3101) - perf: Avoid autoboxing bind indexes by [@bokken](https://togithub.com/bokken) in [PR #1244](https://togithub.com/pgjdbc/pgjdbc/pull/1244) - refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by [@vlsi](https://togithub.com/vlsi) in [PR #3084](https://togithub.com/pgjdbc/pgjdbc/pull/3084) ##### Added - feat: Add PasswordUtil for encrypting passwords client side [PR #3082](https://togithub.com/pgjdbc/pgjdbc/pull/3082) ### [`v42.7.1`](https://togithub.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4271-2023-12-06-083400--0500) ##### Changed - perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing [PR #3044](https://togithub.com/pgjdbc/pgjdbc/pull/3044) ##### Fixed - fix: Apply connectTimeout before SSLSocket.startHandshake to avoid infinite wait in case the connection is broken [PR #3040](https://togithub.com/pgjdbc/pgjdbc/pull/3040) - fix: support waffle-jna 2.x and 3.x by using reflective approach for ManagedSecBufferDesc [PR #2720](https://togithub.com/pgjdbc/pgjdbc/pull/2720) Fixes [Issue #2690](https://togithub.com/pgjdbc/pgjdbc/issues/2720). - fix: NoSuchMethodError on ByteBuffer#position When Running on Java 8 when accessing arrays, fixes [Issue #3014](https://togithub.com/pgjdbc/pgjdbc/issues/3014) - Revert "[PR #2925](https://togithub.com/pgjdbc/pgjdbc/pull/2925) Use canonical DateStyle name" [PR #3035](https://togithub.com/pgjdbc/pgjdbc/pull/3035) Fixes [Issue #3008](https://togithub.com/pgjdbc/pgjdbc/issues/3008) - Revert "[PR ##2973](https://togithub.com/pgjdbc/pgjdbc/pull/2973) feat: support SET statements combining with other queries with semicolon in PreparedStatement" [PR #3010](https://togithub.com/pgjdbc/pgjdbc/pull/3010) Fixes [Issue #3007](https://togithub.com/pgjdbc/pgjdbc/issues/3007) - fix: avoid timezone conversions when sending LocalDateTime to the database [#2852](https://togithub.com/pgjdbc/pgjdbc/pull/3010) Fixes [Issue #1390](https://togithub.com/pgjdbc/pgjdbc/issues/1390) ,[Issue #2850](https://togithub.com/pgjdbc/pgjdbc/issues/2850) Closes \[Issue [#1391](https://togithub.com/pgjdbc/pgjdbc/issues/1391)([https://github.com/pgjdbc/pgjdbc/issues/1391](https://togithub.com/pgjdbc/pgjdbc/issues/1391)) ### [`v42.7.0`](https://togithub.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4270-2023-11-20-093300--0500) ##### Changed - fix: Deprecate for removal PGPoint.setLocation(java.awt.Point) to cut dependency to `java.desktop` module. [PR #2967](https://togithub.com/pgjdbc/pgjdbc/pull/2967) - feat: return all catalogs for getCatalogs metadata query closes [ISSUE #2949](https://togithub.com/pgjdbc/pgjdbc/issues/2949) [PR #2953](https://togithub.com/pgjdbc/pgjdbc/pull/2953) - feat: support SET statements combining with other queries with semicolon in PreparedStatement [PR ##2973](https://togithub.com/pgjdbc/pgjdbc/pull/2973) ##### Fixed - chore: add styleCheck Gradle task to report style violations [PR #2980](https://togithub.com/pgjdbc/pgjdbc/pull/2980) - fix: Include currentXid in "Error rolling back prepared transaction" exception message [PR #2978](https://togithub.com/pgjdbc/pgjdbc/pull/2978) - fix: add varbit as a basic type inside the TypeInfoCache [PR #2960](https://togithub.com/pgjdbc/pgjdbc/pull/2960) - fix: Fix failing tests for version 16. [PR #2962](https://togithub.com/pgjdbc/pgjdbc/pull/2962) - fix: allow setting arrays with ANSI type name [PR #2952](https://togithub.com/pgjdbc/pgjdbc/pull/2952) - feat: Use KeepAlive to confirm LSNs [PR #2941](https://togithub.com/pgjdbc/pgjdbc/pull/2941) - fix: put double ' around log parameter [PR #2936](https://togithub.com/pgjdbc/pgjdbc/pull/2936) fixes [ISSUE #2935](https://togithub.com/pgjdbc/pgjdbc/issues/2935) - fix: Fix Issue [#2928](https://togithub.com/pgjdbc/pgjdbc/issues/2928) number of ports not equal to number of servers in datasource [PR #2929](https://togithub.com/pgjdbc/pgjdbc/pull/2929) - fix: Use canonical DateStyle name ([#2925](https://togithub.com/pgjdbc/pgjdbc/issues/2925)) fixes [pgbouncer issue](https://togithub.com/pgbouncer/pgbouncer/issues/776) - fix: Method getFastLong should be able to parse all longs [PR #2881](https://togithub.com/pgjdbc/pgjdbc/pull/2881) - docs: Fix typos in info.html [PR #2860](https://togithub.com/pgjdbc/pgjdbc/pull/2860) - fix: Return correct default from PgDatabaseMetaData.getDefaultTransactionIsolation [PR #2992](https://togithub.com/pgjdbc/pgjdbc/pull/2992) fixes [Issue #2991](https://togithub.com/pgjdbc/pgjdbc/issues/2991) - test: fix assertion in RefCursorFetchTestultFetchSize rows - test: use try-with-resources in LogicalReplicationStatusTestConfiguration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.