PostgreSQL JDBC versions 42.4.1/42.2.26 Security Update

Поиск
Список
Период
Сортировка
От JDBC Project via PostgreSQL Announce
Тема PostgreSQL JDBC versions 42.4.1/42.2.26 Security Update
Дата
Msg-id 166056971352.655.12904366583007555449@wrigleys.postgresql.org
обсуждение исходный текст
Список pgsql-announce
Дерево обсуждения
 

PostgreSQL JDBC versions 42.4.1/42.2.26 Security Update

The PostgreSQL JDBC team have released 42.2.26 and 42.4.1 to address a security issue: CVE-2022-31197. This is only an issue if you are using ResultSet.refreshRow()

Previously, the column names for both key and data columns in the table were copied as-is into the generated SQL. This allowed a malicious table with column names that include statement terminator to be parsed and executed as multiple separate commands. More information about this security advisory is available here

Thanks to Sho Kato https://github.com/kato-sho for finding and reporting the issue

Regards,

pgjdbc team

This email was sent to you from JDBC Project. It was delivered on their behalf by the PostgreSQL project. Any questions about the content of the message should be sent to JDBC Project.

You were sent this email as a subscriber of the pgsql-announce mailinglist, for for one of the content tags Related Open Source or Security. To unsubscribe from further emails, or change which emails you want to receive, please click the personal unsubscribe link that you can find in the headers of this email, or visit https://lists.postgresql.org/unsubscribe/.
 

В списке pgsql-announce по дате отправления:

Предыдущее
От: PostgreSQL Global Development Group
Дата:
Сообщение: PostgreSQL 14.5, 13.8, 12.12, 11.17, 10.22, and 15 Beta 3 Released!
Следующее
От: CloudNativePG via PostgreSQL Announce
Дата:
Сообщение: CloudNativePG 1.16.1 and 1.15.3 Released!