stanbol
stanbol copied to clipboard
Published
20 hours ago •
apache
apache
Bump org.postgresql:postgresql from 9.2-1003-jdbc4 to 42.3.9 in /commons/marmotta/kiwi
Bumps org.postgresql:postgresql from 9.2-1003-jdbc4 to 42.3.9.
Release notes
Sourced from org.postgresql:postgresql's releases.
v42.3.8
What's Changed
- backpatch changes for 42.5.1 by
@davecramerin pgjdbc/pgjdbc#2674Full Changelog: https://github.com/pgjdbc/pgjdbc/compare/REL42.3.7...REL42.3.8
v42.3.7
What's Changed
- backpatch changes from GHSA-r38f-c4h4-hqq2 security advisory for CVE-2022-31197 by
@davecramerin pgjdbc/pgjdbc#2607Full Changelog: https://github.com/pgjdbc/pgjdbc/compare/REL42.3.6...REL42.3.7
v42.3.6
What's Changed
- Fix heading format for version numbers [SKIP-CI] by
@davecramerin pgjdbc/pgjdbc#2504- fix: close refcursors when underlying cursor==null instead of relying on defaultRowFetchSize by
@vlsiin pgjdbc/pgjdbc#2377- Created release notes for 42.3.6 [SKIP-CI] by
@davecramerin pgjdbc/pgjdbc#2515Full Changelog: https://github.com/pgjdbc/pgjdbc/compare/REL42.3.5...REL42.3.6
v42.3.5
What's Changed
- move version to 42.3.5 [SKIP-CI] by
@davecramerin pgjdbc/pgjdbc#2493- perf: enable tcpNoDelay by default by
@obourgainin pgjdbc/pgjdbc#2495- docs: fix readme.md after #2495 by
@obourgainin pgjdbc/pgjdbc#2496- Added KEYS file to allow for verifying artifacts by
@davecramerin pgjdbc/pgjdbc#2499- feat: targetServerType=preferPrimary connection parameter by
@mitya555in pgjdbc/pgjdbc#2483- fix: revert removal of toOffsetDateTime(String timestamp) fixes #Issue 2497 by
@davecramerin pgjdbc/pgjdbc#2501- chore: use GitHub Action concurrency feature to terminate CI jobs on fast PR pushes by
@vlsiin pgjdbc/pgjdbc#2405- Releasenotes 42.3.5 by
@davecramerin pgjdbc/pgjdbc#2502- More changlog additions added chore to terminate CI jobs on fast PR pushes [SKIP-CI] by
@davecramerin pgjdbc/pgjdbc#2503New Contributors
@obourgainmade their first contribution in pgjdbc/pgjdbc#2495@mitya555made their first contribution in pgjdbc/pgjdbc#2483Full Changelog: https://github.com/pgjdbc/pgjdbc/compare/REL42.3.4...REL42.3.5
v42.3.4
What's Changed
- Use non-synchronized getTimeZone in TimestampUtils by
@TeslaCNin pgjdbc/pgjdbc#2451- docs: Update testing documentation by
@davecramerin pgjdbc/pgjdbc#2446- fix: Throw an exception if the driver cannot parse the URL instead of returning NULL by
@davecramerin pgjdbc/pgjdbc#2441- fix: Use PGProperty instead of the property names directly by
@davecramerin pgjdbc/pgjdbc#2444- fix: change PGInterval parseISO8601Format to support fractional second by
@paulo-kluhin pgjdbc/pgjdbc#2457- docs: update changelog, missing links at bottom and formatting by
@davecramerin pgjdbc/pgjdbc#2460- docs: Fix CHANGELOG.md misformatted markdown headings by
@fcvin pgjdbc/pgjdbc#2461
... (truncated)
Changelog
Sourced from org.postgresql:postgresql's changelog.
Changelog
Notable changes since version 42.0.0, read the complete History of Changes.
The format is based on Keep a Changelog.
[Unreleased]
Changed
Added
Fixed
[42.7.2] (2024-02-21 08:23:00 -0500)
Security
- security: SQL Injection via line comment generation, it is possible in
SimpleQuerymode to generate a line comment by having a placeholder for a numeric with a-such as-?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment. This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.Changed
- fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed [PR #3101](pgjdbc/pgjdbc#3101)
- perf: Avoid autoboxing bind indexes by
@bokkenin [PR #1244](pgjdbc/pgjdbc#1244)- refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by
@vlsiin [PR #3084](pgjdbc/pgjdbc#3084)Added
- feat: Add PasswordUtil for encrypting passwords client side [PR #3082](pgjdbc/pgjdbc#3082)
[42.7.1] (2023-12-06 08:34:00 -0500)
Changed
- perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing [PR #3044](pgjdbc/pgjdbc#3044)
Fixed
- fix: Apply connectTimeout before SSLSocket.startHandshake to avoid infinite wait in case the connection is broken [PR #3040](pgjdbc/pgjdbc#3040)
- fix: support waffle-jna 2.x and 3.x by using reflective approach for ManagedSecBufferDesc [PR #2720](pgjdbc/pgjdbc#2720) Fixes [Issue #2690](pgjdbc/pgjdbc#2720).
- fix: NoSuchMethodError on ByteBuffer#position When Running on Java 8 when accessing arrays, fixes [Issue #3014](pgjdbc/pgjdbc#3014)
- Revert "[PR #2925](pgjdbc/pgjdbc#2925) Use canonical DateStyle name" [PR #3035](pgjdbc/pgjdbc#3035) Fixes [Issue #3008](pgjdbc/pgjdbc#3008)
- Revert "[PR ##2973](pgjdbc/pgjdbc#2973) feat: support SET statements combining with other queries with semicolon in PreparedStatement" [PR #3010](pgjdbc/pgjdbc#3010) Fixes [Issue #3007](pgjdbc/pgjdbc#3007)
- fix: avoid timezone conversions when sending LocalDateTime to the database #2852 Fixes [Issue #1390](pgjdbc/pgjdbc#1390) ,[Issue #2850](pgjdbc/pgjdbc#2850) Closes [Issue #1391(https://redirect.github.com/pgjdbc/pgjdbc/issues/1391)
[42.7.0] (2023-11-20 09:33:00 -0500)
Changed
- fix: Deprecate for removal PGPoint.setLocation(java.awt.Point) to cut dependency to
java.desktopmodule. [PR #2967](pgjdbc/pgjdbc#2967)- feat: return all catalogs for getCatalogs metadata query closes [ISSUE #2949](pgjdbc/pgjdbc#2949) [PR #2953](pgjdbc/pgjdbc#2953)
- feat: support SET statements combining with other queries with semicolon in PreparedStatement [PR ##2973](pgjdbc/pgjdbc#2973)
... (truncated)
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency -
@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}