bea/release-hive
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Update dependency org.postgresql:postgresql to v42.7.8 #18

Merged
bea merged 1 commits from renovate/org.postgresql-postgresql-42.x into main 2025-11-06 18:56:17 +01:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate commented 2025-06-11 13:01:10 +02:00
Collaborator
Copy Link

This PR contains the following updates:

Package Type Update Change
org.postgresql:postgresql (source) compile patch 42.7.6 -> 42.7.8

Release Notes

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.8

Added
  • feat: Add configurable boolean-to-numeric conversion for ResultSet getters PR #​3796
Changed
  • perf: remove QUERY_ONESHOT flag when calling getMetaData PR #​3783
  • perf: use BufferedInputStream with FileInputStream PR #​3750
  • perf: enable server-prepared statements for DatabaseMetaData
Fixed
  • fix: avoid NullPointerException when cancelling a query if cancel key is not known yet
  • fix: Change "PST" timezone in TimestampTest to "Pacific Standard Time" PR #​3774
  • fix: traverse the current dimension to get the correct pos in PgArray#calcRemainingDataLength PR #​3746
  • fix: make sure getImportedExportedKeys returns columns in consistent order
  • fix: Add "SELF_REFERENCING_COL_NAME" field to getTables' ResultSetMetaData to fix NullPointerException PR #​3660
  • fix: unable to open replication connection to servers < 12
  • fix: avoid closing statement caused by driver's internal ResultSet#close()
  • fix: return empty metadata for empty catalog names as it was before
  • fix: Incorrect class comparison in PGXmlFactoryFactory validation

v42.7.7

Security
  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration.
    Fix channel binding required handling to reject non-SASL authentication
    Previously, when channel binding was set to "require", the driver would silently ignore this
    requirement for non-SASL authentication methods. This could lead to a false sense of security
    when channel binding was explicitly requested but not actually enforced. The fix ensures that when
    channel binding is set to "require", the driver will reject connections that use
    non-SASL authentication methods or when SASL authentication has not completed properly.
    See the Security Advisory for more detail. Reported by George MacKerron
    The following CVE-2025-49146 has been issued
Added
  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.postgresql:postgresql](https://jdbc.postgresql.org) ([source](https://github.com/pgjdbc/pgjdbc)) | compile | patch | `42.7.6` -> `42.7.8` | --- ### Release Notes <details> <summary>pgjdbc/pgjdbc (org.postgresql:postgresql)</summary> ### [`v42.7.8`](https://github.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4278-2025-09-18) ##### Added - feat: Add configurable boolean-to-numeric conversion for ResultSet getters [PR #&#8203;3796](https://github.com/pgjdbc/pgjdbc/pull/3796) ##### Changed - perf: remove QUERY\_ONESHOT flag when calling getMetaData [PR #&#8203;3783](https://github.com/pgjdbc/pgjdbc/pull/3783) - perf: use `BufferedInputStream` with `FileInputStream` [PR #&#8203;3750](https://github.com/pgjdbc/pgjdbc/pull/3750) - perf: enable server-prepared statements for DatabaseMetaData ##### Fixed - fix: avoid NullPointerException when cancelling a query if cancel key is not known yet - fix: Change "PST" timezone in TimestampTest to "Pacific Standard Time" [PR #&#8203;3774](https://github.com/pgjdbc/pgjdbc/pull/3774) - fix: traverse the current dimension to get the correct pos in PgArray#calcRemainingDataLength [PR #&#8203;3746](https://github.com/pgjdbc/pgjdbc/pull/3746) - fix: make sure getImportedExportedKeys returns columns in consistent order - fix: Add "SELF\_REFERENCING\_COL\_NAME" field to getTables' ResultSetMetaData to fix NullPointerException [PR #&#8203;3660](https://github.com/pgjdbc/pgjdbc/pull/3660) - fix: unable to open replication connection to servers < 12 - fix: avoid closing statement caused by driver's internal ResultSet#close() - fix: return empty metadata for empty catalog names as it was before - fix: Incorrect class comparison in PGXmlFactoryFactory validation ### [`v42.7.7`](https://github.com/pgjdbc/pgjdbc/blob/HEAD/CHANGELOG.md#4277-2025-06-10) ##### Security - security: **Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration.** Fix `channel binding required` handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the [Security Advisory](https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54) for more detail. Reported by [George MacKerron](https://github.com/jawj) The following [CVE-2025-49146](https://nvd.nist.gov/vuln/detail/CVE-2025-49146) has been issued ##### Added - test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMTEuNCIsInVwZGF0ZWRJblZlciI6IjQyLjAuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
renovate added 1 commit 2025-06-11 13:01:11 +02:00
Update dependency org.postgresql:postgresql to v42.7.7 9d7b2b94bd
renovate changed title from Update dependency org.postgresql:postgresql to v42.7.7 to Update dependency org.postgresql:postgresql to v42.7.8 2025-11-06 14:45:06 +01:00
renovate force-pushed renovate/org.postgresql-postgresql-42.x from 9d7b2b94bd to 91415bea5b 2025-11-06 14:45:07 +01:00 Compare
bea merged commit 574dd4c093 into main 2025-11-06 18:56:17 +01:00
bea deleted branch renovate/org.postgresql-postgresql-42.x 2025-11-06 18:56:17 +01:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
renovate bea
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: bea/release-hive#18
Delete Branch "renovate/org.postgresql-postgresql-42.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?