[FOLIO-3637] spring-module-core postgresql 42.5.0 Created: 09/Nov/22  Updated: 17/Nov/22  Resolved: 14/Nov/22

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: P3
Reporter: Julian Ladisch Assignee: Julian Ladisch
Resolution: Done Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Gantt End to Start
has to be done before FOLIO-3642 Release spring-module-core 1.1.2 for ... Closed
Sprint:
Development Team: Core: Platform
RCA Group: Related dependency upgrade

 Description   

Upgrade postgresql (JDBC driver) from 42.3.3 to 42.5.0. This fixes SQL Injection:
https://nvd.nist.gov/vuln/detail/CVE-2022-31197

42.3 and 42.4 have reached end-of-life and are no longer supported:
https://jdbc.postgresql.org/download/

 



 Comments   
Comment by Ann-Marie Breaux (Inactive) [ 10/Nov/22 ]

Hi Julian Ladisch and William Welling Which dev team should this bug belong to?

Comment by Marc Johnson [ 17/Nov/22 ]

Ann-Marie Breaux

Which dev team should this bug belong to?

Julian Ladisch made the change, so I've associated it with Core Platform

Generated at Thu Feb 08 23:29:35 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.