Skip to content

fix(deps): update dependency org.postgresql:postgresql to v42.7.11#122

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/postgres
Open

fix(deps): update dependency org.postgresql:postgresql to v42.7.11#122
renovate[bot] wants to merge 1 commit intomainfrom
renovate/postgres

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 28, 2026

This PR contains the following updates:

Package Change Age Confidence
org.postgresql:postgresql (source) 42.7.1042.7.11 age confidence

Release Notes

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.11

Security
  • fix: Limit SCRAM PBKDF2 iterations accepted from the server.
    pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins.
    See the Security Advisory for more detail.
    The following CVE-2026-42198 has been issued.
Added
  • feat: implement require_auth connection property, aligning with libpq behavior PR #​3895
Changed
  • chore: replace Appveyor CI with ikalnytskyi/action-setup-postgres PR #​3966
  • chore: upgrade Gradle to v9 PR #​3978
Fixed
  • fix: ensure extended protocol messages end with Sync message PR #​3728
  • fix: enable cursor-based fetching in extended protocol when transaction started via SQL command PR #​3996
  • fix: retry with SSL on IOException when sslMode=ALLOW PR #​3973
  • fix: make sure the driver honours connectTimeout when retrying the connection PR #​3968
  • fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in PR #​3968
  • fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers PR #​3962
  • fix: use compareTo for LogSequenceNumber comparison to handle unsigned values correctly PR #​3961
  • fix: release COPY lock on IOException to prevent connection hang PR #​3957
  • fix: return jsonb as PGObject instead of String PR #​3956
  • fix: align SSL key file permission check with libpq PR #​3952
  • fix: guard connection closed flag with a reentrant lock to protect against concurrent close PR #​3905

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants