(dolphinscheduler) branch dev updated: [Improvement-17738][Dependency] Upgrade PostgreSQL JDBC Driver to fix CVE-2024-1597 (#17740)

[zihaoxiang]

This is an automated email from the ASF dual-hosted git repository.

zihaoxiang pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git


The following commit(s) were added to refs/heads/dev by this push:
     new f5535dcfb7 [Improvement-17738][Dependency] Upgrade PostgreSQL JDBC 
Driver to fix CVE-2024-1597 (#17740)
f5535dcfb7 is described below

commit f5535dcfb74b431b4886b08b3aad38b32c9cfcf5
Author: dill <dill2...@163.com>
AuthorDate: Thu Nov 27 10:26:54 2025 +0800

    [Improvement-17738][Dependency] Upgrade PostgreSQL JDBC Driver to fix 
CVE-2024-1597 (#17740)
---
 dolphinscheduler-bom/pom.xml               | 2 +-
 dolphinscheduler-dist/release-docs/LICENSE | 2 +-
 tools/dependencies/known-dependencies.txt  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dolphinscheduler-bom/pom.xml b/dolphinscheduler-bom/pom.xml
index 9173d3efe1..5dc6fd472d 100644
--- a/dolphinscheduler-bom/pom.xml
+++ b/dolphinscheduler-bom/pom.xml
@@ -69,7 +69,7 @@
         <activation.version>1.1</activation.version>
         <javax-mail>1.6.2</javax-mail>
         <guava.version>31.1-jre</guava.version>
-        <postgresql.version>42.4.1</postgresql.version>
+        <postgresql.version>42.4.4</postgresql.version>
         <hive-jdbc.version>2.3.9</hive-jdbc.version>
         <kyuubi-jdbc.version>1.7.0</kyuubi-jdbc.version>
         <commons-io.version>2.19.0</commons-io.version>
diff --git a/dolphinscheduler-dist/release-docs/LICENSE 
b/dolphinscheduler-dist/release-docs/LICENSE
index 5c6b9fb215..3b64695e06 100644
--- a/dolphinscheduler-dist/release-docs/LICENSE
+++ b/dolphinscheduler-dist/release-docs/LICENSE
@@ -533,7 +533,7 @@ The text of each license is also included at 
licenses/LICENSE-[project].txt.
     jakarta.xml.bind-api 2.3.3: 
https://github.com/eclipse-ee4j/jaxb-api/blob/2.3.3/LICENSE.md, BSD 3-clause
     jsch 0.1.42: https://mvnrepository.com/artifact/com.jcraft/jsch/0.1.42, BSD
     leveldbjni-all 1.8: 
https://mvnrepository.com/artifact/org.fusesource.leveldbjni/leveldbjni-all/1.8,
 BSD 3-clause
-    postgresql 42.4.1: 
https://mvnrepository.com/artifact/org.postgresql/postgresql/42.4.1, BSD 
2-clause
+    postgresql 42.4.4: 
https://mvnrepository.com/artifact/org.postgresql/postgresql/42.4.4, BSD 
2-clause
     paranamer 2.3: 
https://mvnrepository.com/artifact/com.thoughtworks.paranamer/paranamer/2.3, BSD
     re2j 1.1: https://github.com/google/re2j/blob/re2j-1.1/LICENSE, BSD 
3-clause
     stax2-api 4.2.1: 
https://mvnrepository.com/artifact/org.codehaus.woodstox/stax2-api/4.2.1, BSD
diff --git a/tools/dependencies/known-dependencies.txt 
b/tools/dependencies/known-dependencies.txt
index df0ae0e0a6..78da859a30 100644
--- a/tools/dependencies/known-dependencies.txt
+++ b/tools/dependencies/known-dependencies.txt
@@ -214,7 +214,7 @@ okio-3.6.0.jar
 okio-jvm-3.6.0.jar
 oshi-core-6.1.1.jar
 paranamer-2.3.jar
-postgresql-42.4.1.jar
+postgresql-42.4.4.jar
 profiles-2.17.282.jar
 protocol-core-2.17.282.jar
 py4j-0.10.9.jar