[jira] [Work logged] (KNOX-3322) Upgrade Postgresql to 42.7.11 to Fix CVE's

Mon, 18 May 2026 00:01:17 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-3322?focusedWorklogId=1020723&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1020723
 ]

ASF GitHub Bot logged work on KNOX-3322:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 18/May/26 06:59
            Start Date: 18/May/26 06:59
    Worklog Time Spent: 10m 
      Work Description: smolnar82 commented on PR #1231:
URL: https://github.com/apache/knox/pull/1231#issuecomment-4475182778

   I ran the following tests:
   - built Knox with the new PostgreSQL version
   - ensured JDBC TSS started properly:
   ```
   2026-05-18 08:49:58,674  INFO  knox.gateway 
(AbstractServiceFactory.java:logServiceUsage(105)) - Using 
org.apache.knox.gateway.services.token.impl.JDBCTokenStateService 
implementation for TokenStateService
   ...
   2026-05-18 08:49:59,189  INFO  knox.gateway 
(AbstractGatewayServices.java:start(60)) - Starting service: 
org.apache.knox.gateway.services.token.impl.JDBCTokenStateService
   ```
   
   - generated a token:
   
   <img width="1716" height="726" alt="image" 
src="https://github.com/user-attachments/assets/216a74e9-b129-4ad9-bab4-9c4f2d85f845";
 />
   
   - verified it was added in the DB:
   <img width="1435" height="579" alt="image" 
src="https://github.com/user-attachments/assets/6a29d33a-7faa-40ed-a475-e4fe6a02ddc4";
 />
   
   - the token appeared on the Token Management page where I revoked it:
   
   ```
   2026-05-18 08:53:52,207 68b8d90e-27b8-47e4-b986-21a5d12dc646 INFO  
service.knoxtoken (TokenResource.java:buildResponseMap(1042)) - Knox Token 
service (homepage) issued token eyJqa3...F8vS0g (2c114bbe...ce3909cef3a1)
   2026-05-18 08:56:49,899 91fb3e78-1877-4145-9faf-adf82dd76df3 INFO  
service.knoxtoken (TokenResource.java:revoke(679)) - Knox Token service 
(homepage) revoked token 2c114b...cef3a1 (2c114bbe...ce3909cef3a1) 
(renewer=admin)
   ```
   
   




Issue Time Tracking
-------------------

    Worklog Id:     (was: 1020723)
    Time Spent: 40m  (was: 0.5h)

> Upgrade Postgresql to 42.7.11 to Fix CVE's
> ------------------------------------------
>
>                 Key: KNOX-3322
>                 URL: https://issues.apache.org/jira/browse/KNOX-3322
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Keshav Katkar
>            Priority: Major
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Postgresql prior to version 42.7.11 suffers from CVE 
> [CVE-2026-42198.|https://www.cve.org/CVERecord?id=CVE-2026-42198]
> Upgrading it to latest version of postgresql should fix the CVE



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to