[jira] [Created] (SPARK-39996) Upgrade postgresql to 42.4.1

Jira Sat, 06 Aug 2022 03:45:05 -0700

Bjørn Jørgensen created SPARK-39996:
---------------------------------------


             Summary: Upgrade postgresql to 42.4.1
                 Key: SPARK-39996
                 URL: https://issues.apache.org/jira/browse/SPARK-39996
             Project: Spark
          Issue Type: Dependency upgrade
          Components: Build
    Affects Versions: 3.4.0
            Reporter: Bjørn Jørgensen




### Security
- fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to escape 
column identifiers so as to prevent SQL injection.
  - Previously, the column names for both key and data columns in the table 
were copied as-is into the generated
  SQL. This allowed a malicious table with column names that include statement 
terminator to be parsed and
  executed as multiple separate commands.
  - Also adds a new test class ResultSetRefreshTest to verify this change.
  - Reported by [Sho Kato](https://github.com/kato-sho)

[Release 
note|https://github.com/pgjdbc/pgjdbc/commit/bd91c4cc76cdfc1ffd0322be80c85ddfe08a38c2]
 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (SPARK-39996) Upgrade postgresql to 42.4.1

Reply via email to