dependabot[bot] opened a new pull request, #780:
URL: https://github.com/apache/flink-kubernetes-operator/pull/780
Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from
42.5.4 to 42.5.5.
Changelog
Sourced from https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md;>org.postgresql:postgresql's
changelog.
Changelog
Notable changes since version 42.0.0, read the complete https://jdbc.postgresql.org/documentation/changelog.html;>History of
Changes.
The format is based on http://keepachangelog.com/en/1.0.0/;>Keep
a Changelog.
[Unreleased]
Changed
Added
Fixed
[42.7.2] (2024-02-21 08:23:00 -0500)
Security
security: SQL Injection via line comment generation, it is possible in
SimpleQuery mode to generate a line comment by having a
placeholder for a numeric with a -
such as -?. There must be second placeholder for a string
immediately after. Setting the parameter to a -ve value creates a line comment.
This has been fixed in this version fixes https://www.cve.org/CVERecord?id=CVE-2024-1597;>CVE-2024-1597.
Reported by https://github.com/paul-gerste-sonarsource;>Paul
Gerste. See the https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56;>security
advisory for more details. This has been fixed in versions 42.7.2, 42.6.1
42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work
arounds.
Changed
fix: Use simple query for isValid. Using Extended query sends two
messages checkConnectionQuery was never ever set or used, removed [PR https://redirect.github.com/pgjdbc/pgjdbc/issues/3101;>#3101](https://redirect.github.com/pgjdbc/pgjdbc/pull/3101;>pgjdbc/pgjdbc#3101)
perf: Avoid autoboxing bind indexes by https://github.com/bokken;>@bokken in [PR https://redirect.github.com/pgjdbc/pgjdbc/issues/1244;>#1244](https://redirect.github.com/pgjdbc/pgjdbc/pull/1244;>pgjdbc/pgjdbc#1244)
refactor: Document that encodePassword will zero out the password array,
and remove driver's default encodePassword by https://github.com/vlsi;>@vlsi in [PR https://redirect.github.com/pgjdbc/pgjdbc/issues/3084;>#3084](https://redirect.github.com/pgjdbc/pgjdbc/pull/3084;>pgjdbc/pgjdbc#3084)
Added
feat: Add PasswordUtil for encrypting passwords client side [PR https://redirect.github.com/pgjdbc/pgjdbc/issues/3082;>#3082](https://redirect.github.com/pgjdbc/pgjdbc/pull/3082;>pgjdbc/pgjdbc#3082)
[42.7.1] (2023-12-06 08:34:00 -0500)
Changed
perf: improve performance of PreparedStatement.setBlob, BlobInputStream,
and BlobOutputStream with dynamic buffer sizing [PR https://redirect.github.com/pgjdbc/pgjdbc/issues/3044;>#3044](https://redirect.github.com/pgjdbc/pgjdbc/pull/3044;>pgjdbc/pgjdbc#3044)
Fixed
fix: Apply connectTimeout before SSLSocket.startHandshake to avoid
infinite wait in case the connection is broken [PR https://redirect.github.com/pgjdbc/pgjdbc/issues/3040;>#3040](https://redirect.github.com/pgjdbc/pgjdbc/pull/3040;>pgjdbc/pgjdbc#3040)
fix: support waffle-jna 2.x and 3.x by using reflective approach for
ManagedSecBufferDesc [PR https://redirect.github.com/pgjdbc/pgjdbc/issues/2720;>#2720](https://redirect.github.com/pgjdbc/pgjdbc/pull/2720;>pgjdbc/pgjdbc#2720)
Fixes [Issue https://redirect.github.com/pgjdbc/pgjdbc/issues/2690;>#2690](https://redirect.github.com/pgjdbc/pgjdbc/issues/2720;>pgjdbc/pgjdbc#2720).
fix: NoSuchMethodError on ByteBuffer#position When Running on Java 8
when accessing arrays, fixes [Issue https://redirect.github.com/pgjdbc/pgjdbc/issues/3014;>#3014](https://redirect.github.com/pgjdbc/pgjdbc/issues/3014;>pgjdbc/pgjdbc#3014)
Revert [PR https://redirect.github.com/pgjdbc/pgjdbc/issues/2925;>#2925](https://redirect.github.com/pgjdbc/pgjdbc/pull/2925;>pgjdbc/pgjdbc#2925)
Use canonical DateStyle name [PR https://redirect.github.com/pgjdbc/pgjdbc/issues/3035;>#3035](https://redirect.github.com/pgjdbc/pgjdbc/pull/3035;>pgjdbc/pgjdbc#3035)
Fixes [Issue https://redirect.github.com/pgjdbc/pgjdbc/issues/3008;>#3008](https://redirect.github.com/pgjdbc/pgjdbc/issues/3008;>pgjdbc/pgjdbc#3008)
Revert [PR #https://redirect.github.com/pgjdbc/pgjdbc/issues/2973;>#2973](https://redirect.github.com/pgjdbc/pgjdbc/pull/2973;>pgjdbc/pgjdbc#2973)
feat: support SET statements combining with other queries with semicolon in
PreparedStatement [PR https://redirect.github.com/pgjdbc/pgjdbc/issues/3010;>#3010](https://redirect.github.com/pgjdbc/pgjdbc/pull/3010;>pgjdbc/pgjdbc#3010)
Fixes [Issue https://redirect.github.com/pgjdbc/pgjdbc/issues/3007;>#3007](https://redirect.github.com/pgjdbc/pgjdbc/issues/3007;>pgjdbc/pgjdbc#3007)
fix: avoid timezone conversions when sending LocalDateTime to the
database https://redirect.github.com/pgjdbc/pgjdbc/pull/3010;>#2852 Fixes
[Issue https://redirect.github.com/pgjdbc/pgjdbc/issues/1390;>#1390](https://redirect.github.com/pgjdbc/pgjdbc/issues/1390;>pgjdbc/pgjdbc#1390)
,[Issue