Problem
Upgrade Bamboo PostgreSQL JDBC Driver for CVE-2022-41946 Information Disclosure
Steps to Reproduce
Expected Results
PostgreSQL JDBC Driver version 42.3.8+
Actual Results
PostgreSQL JDBC Driver version <= 42.3.6
Workaround
Upgrade driver version at <BAMBOO_INSTALL>/lib folder to 42.3.8+
https://jdbc.postgresql.org/changelogs/2022-11-23-42.5.1-release/
- Stop Bamboo
- Move the jar file <BAMBOO_INSTALL_DIR>/lib/postgresql-42.3.X.jar
- download the jar from https://jdbc.postgresql.org/download/postgresql-42.3.8.jar
- Copy the jar file to /<BAMBOO_INSTALL_DIR>/lib/.
- Start Bamboo
- Monitor the logs