Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Done
Fix Version/s: 7.6.20, 7.17.13, 7.21.7, 8.5.0
Component/s: Database - PostgreSQL
Labels:
None

Feedback Policy:

We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

Upgrade PostgreSQL JDBC driver to 42.5.0 for CVE-2022-21724 (fixed in 42.3.2+)

For details see: https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md

Bitbucket would not be directly vulnerable to this as it requires the attacker to control the JDBC URL, something that is restricted to users with SYS_ADMIN permission. However this driver version has shown up on a customers vulnerability scan so it would be good to update it.

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(8 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Ben Humphreys

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Nov/2022 12:11 AM

Updated:: 01/Mar/2023 2:58 PM

Resolved:: 16/Nov/2022 12:11 AM