Upgrade PostgreSQL JDBC driver to 42.5.0

XMLWordPrintable

      Upgrade PostgreSQL JDBC driver to 42.5.0 for CVE-2022-21724 (fixed in 42.3.2+)

      For details see: https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md

      Bitbucket would not be directly vulnerable to this as it requires the attacker to control the JDBC URL, something that is restricted to users with SYS_ADMIN permission. However this driver version has shown up on a customers vulnerability scan so it would be good to update it.

            Assignee:
            Unassigned
            Reporter:
            Ben Humphreys
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: