[JRASERVER-73578] Upgrade PostgresSQL JDBC driver to 42.2.25+ version

Type: Suggestion
Resolution: Fixed
Fix Version/s: 8.22.2, 8.20.12, 8.13.25
Component/s: Security
Labels:

UIS:
1
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Problem Definition

Jira 8.22.0 and lower versions have PostgresSQL driver version 42.2.23. This version has a vulnerability as described in: https://nvd.nist.gov/vuln/detail/CVE-2022-21724

Workaround

Upgrade driver manually , for example to 42.2.25

is cloned from

JRASERVER-72629 Upgrade PostgresSQL JDBC driver to 42.2.23+ version

Closed

mentioned in: Page Failed to load

Karol Skwierawski added a comment - 21/Feb/2025 2:00 PM

8.13.25
8.20.12
8.22.2

Karol Skwierawski added a comment - 21/Feb/2025 2:00 PM 8.13.25 8.20.12 8.22.2

Andriy Yakovlev [Atlassian] added a comment - 15/Mar/2022 5:28 PM

Hey 41708b72801b

We didn't test this new version yet, so we don't know for sure. Assuming it works fine, then replacing postgresql-42.2.23.jar file with 42.2.25 version is enough

Hope this helps.

Best regards,
Andriy | SET

Andriy Yakovlev [Atlassian] added a comment - 15/Mar/2022 5:28 PM Hey 41708b72801b We didn't test this new version yet, so we don't know for sure. Assuming it works fine, then replacing postgresql-42.2.23.jar file with 42.2.25 version is enough Hope this helps. Best regards, Andriy | SET

Austin added a comment - 15/Mar/2022 4:01 PM

How would one manually update this driver? I see that it's located at /jira-install/lib/postgresql-42.2.23.jar , but would replacing that file with 42.2.25 "just work"? Is there a reference that loads the postgresql-*.jar somewhere that also needs to be updated to point to the new version if you swap the files?

Austin added a comment - 15/Mar/2022 4:01 PM How would one manually update this driver? I see that it's located at /jira-install/lib/postgresql-42.2.23.jar , but would replacing that file with 42.2.25 "just work"? Is there a reference that loads the postgresql-*.jar somewhere that also needs to be updated to point to the new version if you swap the files?

Assignee:: Karol Skwierawski

Reporter:: Eduard M

Votes:: 4 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 15/Mar/2022 10:14 AM

Updated:: 21/Feb/2025 3:04 PM

Resolved:: 21/Feb/2025 2:00 PM

Jira Data Center

Upgrade PostgresSQL JDBC driver to 42.2.25+ version

Problem Definition

Suggested Solution

Workaround

Jira Data Center

Details

Description

Problem Definition

Suggested Solution

Workaround

Attachments

Issue Links

Forms

Activity

[JRASERVER-73578] Upgrade PostgresSQL JDBC driver to 42.2.25+ version

Collapse comment: Karol Skwierawski added a comment - 21/Feb/2025 2:00 PM

Expand comment: Karol Skwierawski added a comment - 21/Feb/2025 2:00 PM

Collapse comment: Andriy Yakovlev [Atlassian] added a comment - 15/Mar/2022 5:28 PM

Expand comment: Andriy Yakovlev [Atlassian] added a comment - 15/Mar/2022 5:28 PM

Collapse comment: Austin added a comment - 15/Mar/2022 4:01 PM

Expand comment: Austin added a comment - 15/Mar/2022 4:01 PM

People

Dates