Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-73578

Upgrade PostgresSQL JDBC driver to 42.2.25+ version

XMLWordPrintable

    • 1
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem Definition

      Jira 8.22.0 and lower versions have PostgresSQL driver version 42.2.23. This version has a vulnerability as described in: https://nvd.nist.gov/vuln/detail/CVE-2022-21724

      Suggested Solution

      Upgrade bundled PostgresSQL JDBC driver to 42.2.25+ version

      Workaround

      Upgrade driver manually , for example to 42.2.25

          Form Name

            [JRASERVER-73578] Upgrade PostgresSQL JDBC driver to 42.2.25+ version

            Security Metrics Bot made changes -
            Labels Original: database security security-imported New: database resolved-in-vf security security-imported
            Karol Skwierawski made changes -
            Assignee New: Karol Skwierawski [ 4e432536cf93 ]
            Karol Skwierawski made changes -
            Fix Version/s New: 8.22.2 [ 99697 ]
            Fix Version/s New: 8.20.12 [ 101716 ]
            Fix Version/s New: 8.13.25 [ 102192 ]
            Resolution New: Fixed [ 1 ]
            Status Original: Gathering Interest [ 11772 ] New: Closed [ 6 ]

            Karol Skwierawski added a comment -

            8.13.25
            8.20.12
            8.22.2

            Karol Skwierawski added a comment - 8.13.25 8.20.12 8.22.2
            Marcin Oles made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 990304 ]
            Jeremy R made changes -
            Security Original: Reporter and Atlassian Staff [ 10751 ]
            Jeremy R made changes -
            Labels Original: database security security-imported shouldBePrivate New: database security security-imported
            Zaro made changes -
            Labels Original: database security security-imported New: database security security-imported shouldBePrivate
            Security New: Reporter and Atlassian Staff [ 10751 ]
            Mateusz Ostaszewski made changes -
            Component/s Original: Environment - Database [ 55604 ]
            Component/s New: Security [ 68109 ]
            SET Analytics Bot made changes -
            UIS Original: 2 New: 1

              4e432536cf93 Karol Skwierawski
              emarghidan Eduard M
              Votes:
              4 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: