CVE-2022-21724 JDBC driver update for Migration Toolkit (MTK)

Jamie Watt
Jamie Watt

A CVE was recently reported against a vulnerability found in the PostgreSQL JDBC driver, CVE-2022-21724. This article is intended to instruct users how to address the risk in the Migration Toolkit.

Upgrade of PostgreSQL and EDB JDBC Drivers in Migration Toolkit

The PostgreSQL JDBC Driver needs to be upgraded to version 42.3.2 or later and the EnterpriseDB JDBC Driver needs to be upgraded to the latest version, 42.3.2.1 in Migration Toolkit. This upgrade fixes the CVE-2022-21724 vulnerability reported in older versions of PostgreSQL and EnterpriseDB JDBC Drivers. Please follow the below instructions to update the JDBC Driver.

Update Source-specific Drivers

Before invoking EDB Migration Toolkit, you must download and install a freely available source-specific driver. To download PostgreSQL drivers please visit a vendor specific website. For the EDB JDBC Driver, please visit the EDB Connectors section of the Downloads page at the EnterpriseDB website. The links for both are provided in the relevant sections below.

After downloading the source-specific driver, move or replace the driver file in the <mtk_install_dir>/lib directory. Please make sure that there is only one version of the JDBC driver in the <mtk_install_dir>/lib directory.

PostgreSQL JDBC Driver

The PostgreSQL JDBC driver version 42.3.2 is available at the following link.

https://jdbc.postgresql.org/download.html

EDB JDBC Driver

The EDB JDBC driver is available on the EnterpriseDB Download page.

https://www.enterprisedb.com/software-downloads-postgres#edb-connectors

Select the JDBC 42.3.2.1 option and click on the appropriate link, depending on the required platform, to either access the repo for a linux version of the driver or download the installer for installing the JDBC driver on Windows.

EDB JDBC Driver Installation Steps on Linux

  1. On the EDB repos page, select the desired platform. (CentOS 7 - x86_64 shown in example)
  2. From EDB JDBC Connector select 42.x.x
  3. Follow the instructions to install the EDB JDBC Driver on the right pane.

After installing the updated driver on the desired linux platform, Migration Toolkit will use the new version.

EDB JDBC Driver Installation Steps on Windows

  1. From the Interactive Installers select the desired platform (Windows - x86_64 used in this example)
  2. After the login the download should start automatically.
  3. Execute the downloaded installer file named edb-jdbc-42.3.2.1-1-windows-x64.exe. It will upgrade the existing edb-jdbc installation.
  4. The default path for installation is C:\Program Files\edb\jdbc on a 64 bit machine.
  5. Copy (replace) the edb-jdbc18 from the JDBC driver installation path to the <mtk_install_dir>\lib.

Was this article helpful?

0 out of 0 found this helpful