Release Announcement PostgreSQL JDBC Driver version 42.7.2

Customer Portal
Customer Portal

This article was originally published on February 26, 2024

WHAT’S NEW 

An important software update has been released to address a critical security advisory in the JDBC (Java Database Connectivity) driver for Postgres, which enables Java applications to interact with PostgreSQL and EDB Postgres Extended (PGE) Server.  EDB JDBC Drivers for EDB Postgres Advanced Server (EPAS), which are based on the upstream community driver, are also affected, and updates to address the vulnerability are now available in EDB software repositories.

The PostgreSQL JDBC Driver needs to be upgraded to version 42.7.2 or later, and the EDB JDBC Connector needs to be upgraded to 42.5.4.2 or later.
 

Highlight of this release include:

Type

Highlight

Security 

CVE-2024-1597 is addressed with this software update. As outlined in the Security Advisory, SQL injection is possible when using a non-default connection property (preferQueryMode=simple) along with application code that has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default query mode. 

 
 

TELL ME MORE

Please see the security advisory from the PostgreSQL JDBC Driver community for more details. 


 

IS THIS ANNOUNCEMENT FOR ME?

This announcement is for all EDB customers using Java to communicate with PostgreSQL, EDB Postgres Extended (PGE) Server, and EDB Postgres Advanced Server (EPAS). 


 

HOW TO GET THE SOFTWARE AND APPLY IT

Updated EDB JDBC Drivers are available in EDB Repos in the form of RPM and DEB native packages. They are also packaged and delivered as interactive installers available on the EDB Downloads site. 

Updated JDBC drivers for PostgreSQL are available on PostgreSQL Global Development Group (PGDG) maintained repositories (yum.postgresql.org and apt.postgresql.org). Updated JDBC drivers for PostgreSQL are also available from the community for direct download at https://jdbc.postgresql.org/download/

See your account details for EDB repository credentials. See account registration to create a new account

 
 

TROUBLESHOOTING 

If you experience any problems around the installation, migration, upgrade or general use of your EDB software please contact our Technical Support teams.

Customers may reach us at the EDB Customer Support Portal, and we’re also available 24x7 via email and phone at the details below:

techsupport@enterprisedb.com

trial-help@enterprisedb.com

US +1-732-331-1320 / 1-800-235-5891

UK +44-2033719820

Brazil +55-2139581371

India +91-20-66449612


 

Was this article helpful?

0 out of 0 found this helpful