Skip to content

Releases: pgjdbc/pgjdbc

v42.7.10

11 Feb 18:58
27571c8

Choose a tag to compare

Changes

🐛 Bug Fixes

  • fix: process pending responses before fastpath to avoid protocol errors @vlsi (#3913)

⬆️ Dependencies

v42.7.9

15 Jan 18:09
79b784e

Choose a tag to compare

Changes

🐛 Bug Fixes

  • fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob @vlsi (#3903)
  • fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext @vlsi (#3886)

📝 Documentation

  • doc: add the new PGP signing key to the official documentation @vlsi (#3813)

🧰 Maintenance

  • chore: remove unused com.github.spotbugs Gradle plugin dependency @vlsi (#3868)
  • chore: drop SpotBugs as we do not seem to use it @vlsi (#3834)
  • chore: bump version to 42.7.9 after 42.7.8 release @vlsi (#3810)

⬆️ Dependencies

45 changes

v42.7.8

18 Sep 21:16

Choose a tag to compare

Notable changes:

  • Releases are signed with a new PGP key which is generated at GitHub Actions and stored only there @vlsi (#3701)

Changes

  • fix: Update release plugin config to use .set(...) for props and inject nexus secrets via props @sehrope (#3802)
  • update version to 42.7.8 @davecramer (#3801)
  • change logs for version 42.7.8 @davecramer (#3797)
  • Fix getNotifications() documentation @pdewacht (#3800)
  • fix(deps): update dependency om.ongres.scram:scram-client to 3.2 @jorsol (#3799)
  • Add configurable boolean-to-numeric conversion for ResultSet getters @vwassan (#3796)
  • Update CONTRIBUTING.md @davecramer (#3794)
  • perf: remove QUERY_ONESHOT flag when calling getMetaData @ShenFeng312 (#3783)
  • test: add bench for batch insert via unnest with arrays @lantalex (#3782)
  • fix: Change "PST" timezone in TimestampTest to "Pacific Standard Time" @simon-greatrix (#3774)
  • Use BufferedInputStream with FileInputStream @jgardn3r (#3750)
  • Fix #3747: Incorrect class comparison in PGXmlFactoryFactory validation @eitch (#3748)
  • fix: traverse the current dimension to get the correct pos in PgArray#calcRemainingDataLength @sly461 (#3746)
  • test: add channelBinding to SslTest @vlsi (#3665)
  • fix: remove excessive ReentrantLock.lock usages @vlsi (#3703)
  • test: add ossf-scorecard security scanning @vlsi (#3695)
  • fix indentation to let CI pass @mohitsatr (#3682)
  • test: extract pgjdbc/testFixtures to testkit project @vlsi (#3666)
  • fix: make sure getImportedExportedKeys returns columns in consistent order @vlsi (#3663)
  • feat: use PreparedStatement for DatabaseMetaData.getCrossReference, getImportedKeys, getExportedKeys @vlsi (#3641)
  • Add "SELF_REFERENCING_COL_NAME" field to getTables' ResultSetMetaData to fix NullPointerException @SophiahHo (#3660)

🐛 Bug Fixes

  • fix: avoid IllegalStateException: Timer already cancelled when StatementCancelTimerTask.run throws a runtime error @vlsi (#3778)
  • fix: avoid NullPointerException when cancelling a query if cancel key is not known yet @vlsi (#3780)
  • fix: unable to open replication connection to servers < 12 @vlsi (#3678)

🧰 Maintenance

  • chore: fix published project name @vlsi (#3809)
  • chore: update publish to Central Portal task name after bumping nmcp @vlsi (#3808)
  • fix(deps): update com.gradleup.nmcp to 1.1.0 @vlsi (#3807)
  • Revert "fix: Update release plugin config to use .set(...) for props and inject nexus creds via gradle props" @vlsi (#3803)
  • chore: group com.gradleup.nmcp version updates @vlsi (#3805)
  • chore: use bump org.apache.bcel:bcel test dependency in testCompileClasspath as well @vlsi (#3775)
  • Fix typo in PGReplicationStream.java @atorik (#3758)
  • chore: remove JDK versions from the key workflow names @vlsi (#3759)
  • chore: add GitHub Actions workflow for generating release PGP key @vlsi (#3701)
  • chore: replace StandardCharsets with Charsets to simplify code @vlsi (#3751)
  • chore: migrate publish workflow to Central Portal publishing via com.gradleup.nmcp @vlsi (#3686)
  • chore: adjust the default branch name for ossf scorecard scan @vlsi (#3697)
  • chore: add top-level read-only permissions for GitHub Actions when missing @vlsi (#3696)
  • chore: use config:best-practices preset for Renovate @vlsi (#3687)
  • refactor: pass ChannelBinding to ScramAuthenticator instead of passing full Properties @vlsi (#3667)
  • chore: update JUnit to 5.13, use @ParameterizedClass @vlsi (#3652)

⬆️ Dependencies

59 changes

v42.7.7

11 Jun 10:31
9217ed1

Choose a tag to compare

Changes

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration.
    Fix channel binding required handling to reject non-SASL authentication
    Previously, when channel binding was set to "require", the driver would silently ignore this
    requirement for non-SASL authentication methods. This could lead to a false sense of security
    when channel binding was explicitly requested but not actually enforced. The fix ensures that when
    channel binding is set to "require", the driver will reject connections that use
    non-SASL authentication methods or when SASL authentication has not completed properly.
    See the Security Advisory for more detail. Reported by George MacKerron
    The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

  • fix: ensure Connection.isValid() returns true even if prepared statements deallocate @vlsi (#3655)

🧰 Maintenance

  • chore: bump slf4j and logback versions used for pgjdbc-osgi-test @vlsi (#3653)
  • chore: fix the default branch name for dependency-submission action @vlsi (#3650)
  • chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @vlsi (#3646)

⬆️ Dependencies

12 changes
  • chore: bump slf4j and logback versions used for pgjdbc-osgi-test @vlsi (#3653)
  • chore(deps): update oracle-actions/setup-java action to v1.4.2 @renovate-bot (#3643)
  • fix(deps): update dependency checkstyle to v10.25.0 @renovate-bot (#3644)
  • chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @vlsi (#3646)
  • fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25 @renovate-bot (#3648)
  • fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite.gradle.plugin to v7.7.0 @renovate-bot (#3649)
  • chore(deps): update plugin com.gradle.develocity to v4.0.2 @renovate-bot (#3647)
  • chore(deps): update codecov/codecov-action digest to 15559ed @renovate-bot (#3636)
  • chore(deps): update dependency gradle to v8.14.1 @renovate-bot (#3637)
  • chore(deps): update plugin org.jetbrains.kotlin.jvm to v2.1.21 - autoclosed @renovate-bot (#3638)
  • chore(deps): update dependency sbt/sbt to v1.11.0 @renovate-bot (#3640)
  • fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.plugin to v6.1.13 @renovate-bot (#3639)

v42.7.6

28 May 15:19
689708f

Choose a tag to compare

Changes

  • Prepare release notes for release 42_7_6 (new format) @davecramer (#3628)
  • fix: isValid incorrectly called execute, instead of executeWithFlags fixes Issue #3630 @davecramer (#3631)
  • add override @davecramer (#3629)
  • add the ability to turn off automatic LSN flush @davecramer (#3403)
  • test: add tests with reWriteBatchedInserts=true @vlsi (#3616)
  • test: add CI executions with adaptive_fetch=true by default @vlsi (#3615)
  • test: simplify TestUtil.openDB, add tests with various assumeMinServerVersion values @vlsi (#3614)
  • Deprecate group startup parms @davecramer (#3613)
  • Add back application name setting @joejensen (#3509)
  • Copr: Use Java 21 as the build dependency @mkoncek (#3607)
  • fix indentation of return child to allow built pass in Checkstyle's CIs @mohitsatr (#3611)
  • Set column name explicitely when using current_database() in queries @kneth (#3526)
  • add PgMessageType and use static variables for protocol literals @davecramer (#3609)
  • Handle protocol 3.2 and wider cancel keys. @davecramer (#3592)
  • refactor empty resultset to use empty result set if the catalog is not correct @davecramer (#3588)
  • Use query to find the current catalog instead of relying on the database in the connection URL or connection properties as this could be different if connected through a pooler or proxy @davecramer (#3565)
  • ci: add Java 24 tests @davecramer (#3580)
  • docs: Relabel 42.7.4 as past version as it is no longer the latest @sehrope (#3586)
  • test: remove stale logging message from SslTest @vlsi (#3584)
  • chore: appply the latest byte-buddy version for tests so we support the latest Java versions @vlsi (#3583)
  • fix: make PgConnection#abort compatible with Java 24 @vlsi (#3582)
  • chore(deps): update plugin com.github.burrunan.s3-build-cache to v1.8.5 @renovate-bot (#3573)
  • Fix JavadocTagContinuationIndentation in AfterBeforeParameterResolver @Anmol202005 (#3566)
  • Revert "use in row values instead of union all (#3510)" @vlsi (#3524)
  • use in row values instead of union all @davecramer (#3510)
  • feat: enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property @raminorujov (#3513)
  • Nit: correct message in main.yml test action @ecki (#3503)
  • chore: use import instead of require to support modern NodeJS @vlsi (#3502)
  • chore: use PostgreSQL 17 rather than 17rc1 for CI tests @vlsi (#3501)
  • chore: add ErrorProne verification to catch bugs ealier @vlsi (#3493)
  • fix: ArrayIndexOutOfBounds when write big object into GSS enabled connection, make GSSInputStream robust in face of streams that produce incomplete reads @vlsi (#3500)
  • refactor: factor out duplicated .getBytes() when converting date/time to Date/Time/Timestamp @vlsi (#3497)
  • chore: exclude Oracle Java 17 from CI tests @vlsi (#3499)
  • chore: remove unused Travis CI configuration @vlsi (#3498)
  • Undeprecate sslfactoryarg connection property @sehrope (#3496)
  • fix:Fix sending extra_float_digits @davecramer (#3491)

🐛 Bug Fixes

  • fix: EOFException on PreparedStatement#toString with unset bytea parameter since 42.7.4 @MrEasy (#3369)

🧰 Maintenance

  • chore: use Java 21 for building pgjdbc by default @vlsi (#3612)

⬆️ Dependencies

55 changes

What's Changed

  • fix:Fix sending extra_float_digits by @davecramer in #3491
  • chore(deps): update plugin com.gradle.develocity to v3.19.1 by @renovate-bot in #3488
  • Undeprecate sslfactoryarg connection property by @sehrope in #3496
  • fix(deps): update dependency checkstyle to v10.21.1 by @renovate-bot in #3489
  • fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.plugin to v6.1.2 by @renovate-bot in #3486
  • chore(deps): update codecov/codecov-action digest to 0da7aa6 by @renovate-bot in #3484
  • chore: remove unused Travis CI configuration by @vlsi in #3498
  • chore: exclude Oracle Java 17 from CI tests by @vlsi in #3499
  • refactor: factor out duplicated .getBytes() when converting date/time to Date/Time/Timestamp by @vlsi in #3497
  • fix: ArrayIndexOutOfBounds when write big object into GSS enabled connection, make GSSInputStream robust in face of streams that produce incomplete reads by @vlsi in #3500
  • chore: add ErrorProne verification to catch bugs ealier by @vlsi in #3493
  • fix(deps): update checkerframework by @renovate-bot in #3485
  • chore: use PostgreSQL 17 rather than 17rc1 for CI tests by @vlsi in #3501
  • chore: use import instead of require to support modern NodeJS by @vlsi in http...
Read more

v42.7.5

14 Jan 15:24
94a1693

Choose a tag to compare

Changes

⬆️ Dependencies

32 changes

v42.7.4

22 Aug 16:47
a23fa70

Choose a tag to compare

Changes

⬆️ Dependencies

53 changes

v42.7.3

15 Mar 12:37
818953a

Choose a tag to compare

Changes

v42.7.2

21 Feb 13:51
06abfb7

Choose a tag to compare

Security

CVE-2024-1597 and Security Advisory addressed. The vulnerability occurs only in non-default preferQueryMode=simple mode and only if a negative place holder -? is used. See the security advisory for details

What's Changed

  • perf: avoid autoboxing bind indexes by @bokken in #1244
  • add: Add PasswordUtil for encrypting passwords client side by @sehrope in #3082
  • refactor: document that encodePassword will zero out the password array, and remove driver's default encodePassword by @vlsi in #3084
  • change: Use simple query for isValid. Using Extended query sends two messages by @davecramer in #3101

Full Changelog: REL42.7.1...REL42.7.2

v42.7.1

06 Dec 18:29

Choose a tag to compare

Fixed regressions since 42.7.0

  • Revert "Use canonical DateStyle name (#2925)" @vlsi (#3035)
  • Revert "feat: support SET statements combining with other queries with semicolon in PreparedStatement" @vlsi (#3010)
  • chore: use java.release=8 when building pgjdbc from the generated source distribution @vlsi (#3038), the driver uses Java 8 methods only

Changes

  • Apply connectTimeout before SSLSocket.startHandshake to avoid infinite wait in case the connection is broken @davecramer (#3040)
  • perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing @vlsi (#3044)
  • fix: avoid timezone conversions when sending LocalDateTime to the database @vlsi (#2852)
  • fix: support waffle-jna 2.x and 3.x by using reflective approach for ManagedSecBufferDesc @chrullrich (#2720)

🧰 Maintenance

  • chore: bump Gradle to 8.5 @vlsi (#3045)
  • chore: use Java 17 for building pgjdbc, and use --release 8 to target Java 8, add tests with Java 21 and 22 @vlsi (#3026)
  • fedora/rpm: move source build to java-17-openjdk-devel @praiskup (#3036)
  • Update site 42 7 0 @davecramer (#3004)
  • prepared for release 42.7.1 update changelogs @davecramer (#3037)

⬆️ Dependencies

28 changes