Changes

• Update site for 42.7.10 release @davecramer (#3936)
• Create DisabledIfServerGreater annotation @davecramer (#3937)
• fix non-standard strings failing test for version 19 @davecramer (#3934)
• Revert "fix: make all Calendar instances proleptic Gregorian (#3837)" @davecramer (#3932)
• fix small issues in ConnectionFactoryImpl @davecramer (#3929)
• Migrate to Shadow 9 @Goooler (#3931)
• style: fix empty line before javadoc for checkstyle compliance @Praveen7294 (#3925)
• style: fix lambda argument indentation for checkstyle compliance @aclfe (#3922)
• test: add autosave=always|never|conservative and cleanupSavepoints=true|false to the randomized CI jobs @vlsi (#3917)
• doc: use.md, fix typos @mjschwaiger (#3911)
• doc: datasource.md, fix minor formatting issue @mjschwaiger (#3912)
• lastEditYear to 2026 and bump version @davecramer (#3909)

🐛 Bug Fixes

• fix: process pending responses before fastpath to avoid protocol errors @vlsi (#3913)

⬆️ Dependencies

• chore(deps): update github/codeql-action digest to 4bdb89f @renovate-bot (#3914)
• chore(deps): update ubuntu:24.04 docker digest to cd1dba6 @renovate-bot (#3915)
• chore(deps): update dependency com.typesafe.play:sbt-plugin to v2.9.10 @renovate-bot (#3916)

Changes

• Added changelogs for version 42.7.9 @davecramer (#3908)
• the classloader is nullable, and remove a space @davecramer (#3907)
• fix: incorrect pg_stat_replication.reply_time calculation @atorik (#3906)
• fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only @davecramer (#3897)
• fix badges for maven central and search paths. Sonatype has changed the search paths @davecramer (#3901)
• fix: make all Calendar instances proleptic Gregorian (#3837) @m-van-tilburg (#3887)
• test: add CI tests with Java 26 @vlsi (#3893)
• perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder @vlsi (#3866)
• use ssl_is_used() to check for ssl connection @davecramer (#3867)
• Add PEMKeyManager to handle PEM based certs and keys. @harinath001 (#3700)
• Comment and simplify the complex state machine logic in QueryExecutorImpl @davecramer (#3850)
• Revert "fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN" @davecramer (#3851)
• fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN @ShenFeng312 (#3838)
• Small simplication of locking patterns in QueryExecutorBase @Sanne (#3849)
• doc: update property quoteReturningIdentifiers default value @sodekim (#3847)
• feat: default query timeout property @cfredri4 (#3705)
• create action to deploy docs to https://pgjdbc.github.io/ @davecramer (#3819)
• fix homepage release note @davecramer (#3817)

🐛 Bug Fixes

• fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob @vlsi (#3903)
• fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext @vlsi (#3886)

📝 Documentation

• doc: add the new PGP signing key to the official documentation @vlsi (#3813)

🧰 Maintenance

• chore: remove unused com.github.spotbugs Gradle plugin dependency @vlsi (#3868)
• chore: drop SpotBugs as we do not seem to use it @vlsi (#3834)
• chore: bump version to 42.7.9 after 42.7.8 release @vlsi (#3810)

⬆️ Dependencies

Notable changes:

• Releases are signed with a new PGP key which is generated at GitHub Actions and stored only there @vlsi (#3701)

Changes

• fix: Update release plugin config to use .set(...) for props and inject nexus secrets via props @sehrope (#3802)
• update version to 42.7.8 @davecramer (#3801)
• change logs for version 42.7.8 @davecramer (#3797)
• Fix getNotifications() documentation @pdewacht (#3800)
• fix(deps): update dependency om.ongres.scram:scram-client to 3.2 @jorsol (#3799)
• Add configurable boolean-to-numeric conversion for ResultSet getters @vwassan (#3796)
• Update CONTRIBUTING.md @davecramer (#3794)
• perf: remove QUERY_ONESHOT flag when calling getMetaData @ShenFeng312 (#3783)
• test: add bench for batch insert via unnest with arrays @lantalex (#3782)
• fix: Change "PST" timezone in TimestampTest to "Pacific Standard Time" @simon-greatrix (#3774)
• Use BufferedInputStream with FileInputStream @jgardn3r (#3750)
• Fix #3747: Incorrect class comparison in PGXmlFactoryFactory validation @eitch (#3748)
• fix: traverse the current dimension to get the correct pos in PgArray#calcRemainingDataLength @sly461 (#3746)
• test: add channelBinding to SslTest @vlsi (#3665)
• fix: remove excessive ReentrantLock.lock usages @vlsi (#3703)
• test: add ossf-scorecard security scanning @vlsi (#3695)
• fix indentation to let CI pass @mohitsatr (#3682)
• test: extract pgjdbc/testFixtures to testkit project @vlsi (#3666)
• fix: make sure getImportedExportedKeys returns columns in consistent order @vlsi (#3663)
• feat: use PreparedStatement for DatabaseMetaData.getCrossReference, getImportedKeys, getExportedKeys @vlsi (#3641)
• Add "SELF_REFERENCING_COL_NAME" field to getTables' ResultSetMetaData to fix NullPointerException @SophiahHo (#3660)

🐛 Bug Fixes

• fix: avoid IllegalStateException: Timer already cancelled when StatementCancelTimerTask.run throws a runtime error @vlsi (#3778)
• fix: avoid NullPointerException when cancelling a query if cancel key is not known yet @vlsi (#3780)
• fix: unable to open replication connection to servers < 12 @vlsi (#3678)

🧰 Maintenance

• chore: fix published project name @vlsi (#3809)
• chore: update publish to Central Portal task name after bumping nmcp @vlsi (#3808)
• fix(deps): update com.gradleup.nmcp to 1.1.0 @vlsi (#3807)
• Revert "fix: Update release plugin config to use .set(...) for props and inject nexus creds via gradle props" @vlsi (#3803)
• chore: group com.gradleup.nmcp version updates @vlsi (#3805)
• chore: use bump org.apache.bcel:bcel test dependency in testCompileClasspath as well @vlsi (#3775)
• Fix typo in PGReplicationStream.java @atorik (#3758)
• chore: remove JDK versions from the key workflow names @vlsi (#3759)
• chore: add GitHub Actions workflow for generating release PGP key @vlsi (#3701)
• chore: replace StandardCharsets with Charsets to simplify code @vlsi (#3751)
• chore: migrate publish workflow to Central Portal publishing via com.gradleup.nmcp @vlsi (#3686)
• chore: adjust the default branch name for ossf scorecard scan @vlsi (#3697)
• chore: add top-level read-only permissions for GitHub Actions when missing @vlsi (#3696)
• chore: use config:best-practices preset for Renovate @vlsi (#3687)
• refactor: pass ChannelBinding to ScramAuthenticator instead of passing full Properties @vlsi (#3667)
• chore: update JUnit to 5.13, use @ParameterizedClass @vlsi (#3652)

⬆️ Dependencies

Changes

Security

• security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration.
  Fix channel binding required handling to reject non-SASL authentication
  Previously, when channel binding was set to "require", the driver would silently ignore this
  requirement for non-SASL authentication methods. This could lead to a false sense of security
  when channel binding was explicitly requested but not actually enforced. The fix ensures that when
  channel binding is set to "require", the driver will reject connections that use
  non-SASL authentication methods or when SASL authentication has not completed properly.
  See the Security Advisory for more detail. Reported by George MacKerron
  The following CVE-2025-49146 has been issued

Added

• test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

• fix: ensure Connection.isValid() returns true even if prepared statements deallocate @vlsi (#3655)

🧰 Maintenance

• chore: bump slf4j and logback versions used for pgjdbc-osgi-test @vlsi (#3653)
• chore: fix the default branch name for dependency-submission action @vlsi (#3650)
• chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @vlsi (#3646)

⬆️ Dependencies

Changes

• Prepare release notes for release 42_7_6 (new format) @davecramer (#3628)
• fix: isValid incorrectly called execute, instead of executeWithFlags fixes Issue #3630 @davecramer (#3631)
• add override @davecramer (#3629)
• add the ability to turn off automatic LSN flush @davecramer (#3403)
• test: add tests with reWriteBatchedInserts=true @vlsi (#3616)
• test: add CI executions with adaptive_fetch=true by default @vlsi (#3615)
• test: simplify TestUtil.openDB, add tests with various assumeMinServerVersion values @vlsi (#3614)
• Deprecate group startup parms @davecramer (#3613)
• Add back application name setting @joejensen (#3509)
• Copr: Use Java 21 as the build dependency @mkoncek (#3607)
• fix indentation of return child to allow built pass in Checkstyle's CIs @mohitsatr (#3611)
• Set column name explicitely when using current_database() in queries @kneth (#3526)
• add PgMessageType and use static variables for protocol literals @davecramer (#3609)
• Handle protocol 3.2 and wider cancel keys. @davecramer (#3592)
• refactor empty resultset to use empty result set if the catalog is not correct @davecramer (#3588)
• Use query to find the current catalog instead of relying on the database in the connection URL or connection properties as this could be different if connected through a pooler or proxy @davecramer (#3565)
• ci: add Java 24 tests @davecramer (#3580)
• docs: Relabel 42.7.4 as past version as it is no longer the latest @sehrope (#3586)
• test: remove stale logging message from SslTest @vlsi (#3584)
• chore: appply the latest byte-buddy version for tests so we support the latest Java versions @vlsi (#3583)
• fix: make PgConnection#abort compatible with Java 24 @vlsi (#3582)
• chore(deps): update plugin com.github.burrunan.s3-build-cache to v1.8.5 @renovate-bot (#3573)
• Fix JavadocTagContinuationIndentation in AfterBeforeParameterResolver @Anmol202005 (#3566)
• Revert "use in row values instead of union all (#3510)" @vlsi (#3524)
• use in row values instead of union all @davecramer (#3510)
• feat: enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property @raminorujov (#3513)
• Nit: correct message in main.yml test action @ecki (#3503)
• chore: use import instead of require to support modern NodeJS @vlsi (#3502)
• chore: use PostgreSQL 17 rather than 17rc1 for CI tests @vlsi (#3501)
• chore: add ErrorProne verification to catch bugs ealier @vlsi (#3493)
• fix: ArrayIndexOutOfBounds when write big object into GSS enabled connection, make GSSInputStream robust in face of streams that produce incomplete reads @vlsi (#3500)
• refactor: factor out duplicated .getBytes() when converting date/time to Date/Time/Timestamp @vlsi (#3497)
• chore: exclude Oracle Java 17 from CI tests @vlsi (#3499)
• chore: remove unused Travis CI configuration @vlsi (#3498)
• Undeprecate sslfactoryarg connection property @sehrope (#3496)
• fix:Fix sending extra_float_digits @davecramer (#3491)

🐛 Bug Fixes

• fix: EOFException on PreparedStatement#toString with unset bytea parameter since 42.7.4 @MrEasy (#3369)

🧰 Maintenance

• chore: use Java 21 for building pgjdbc by default @vlsi (#3612)

⬆️ Dependencies

What's Changed

• fix:Fix sending extra_float_digits by @davecramer in #3491
• chore(deps): update plugin com.gradle.develocity to v3.19.1 by @renovate-bot in #3488
• Undeprecate sslfactoryarg connection property by @sehrope in #3496
• fix(deps): update dependency checkstyle to v10.21.1 by @renovate-bot in #3489
• fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.plugin to v6.1.2 by @renovate-bot in #3486
• chore(deps): update codecov/codecov-action digest to 0da7aa6 by @renovate-bot in #3484
• chore: remove unused Travis CI configuration by @vlsi in #3498
• chore: exclude Oracle Java 17 from CI tests by @vlsi in #3499
• refactor: factor out duplicated .getBytes() when converting date/time to Date/Time/Timestamp by @vlsi in #3497
• fix: ArrayIndexOutOfBounds when write big object into GSS enabled connection, make GSSInputStream robust in face of streams that produce incomplete reads by @vlsi in #3500
• chore: add ErrorProne verification to catch bugs ealier by @vlsi in #3493
• fix(deps): update checkerframework by @renovate-bot in #3485
• chore: use PostgreSQL 17 rather than 17rc1 for CI tests by @vlsi in #3501
• chore: use import instead of require to support modern NodeJS by @vlsi in http...

Changes

• update changelogs and increment version in gradle.properties for release @davecramer (#3478)
• regression: revert change in fc60537 @davecramer (#3476)
• Fix PgDatabaseMetaData implementation of catalog as param and return value @SophiahHo (#3390)
• Support default GSS credentials in the Java Postgres client @nrhall (#3451)
• fix: return only the transactions accessible by the current_user in XAResource.recover @vlsi (#3450)
• feat: don't force send extra_float_digits for PostgreSQL >= 12 (#3432) @damienb-opt (#3446)
• fix: exclude "include columns" from the list of primary keys @priteshranjan01 (#3434)
• Enhance the meta query performance by specifying the oid. @dh-cloud (#3427)
• feat: support getObject(int, byte[].class) for bytea @anesterenok (#3274)
• docs: document infinity and some minor edits @davecramer (#3407)
• Added way to check for major server version, fixed check for RULE @davecramer (#3402)
• fixed remaining paragraphs @Zopsss (#3398)
• fixed paragraphs in javadoc comments @Zopsss (#3397)
• Reuse buffers and reduce allocations in GSSInputStream addresses Issue #3251 @davecramer (#3255)
• chore: Update Gradle to 8.10.2 @jorsol (#3388)
• ci: Test with Java 23 @jorsol (#3381)
• Fix getSchemas() @SophiahHo (#3386)
• Update rpm postgresql-jdbc.spec.tpl with scram-client @jorsol (#3324)
• Clearing thisRow and rowBuffer on close() of ResultSet @reallyinsane (#3384)
• Package was renamed to maven-bundle-plugin @ljavorsk (#3382)
• As of version 18 the RULE privilege has been removed @davecramer (#3378)
• fix: use buffered inputstream to create GSSInputStream @Sasasu (#3373)
• get rid of 8.4, 9.0 pg versions and use >= jdk version 17 @davecramer (#3372)
• Changed docker-compose version and renamed script file in instructions to match the real file name @MohanadKh03 (#3363)
• Do not assume "test" database in DatabaseMetaDataTransactionIsolationTest @nvanbenschoten (#3364)
• try to categorize dependencies @davecramer (#3362)

⬆️ Dependencies

Changes

• Prepare for 42.7.4 release @davecramer (#3359)
• fix: remove preDescribe from internalExecuteBatch @vlsi (#2883)
• bug report: PgInterval ignores case for represented interval string @vishalvrv9 (#3344)
• switch localhost and auth-test around @davecramer (#3343)
• Update to 17beta3 @davecramer (#3308)
• perf: avoid extra copies when receiving int4 and int2 in PGStream @vishalvrv9 (#3295)
• Replace greater to with greater than @japinli (#3315)
• Deprecate all PostgreSQL versions older than 9.1 @jorsol (#3335)
• use docker v2 which changes docker-compose to docker compose @davecramer (#3339)
• docs: clarify binaryTransfer and prepareThreshold @Chris-SP365 (#3338)
• Clean up deps licenses, as they are now included in the original JARs @jorsol (#3330)
• Update SCRAM dependency to 3.1 and support channel binding @jorsol (#3188)
• Update use.md, typo @hginzel (#3314)
• Add support for Infinity::numeric values in ResultSet.getObject @mmm444 (#3304)
• chore: implement direct SSL ALPN connections @davecramer (#3252)
• Ensure order of results for getDouble @davecramer (#3301)
• chore: add PostgreSQL 15, 16, and 17beta1 to CI tests @davecramer (#3299)
• Test for +/- infinity double values @davecramer (#3294)
• perf: replace BufferedOutputStream with unsynchronized PgBufferedOutputStream, allow configuring different Java and SO_SNDBUF buffer sizes @vlsi (#3248)
• Fix SSL tests @davecramer (#3260)
• Add Korean translation file @SheerazMajeedM (#3276)
• fix: support bytea in preferQueryMode=simple @vlsi (#3243)
• refactor: merge PgPreparedStatement#setBinaryStream int and long methods @lucifer-Technoking (#3165)
• test: test both binaryMode=true,false when creating connections in DatabaseMetaDataTest @vlsi (#3231)
• Fixed typos in all source code and documentations @SheerazMajeedM (#3242)
• Fix #3234 - Return -1 as update count for stored procedure calls @beikov (#3235)
• Fix #3224 - conversion for TIME '24:00' to LocalTime breaks in binary-mode @pmenke-de (#3225)
• remove self-hosted runner @davecramer (#3227)
• Speed up getDate by parsing bytes instead of String @davecramer (#3141)
• fix: support PreparedStatement.setBlob(1, Blob) and PreparedStatement.setClob(1, Clob) for lobs that return -1 for length @vlsi (#3136)
• correct download for jre7 @davecramer (#3198)
• Docs: Add cancelSignalTimeout in README @imranzaheer612 (#3190)
• Document READ_ONLY_MODE in README @ajacob98 (#3175)
• validates resultsetParams in PGStatement constructor. uses assertThro… @vishalvrv9 (#3171)
• validates resultset parameters @vishalvrv9 (#3167)
• bump version to 42.7.4 @davecramer (#3164)

⬆️ Dependencies

Changes

• bump version to 42.7.4 @davecramer (#3164)
• fix Issue boolean types not handled in SimpleQuery mode @davecramer (#3146)
• The Gradle config enforces 17+ @OrangeDog (#3147)
• Fix 2 changelog entry titles @crunchyjohn (#3142)
• chore: ensure CI jobs include tests for all the values of preferQueryMode, ssl, xa, gss @vlsi (#3137)
• update jdbc website security page with latest security advisory @davecramer (#3135)

Security

CVE-2024-1597 and Security Advisory addressed. The vulnerability occurs only in non-default preferQueryMode=simple mode and only if a negative place holder -? is used. See the security advisory for details

What's Changed

• perf: avoid autoboxing bind indexes by @bokken in #1244
• add: Add PasswordUtil for encrypting passwords client side by @sehrope in #3082
• refactor: document that encodePassword will zero out the password array, and remove driver's default encodePassword by @vlsi in #3084
• change: Use simple query for isValid. Using Extended query sends two messages by @davecramer in #3101

Full Changelog: REL42.7.1...REL42.7.2

Fixed regressions since 42.7.0

• Revert "Use canonical DateStyle name (#2925)" @vlsi (#3035)
• Revert "feat: support SET statements combining with other queries with semicolon in PreparedStatement" @vlsi (#3010)
• chore: use java.release=8 when building pgjdbc from the generated source distribution @vlsi (#3038), the driver uses Java 8 methods only

Changes

• Apply connectTimeout before SSLSocket.startHandshake to avoid infinite wait in case the connection is broken @davecramer (#3040)
• perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing @vlsi (#3044)
• fix: avoid timezone conversions when sending LocalDateTime to the database @vlsi (#2852)
• fix: support waffle-jna 2.x and 3.x by using reflective approach for ManagedSecBufferDesc @chrullrich (#2720)

🧰 Maintenance

• chore: bump Gradle to 8.5 @vlsi (#3045)
• chore: use Java 17 for building pgjdbc, and use --release 8 to target Java 8, add tests with Java 21 and 22 @vlsi (#3026)
• fedora/rpm: move source build to java-17-openjdk-devel @praiskup (#3036)
• Update site 42 7 0 @davecramer (#3004)
• prepared for release 42.7.1 update changelogs @davecramer (#3037)

⬆️ Dependencies