Skip to content

Update to Postgres driver version 42.7.7 #1092

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
labkey-susanh merged 1 commit into from
Jun 13, 2025
Merged

Update to Postgres driver version 42.7.7 #1092

labkey-susanh merged 1 commit into from
Jun 13, 2025

Conversation

@labkey-susanh
Copy link
Contributor

@labkey-susanh labkey-susanh commented Jun 12, 2025

Rationale

CVE-2025-49146 Affects versions from 42.7.4 until 42.7.7. We are not at risk since we do not configure channel binding, but good to update just the same.

Changes

  • Update postgresDriverVersion

@labkey-susanh labkey-susanh self-assigned this Jun 12, 2025
labkey-jeckels
labkey-jeckels approved these changes Jun 12, 2025
View reviewed changes
Copy link
Contributor

@labkey-jeckels labkey-jeckels left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, pending positive feedback from TeamCity.

@labkey-susanh labkey-susanh merged commit c2239a7 into release25.3-SNAPSHOT Jun 13, 2025
10 checks passed
@labkey-susanh labkey-susanh deleted the 25.3_fb_postgresDriver branch June 13, 2025 00:21
@labkey-adam
Copy link
Contributor

labkey-adam commented Jun 13, 2025

@labkey-susanh @labkey-jeckels As mentioned in the "Upgrade Dependencies" doc, we've been holding off upgrading the PG JDBC driver due to a metadata retrieval performance issue that @labkey-tchad filed. Doesn't look like that's been fixed... or has it? Are we okay upgrading with this degradation in place?

@labkey-susanh
Copy link
Contributor Author

labkey-susanh commented Jun 13, 2025

@labkey-susanh @labkey-jeckels As mentioned in the "Upgrade Dependencies" doc, we've been holding off upgrading the PG JDBC driver due to a metadata retrieval performance issue that @labkey-tchad filed. Doesn't look like that's been fixed... or has it? Are we okay upgrading with this degradation in place?

Thanks, @labkey-adam. I didn't realize/remember that this was a thing. I think we're probably safe to suppress this CVE since it's related to functionality that we do not use. Anyone disagree?

@labkey-jeckels
Copy link
Contributor

labkey-jeckels commented Jun 13, 2025

@labkey-susanh @labkey-jeckels As mentioned in the "Upgrade Dependencies" doc, we've been holding off upgrading the PG JDBC driver due to a metadata retrieval performance issue that @labkey-tchad filed. Doesn't look like that's been fixed... or has it? Are we okay upgrading with this degradation in place?

Thanks, @labkey-adam. I didn't realize/remember that this was a thing. I think we're probably safe to suppress this CVE since it's related to functionality that we do not use. Anyone disagree?

Sounds correct to me.

@labkey-susanh labkey-susanh mentioned this pull request Jun 13, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@labkey-jeckels labkey-jeckels labkey-jeckels approved these changes

@labkey-adam labkey-adam Awaiting requested review from labkey-adam

Assignees

@labkey-susanh labkey-susanh

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@labkey-susanh @labkey-adam @labkey-jeckels