Update postgresql driver due to CVE-2022-21724 (#5905)

palantir · Feb 11, 2022 · ccc2bb2 · ccc2bb2
1 parent 2738656
commit ccc2bb2
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 3 deletions.
diff --git a/changelog/@unreleased/pr-5905.v2.yml b/changelog/@unreleased/pr-5905.v2.yml
@@ -0,0 +1,9 @@
+type: fix
+fix:
+  description: |-
+    Update postgresql driver due to CVE-2022-21724
+
+    This does not actually affect AtlasDB since the JDBC url is not
+    controllable by an attacker. But it triggers scanners.
+  links:
+  - https://github.com/palantir/atlasdb/pull/5905
diff --git a/gradle/versions.gradle b/gradle/versions.gradle
@@ -28,5 +28,5 @@ ext.libVersions =
     hikariCP: '3.4.1',
     findbugsAnnotations: '2.0.3',
     ant: '1.9.4',
-    postgresql: '42.2.1'
+    postgresql: '42.2.25'
 ]
diff --git a/versions.lock b/versions.lock
@@ -207,7 +207,7 @@ org.assertj:assertj-guava:3.4.0 (1 constraints: 09050636)
 org.awaitility:awaitility:4.1.1 (2 constraints: c71a873b)
 org.caffinitas.ohc:ohc-core:0.3.4 (1 constraints: 950f6988)
 org.checkerframework:checker-compat-qual:2.5.5 (2 constraints: 1f1d1717)
-org.checkerframework:checker-qual:3.19.0 (22 constraints: 3c98857f)
+org.checkerframework:checker-qual:3.19.0 (23 constraints: 33a456a2)
 org.clojure:clojure:1.8.0 (1 constraints: 0b050836)
 org.codehaus.groovy:groovy:2.5.14 (23 constraints: b55185ba)
 org.codehaus.groovy:groovy-cli-picocli:2.5.14 (5 constraints: d54e9017)
@@ -287,7 +287,7 @@ org.ow2.asm:asm-analysis:5.0.3 (1 constraints: ee09d4b2)
 org.ow2.asm:asm-commons:5.0.3 (1 constraints: ee09d4b2)
 org.ow2.asm:asm-tree:5.0.3 (4 constraints: d8272223)
 org.ow2.asm:asm-util:5.0.3 (1 constraints: ee09d4b2)
-org.postgresql:postgresql:42.2.1 (1 constraints: 3b054a3b)
+org.postgresql:postgresql:42.2.25 (1 constraints: 7105bc40)
 org.reflections:reflections:0.9.10 (1 constraints: 3c05433b)
 org.rocksdb:rocksdbjni:6.27.3 (1 constraints: 4405633b)
 org.slf4j:jcl-over-slf4j:1.7.33 (3 constraints: 432fe5ed)