From ccc2bb29fdc936bc9993a693f561e4213ffba534 Mon Sep 17 00:00:00 2001 From: James Baker Date: Fri, 11 Feb 2022 10:36:16 +0000 Subject: [PATCH] Update postgresql driver due to CVE-2022-21724 (#5905) --- changelog/@unreleased/pr-5905.v2.yml | 9 +++++++++ gradle/versions.gradle | 2 +- versions.lock | 4 ++-- 3 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 changelog/@unreleased/pr-5905.v2.yml diff --git a/changelog/@unreleased/pr-5905.v2.yml b/changelog/@unreleased/pr-5905.v2.yml new file mode 100644 index 00000000000..805cb6746c6 --- /dev/null +++ b/changelog/@unreleased/pr-5905.v2.yml @@ -0,0 +1,9 @@ +type: fix +fix: + description: |- + Update postgresql driver due to CVE-2022-21724 + + This does not actually affect AtlasDB since the JDBC url is not + controllable by an attacker. But it triggers scanners. + links: + - https://github.com/palantir/atlasdb/pull/5905 diff --git a/gradle/versions.gradle b/gradle/versions.gradle index dda85a7ef3d..4975342518e 100644 --- a/gradle/versions.gradle +++ b/gradle/versions.gradle @@ -28,5 +28,5 @@ ext.libVersions = hikariCP: '3.4.1', findbugsAnnotations: '2.0.3', ant: '1.9.4', - postgresql: '42.2.1' + postgresql: '42.2.25' ] diff --git a/versions.lock b/versions.lock index dde3b030e83..bd5f289c8cd 100644 --- a/versions.lock +++ b/versions.lock @@ -207,7 +207,7 @@ org.assertj:assertj-guava:3.4.0 (1 constraints: 09050636) org.awaitility:awaitility:4.1.1 (2 constraints: c71a873b) org.caffinitas.ohc:ohc-core:0.3.4 (1 constraints: 950f6988) org.checkerframework:checker-compat-qual:2.5.5 (2 constraints: 1f1d1717) -org.checkerframework:checker-qual:3.19.0 (22 constraints: 3c98857f) +org.checkerframework:checker-qual:3.19.0 (23 constraints: 33a456a2) org.clojure:clojure:1.8.0 (1 constraints: 0b050836) org.codehaus.groovy:groovy:2.5.14 (23 constraints: b55185ba) org.codehaus.groovy:groovy-cli-picocli:2.5.14 (5 constraints: d54e9017) @@ -287,7 +287,7 @@ org.ow2.asm:asm-analysis:5.0.3 (1 constraints: ee09d4b2) org.ow2.asm:asm-commons:5.0.3 (1 constraints: ee09d4b2) org.ow2.asm:asm-tree:5.0.3 (4 constraints: d8272223) org.ow2.asm:asm-util:5.0.3 (1 constraints: ee09d4b2) -org.postgresql:postgresql:42.2.1 (1 constraints: 3b054a3b) +org.postgresql:postgresql:42.2.25 (1 constraints: 7105bc40) org.reflections:reflections:0.9.10 (1 constraints: 3c05433b) org.rocksdb:rocksdbjni:6.27.3 (1 constraints: 4405633b) org.slf4j:jcl-over-slf4j:1.7.33 (3 constraints: 432fe5ed)