[Git][java-team/libpostgresql-jdbc-java][master] 3 commits: New upstream version 42.7.11
Christoph Berg (@myon)
gitlab at salsa.debian.org
Wed Apr 29 10:12:43 BST 2026
Christoph Berg pushed to branch master at Debian Java Maintainers / libpostgresql-jdbc-java
Commits:
7f321e36 by Christoph Berg at 2026-04-29T11:08:37+02:00
New upstream version 42.7.11
- - - - -
219bfddd by Christoph Berg at 2026-04-29T11:08:43+02:00
Update upstream source from tag 'upstream/42.7.11'
Update to upstream version '42.7.11'
with Debian dir 793e626570b6ebf3dfed9367212e99b63d197098
- - - - -
7166f0a7 by Christoph Berg at 2026-04-29T09:12:37+00:00
New upstream version 42.7.11.
* Limit SCRAM PBKDF2 iterations accepted from the server.
pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256
authentication, where a malicious or compromised PostgreSQL server could
specify an extremely large PBKDF2 iteration count, causing the client to
consume unbounded CPU and potentially exhaust connection pools. The fix
introduces a new scramMaxIterations connection property (defaulting to
100,000) to cap iteration counts before computation begins.
(CVE-2026-42198)
- - - - -
124 changed files:
- README.md
- debian/changelog
- pom.xml
- src/main/java/org/postgresql/Driver.java
- src/main/java/org/postgresql/PGProperty.java
- + src/main/java/org/postgresql/core/AuthMethod.java
- src/main/java/org/postgresql/core/ConnectionFactory.java
- src/main/java/org/postgresql/core/PGStream.java
- src/main/java/org/postgresql/core/QueryExecutorBase.java
- src/main/java/org/postgresql/core/v3/ConnectionFactoryImpl.java
- src/main/java/org/postgresql/core/v3/QueryExecutorImpl.java
- src/main/java/org/postgresql/core/v3/ScramAuthenticator.java
- src/main/java/org/postgresql/core/v3/replication/V3PGReplicationStream.java
- src/main/java/org/postgresql/ds/PGPooledConnection.java
- src/main/java/org/postgresql/ds/common/BaseDataSource.java
- src/main/java/org/postgresql/jdbc/AbstractBlobClob.java
- src/main/java/org/postgresql/jdbc/ArrayEncoding.java
- src/main/java/org/postgresql/jdbc/PgPreparedStatement.java
- src/main/java/org/postgresql/jdbc/PgResultSet.java
- src/main/java/org/postgresql/jdbc/PgStatement.java
- src/main/java/org/postgresql/jdbc/TypeInfoCache.java
- src/main/java/org/postgresql/largeobject/LargeObject.java
- src/main/java/org/postgresql/replication/LogSequenceNumber.java
- src/main/java/org/postgresql/ssl/BaseX509KeyManager.java
- src/main/java/org/postgresql/util/ByteConverter.java
- src/main/java/org/postgresql/util/DriverInfo.java
- src/main/java/org/postgresql/util/KerberosTicket.java
- src/main/java/org/postgresql/util/LazyCleanerImpl.java
- src/main/java/org/postgresql/util/URLCoder.java
- src/main/resources/META-INF/MANIFEST.MF
- src/test/java/org/postgresql/jdbc/AbstractArraysTest.java
- src/test/java/org/postgresql/jdbc/ConnectionValidTest.java
- src/test/java/org/postgresql/jdbc/DeepBatchedInsertStatementTest.java
- src/test/java/org/postgresql/jdbc/LargeObjectManagerTest.java
- src/test/java/org/postgresql/jdbc/ScramTest.java
- src/test/java/org/postgresql/jdbcurlresolver/PgServiceConfParserTest.java
- src/test/java/org/postgresql/test/TestUtil.java
- + src/test/java/org/postgresql/test/annotations/DisableLogger.java
- src/test/java/org/postgresql/test/annotations/DisabledIfServerVersionGreater.java → src/test/java/org/postgresql/test/annotations/DisabledForServerVersionRange.java
- src/test/java/org/postgresql/test/annotations/DisabledIfServerVersionBelow.java → src/test/java/org/postgresql/test/annotations/EnabledForServerVersionRange.java
- src/test/java/org/postgresql/test/core/JavaVersionTest.java
- + src/test/java/org/postgresql/test/core/RequireAuthTest.java
- + src/test/java/org/postgresql/test/impl/BaseServerVersionRangeCondition.java
- + src/test/java/org/postgresql/test/impl/DisableLoggerExtension.java
- + src/test/java/org/postgresql/test/impl/DisabledForServerVersionRangeCondition.java
- + src/test/java/org/postgresql/test/impl/EnabledForServerVersionRangeCondition.java
- − src/test/java/org/postgresql/test/impl/ServerVersionCondition.java
- − src/test/java/org/postgresql/test/impl/ServerVersionGreaterCondition.java
- src/test/java/org/postgresql/test/jdbc2/ArrayTest.java
- src/test/java/org/postgresql/test/jdbc2/BatchedInsertReWriteEnabledTest.java
- src/test/java/org/postgresql/test/jdbc2/BlobTransactionTest.java
- src/test/java/org/postgresql/test/jdbc2/CallableStmtTest.java
- src/test/java/org/postgresql/test/jdbc2/ColumnSanitiserDisabledTest.java
- src/test/java/org/postgresql/test/jdbc2/ColumnSanitiserEnabledTest.java
- src/test/java/org/postgresql/test/jdbc2/ConnectTimeoutTest.java
- src/test/java/org/postgresql/test/jdbc2/ConnectionTest.java
- src/test/java/org/postgresql/test/jdbc2/CopyLargeFileTest.java
- src/test/java/org/postgresql/test/jdbc2/CopyTest.java
- + src/test/java/org/postgresql/test/jdbc2/CursorFetchSqlTransactionTest.java
- src/test/java/org/postgresql/test/jdbc2/CursorFetchTest.java
- src/test/java/org/postgresql/test/jdbc2/DatabaseMetaDataTest.java
- src/test/java/org/postgresql/test/jdbc2/DateTest.java
- src/test/java/org/postgresql/test/jdbc2/DriverTest.java
- src/test/java/org/postgresql/test/jdbc2/GeometricTest.java
- src/test/java/org/postgresql/test/jdbc2/IntervalTest.java
- src/test/java/org/postgresql/test/jdbc2/JBuilderTest.java
- src/test/java/org/postgresql/test/jdbc2/LoginTimeoutTest.java
- src/test/java/org/postgresql/test/jdbc2/PGTimestampTest.java
- src/test/java/org/postgresql/test/jdbc2/ParameterStatusTest.java
- src/test/java/org/postgresql/test/jdbc2/PreparedStatementTest.java
- src/test/java/org/postgresql/test/jdbc2/RefCursorTest.java
- src/test/java/org/postgresql/test/jdbc2/ResultSetMetaDataTest.java
- src/test/java/org/postgresql/test/jdbc2/ResultSetTest.java
- src/test/java/org/postgresql/test/jdbc2/ServerCursorTest.java
- src/test/java/org/postgresql/test/jdbc2/ServerErrorTest.java
- src/test/java/org/postgresql/test/jdbc2/ServerPreparedStmtTest.java
- src/test/java/org/postgresql/test/jdbc2/StatementTest.java
- src/test/java/org/postgresql/test/jdbc2/TimeTest.java
- src/test/java/org/postgresql/test/jdbc2/TimestampTest.java
- src/test/java/org/postgresql/test/jdbc2/TimezoneCachingTest.java
- src/test/java/org/postgresql/test/jdbc2/TimezoneTest.java
- + src/test/java/org/postgresql/test/jdbc2/TransactionStateTest.java
- src/test/java/org/postgresql/test/jdbc2/TypeCacheDLLStressTest.java
- src/test/java/org/postgresql/test/jdbc2/UpdateableResultTest.java
- src/test/java/org/postgresql/test/jdbc2/optional/BaseDataSourceFailoverUrlsTest.java
- src/test/java/org/postgresql/test/jdbc2/optional/BaseDataSourceTest.java
- src/test/java/org/postgresql/test/jdbc2/optional/CaseOptimiserDataSourceTest.java
- src/test/java/org/postgresql/test/jdbc2/optional/ConnectionPoolTest.java
- src/test/java/org/postgresql/test/jdbc2/optional/PoolingDataSourceTest.java
- src/test/java/org/postgresql/test/jdbc2/optional/SimpleDataSourceTest.java
- src/test/java/org/postgresql/test/jdbc2/optional/SimpleDataSourceWithSetURLTest.java
- src/test/java/org/postgresql/test/jdbc2/optional/SimpleDataSourceWithUrlTest.java
- src/test/java/org/postgresql/test/jdbc3/CompositeTest.java
- src/test/java/org/postgresql/test/jdbc3/Jdbc3BlobTest.java
- src/test/java/org/postgresql/test/jdbc3/Jdbc3CallableStatementTest.java
- src/test/java/org/postgresql/test/jdbc3/Jdbc3SavepointTest.java
- src/test/java/org/postgresql/test/jdbc3/ParameterMetaDataTest.java
- src/test/java/org/postgresql/test/jdbc3/SendRecvBufferSizeTest.java
- src/test/java/org/postgresql/test/jdbc3/StringTypeParameterTest.java
- src/test/java/org/postgresql/test/jdbc4/ArrayTest.java
- src/test/java/org/postgresql/test/jdbc4/BinaryStreamTest.java
- src/test/java/org/postgresql/test/jdbc4/BlobTest.java
- src/test/java/org/postgresql/test/jdbc4/ConnectionValidTimeoutTest.java
- src/test/java/org/postgresql/test/jdbc4/DatabaseMetaDataTest.java
- src/test/java/org/postgresql/test/jdbc4/JsonbTest.java
- src/test/java/org/postgresql/test/jdbc4/WrapperTest.java
- src/test/java/org/postgresql/test/jdbc4/jdbc41/CloseOnCompletionTest.java
- src/test/java/org/postgresql/test/jdbc4/jdbc41/GetObjectTest.java
- src/test/java/org/postgresql/test/jdbc4/jdbc41/SchemaTest.java
- src/test/java/org/postgresql/test/jdbc42/DatabaseMetaDataTest.java
- src/test/java/org/postgresql/test/jdbc42/GetObject310Test.java
- src/test/java/org/postgresql/test/jdbc42/PreparedStatementTest.java
- src/test/java/org/postgresql/test/jdbc42/SetObject310InfinityTest.java
- src/test/java/org/postgresql/test/jdbc42/SetObject310Test.java
- src/test/java/org/postgresql/test/ssl/LibPQFactoryHostNameTest.java
- src/test/java/org/postgresql/test/ssl/PEMKeyManagerTest.java
- src/test/java/org/postgresql/test/ssl/SingleCertValidatingFactoryTest.java
- src/test/java/org/postgresql/test/ssl/SslTest.java
- src/test/java/org/postgresql/test/util/PGPropertyMaxResultBufferParserTest.java
- src/test/java/org/postgresql/test/util/PasswordUtilTest.java
- src/test/java/org/postgresql/test/util/StrangeProxyServer.java
- src/test/java/org/postgresql/test/xa/XADataSourceTest.java
- src/test/java/org/postgresql/util/LazyCleanerTest.java
- src/test/java/org/postgresql/util/PGPropertyUtilTest.java
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/java-team/libpostgresql-jdbc-java/-/compare/5449b3c82ed97ab39adf51dd374eb6e05f099f84...7166f0a71752a658bee9d71670e50a955bab3c20
--
View it on GitLab: https://salsa.debian.org/java-team/libpostgresql-jdbc-java/-/compare/5449b3c82ed97ab39adf51dd374eb6e05f099f84...7166f0a71752a658bee9d71670e50a955bab3c20
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20260429/d3a515a2/attachment.htm>
More information about the pkg-java-commits
mailing list