Skip to content

chore(deps): update dependency org.postgresql:postgresql to v42.7.11#15634

Merged
Siedlerchr merged 2 commits into
JabRef:mainfrom
renovate-bot:renovate/org.postgresql-postgresql-42.x
May 1, 2026
Merged

chore(deps): update dependency org.postgresql:postgresql to v42.7.11#15634
Siedlerchr merged 2 commits into
JabRef:mainfrom
renovate-bot:renovate/org.postgresql-postgresql-42.x

Conversation

@renovate-bot

@renovate-bot renovate-bot commented Apr 28, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
org.postgresql:postgresql (source) 42.7.1042.7.11 age confidence

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

Release Notes

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.11

Security
  • fix: Limit SCRAM PBKDF2 iterations accepted from the server.
    pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins.
    See the Security Advisory for more detail.
    The following CVE-2026-42198 has been issued.
Added
  • feat: implement require_auth connection property, aligning with libpq behavior PR #​3895
Changed
  • chore: replace Appveyor CI with ikalnytskyi/action-setup-postgres PR #​3966
  • chore: upgrade Gradle to v9 PR #​3978
Fixed
  • fix: ensure extended protocol messages end with Sync message PR #​3728
  • fix: enable cursor-based fetching in extended protocol when transaction started via SQL command PR #​3996
  • fix: retry with SSL on IOException when sslMode=ALLOW PR #​3973
  • fix: make sure the driver honours connectTimeout when retrying the connection PR #​3968
  • fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in PR #​3968
  • fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers PR #​3962
  • fix: use compareTo for LogSequenceNumber comparison to handle unsigned values correctly PR #​3961
  • fix: release COPY lock on IOException to prevent connection hang PR #​3957
  • fix: return jsonb as PGObject instead of String PR #​3956
  • fix: align SSL key file permission check with libpq PR #​3952
  • fix: guard connection closed flag with a reentrant lock to protect against concurrent close PR #​3905

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@Siedlerchr Siedlerchr enabled auto-merge May 1, 2026 21:43
@forking-renovate

forking-renovate Bot commented May 1, 2026

Copy link
Copy Markdown

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@Siedlerchr Siedlerchr added this pull request to the merge queue May 1, 2026
@github-actions github-actions Bot added the status: to-be-merged PRs which are accepted and should go into the merge-queue. label May 1, 2026
Merged via the queue into JabRef:main with commit ca5e39b May 1, 2026
53 checks passed
Siedlerchr added a commit that referenced this pull request May 2, 2026
@Siedlerchr
Merge remote-tracking branch 'upstream/main' into fixSecurityIssues
a087778 
* upstream/main:
  chore(deps): update jackson monorepo to v3.1.3 (#15659)
  chore(deps): update dependency org.glassfish.hk2:hk2-utils to v4.0.1 (#15657)
  chore(deps): update dependency org.glassfish.hk2:hk2-locator to v4.0.1 (#15656)
  fix gemsfx missing icon resolving (#15655)
  chore(deps): update dependency org.glassfish.hk2:hk2-api to v4.0.1 (#15654)
  chore(deps): update dependency org.postgresql:postgresql to v42.7.11 (#15634)
  Chore(deps): Bump tools.jackson:jackson-bom in /versions (#15653)
Siedlerchr added a commit to FynnianB/jabref that referenced this pull request May 4, 2026
@Siedlerchr
Merge remote-tracking branch 'upstream/main' into feature/jabsrv-secu…
b49185f 
…rity

* upstream/main: (204 commits)
  New Crowdin updates (JabRef#15669)
  Fix OpenRewrite (JabRef#15670)
  Udpate heylogs (and fix CHANGELOG.md) (JabRef#15671)
  Improve security and prevent shell injection for push2applications (JabRef#15628)
  Fix depdency analysis (JabRef#15668)
  Always use CI-local "gradle", instead of gradlew (JabRef#15667)
  Change OpenRewrite task to use rewriteDryRun (JabRef#15664)
  Add small documentation to parameter (JabRef#15666)
  Fix markbaseChanged for "imported entries" (JabRef#15610)
  Add forgotten --fresh
  chore(deps): update dependency com.github.ben-manes.caffeine:caffeine to v3.2.4 (JabRef#15662)
  chore(deps): update jackson monorepo to v3.1.3 (JabRef#15659)
  chore(deps): update dependency org.glassfish.hk2:hk2-utils to v4.0.1 (JabRef#15657)
  chore(deps): update dependency org.glassfish.hk2:hk2-locator to v4.0.1 (JabRef#15656)
  fix gemsfx missing icon resolving (JabRef#15655)
  chore(deps): update dependency org.glassfish.hk2:hk2-api to v4.0.1 (JabRef#15654)
  chore(deps): update dependency org.postgresql:postgresql to v42.7.11 (JabRef#15634)
  Chore(deps): Bump tools.jackson:jackson-bom in /versions (JabRef#15653)
  Chore(deps): Bump dev.langchain4j:langchain4j-bom in /versions (JabRef#15652)
  Chore(deps): Bump com.dlsc.gemsfx:gemsfx in /versions (JabRef#15651)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jabref-machine jabref-machine jabref-machine approved these changes

Assignees

No one assigned

Labels

status: no-bot-comments status: to-be-merged PRs which are accepted and should go into the merge-queue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@renovate-bot @jabref-machine @Siedlerchr