| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A security advisory has been created for the PostgreSQL JDBC Driver. The
URL connection string loggerFile property could be mis-used to create an
arbitrary file on the system that the driver is loaded. Additionally
anything in the connection string will be logged and subsequently
written into that file. In an insecure system it would be possible to
execute this file through a webserver.
While we do not consider this a security issue with the driver, we have
decided to remove the loggerFile and loggerLevel connection properties
in the next release of the driver. Removal of those properties does not
make exposing the JDBC URL or connection properties to an attacker safe
and we continue to suggest that applications do not allow untrusted
users to specify arbitrary connection properties.
We are removing them to prevent misuse and their functionality can be
delegated to java.util.logging. The changelog is not very useful as the
change was done behind a security advisory. The short version is that
loggerFile and loggerLevel properties still exist but do not do
anything.
Security: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
|
| |
|
|
| |
Reported by: portscout
|
| | |
|
| |
|
|
| |
Relnotes: https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.20
|
| |
|
|
| |
Release notes: https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.18
|
| |
|
|
| |
Reported by: barbara.freebsd at gmail.com
|
| |
|
|
| |
Release notes: https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.16
|
| |
|
|
| |
Release notes: https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.16
|
| |
|
|
|
|
|
|
| |
Refactor the port to fetch the prebuilt jar instead of building, since the
building process just got to complicated to make it worth while.
PR: 245719
Sponsored by: Ping Pong AB
|
| |
|
|
|
| |
PR: 247226
Reported by: Garrett Wollman
|
| |
|
|
|
|
|
| |
- Stage support
- Add LICENSE
Submitted by: bar@
|
| |
|
|
|
|
|
| |
PR: 171163
Submitted by: olgeni@
Approved by: crees@ ( with hat pgsql@)
With hat: pgsql@
|
| |
|
|
|
|
|
|
|
| |
- Remove unneeded plist
PR: ports/161040
Submitted by: Barbara <barbara.xxx1975@libero.it>
Approved by: maintainer timeout (girgen, three months -2d)
Feature safe: yes
|
| |
|
|
|
|
|
| |
PR: ports/154951
Submitted by: Jason Helfman <jhelfman@experts-exchange.com>
Approved by: maintainer timeout (girgen, nine months)
Feature safe: yes
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
http://jdbc.postgresql.org/changes.html#version_8.2-504
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
See http://jdbc.postgresql.org/changes.html#version_8.0-311
for a changelog
Approved by: seanc, ade (implicit)
|
|
|
The PostgreSQL JDBC project has been decoupled from the server
distribution, and is now hosted at http://jdbc.postgresql.org/.
Approved by: ade (mentor)
|
