| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately.
A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request.
Two lesser security fixes are also included in this release: CVE-2013-1900, wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess, and CVE-2013-1901, which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups. Finally, this release fixes two security issues with the graphical installers for Linux and Mac OS X: insecure passing of superuser passwords to a script, CVE-2013-1903 and the use of predictable filenames in /tmp CVE-2013-1902.
|
|
|
|
Version 8.3-605 (2009-07-01)
* fix The Statement and Connection proxies used for connection pooling code relied on the underlying real connection and statement code for equals and hashcode support. When the proxies are closed we discard the references to the real objects, so we can't rely on them for this support because we'll get a NullPointerException. (jurka) Thanks to Radu Buzila.
* fix DatabaseMetaData.getColumns was broken for the JDBC 3 and 4 drivers when running against 7.2 or older servers. (jurka)
* fix Retrieve columns' default values from pg_attrdef.adbin rather than adsrc because adsrc can get out of date when dependent objects are renamed while adbin stays up to date. (jurka) Thanks to Dickson Guedes, Tom Lane.
* fix Fix parsing of integer and long data. Some malformed inputs (only a negative sign) got treated as valid data. (jurka) Thanks to Heiiki Linnakangas.
* fix Initialize BatchUpdateExceptions with the SQLState of the SQLException that they are wrapping. Code that inspects the SQLStates of SQLExceptions, but doesn't unwrap the nested exception will not understand the underlying cause and may make incorrect decisions about the severity of the error. (jurka) Thanks to Fujii Masao.
Version 8.3-605 (2009-07-01)
* fix The Statement and Connection proxies used for connection pooling code relied on the underlying real connection and statement code for equals and hashcode support. When the proxies are closed we discard the references to the real objects, so we can't rely on them for this support because we'll get a NullPointerException. (jurka) Thanks to Radu Buzila.
* fix DatabaseMetaData.getColumns was broken for the JDBC 3 and 4 drivers when running against 7.2 or older servers. (jurka)
* fix Retrieve columns' default values from pg_attrdef.adbin rather than adsrc because adsrc can get out of date when dependent objects are renamed while adbin stays up to date. (jurka) Thanks to Dickson Guedes, Tom Lane.
* fix Fix parsing of integer and long data. Some malformed inputs (only a negative sign) got treated as valid data. (jurka) Thanks to Heiiki Linnakangas.
* fix Initialize BatchUpdateExceptions with the SQLState of the SQLException that they are wrapping. Code that inspects the SQLStates of SQLExceptions, but doesn't unwrap the nested exception will not understand the underlying cause and may make incorrect decisions about the severity of the error. (jurka) Thanks to Fujii Masao.
|
|
|
|
|
|
This is a pure Java (Type IV) JDBC driver for the PostgreSQL
database. It allows Java programs to connect to a PostgreSQL
database using standard, database independent Java code.
The driver provides a reasonably complete implementation of the
JDBC 3 specification in addition to some PostgreSQL specific
extensions.
|
