EDB JDBC Connector 42.5.0.1 release notes v42.7.3.3
Released: 01 Sep 2022
The EDB JDBC connector provides connectivity between a Java application and an EDB Postgres Advanced Server database.
New features, enhancements, bug fixes, and other changes in the EDB JDBC Connector 42.5.0.1 include:
| Type | Description |
|---|---|
| Upstream Merge | Merged with the upstream community driver version 42.5.0. See the community JDBC documentation for details. |
| Security Fix | CVE-2022-31197 - Fixes the SQL generated in PgResultSet.refresh() to escape column identifiers in order to prevent SQL injection. Previously, the column names for both key and data columns were copied as-is into the generated SQL. This allowed for a malicious table with column names that included a statment terminator to be parsed and executed as multiple separate commands. Also, this fix adds a new test class ResultSetRefreshTest to verify this change. |
| Change | Migrated build to Gradle. |
| Enhancement | Added new changeServerName connection property. If the value for changeServerName is set to true, the getServerName() call returns a value as PostgreSQL. The default value is false. |
| Enhancement | Added new forceBinaryTransfer connection property. If the value is set to true, forces the transfer of all binary types from the PostgreSQL server to the JDBC driver in their binary form. The default value is false. |