| From: | Sehrope Sarkuni <sehrope(at)jackdb(dot)com> |
|---|---|
| To: | Suren Sethumadhavan <Suren(dot)Sethumadhavan(at)veritas(dot)com> |
| Cc: | "pgsql-jdbc-security(at)lists(dot)postgresql(dot)org" <pgsql-jdbc-security(at)lists(dot)postgresql(dot)org>, List <pgsql-jdbc(at)postgresql(dot)org> |
| Subject: | Re: JDBC driver has EOL'd component |
| Date: | 2023-10-14 14:51:02 |
| Message-ID: | CAH7T-apn6BSz_CGWbEbqVqzvTVpyuT-QiuL7DehY7zHxrrdTFQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Fri, Oct 13, 2023 at 6:48 PM Suren Sethumadhavan <
Suren(dot)Sethumadhavan(at)veritas(dot)com> wrote:
> Looks like JDBC drivers are shipping with an EOL’s version of Checker Qual
> (v 3.5.0).
>
>
> 1. Can you please confirm this?
> 2. If confirmed, when can we expect a version with newer versions of
> this component?
>
>
This is not a security issue and should be directed to the general pgjdbc
mailing list (cc'ed).
The pgjdbc driver does not ship with any embedded dependencies. The driver
dependencies are part of the the Maven pom and the latest version of the
driver has a checker-qual dependency of 3.31.0:
https://repo1.maven.org/maven2/org/postgresql/postgresql/42.6.0/postgresql-42.6.0.pom
While we periodically update the minimum dependency versions for the
driver's internal dependencies as we leverage new features, there is no
specific schedule for it. In the interim, if you want to use a newer
version of that dependency, you'll need to update your local pom.xml or
gradle config to override the checker-qual dependency.
Regards,
-- Sehrope Sarkuni
Founder & CEO | JackDB, Inc. | https://www.jackdb.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rob Bygrave | 2023-10-15 21:57:18 | Re: JDBC driver has EOL'd component |
| Previous Message | DB Kho | 2023-10-04 17:45:32 | Re: Regarding useObjects |