[spark] branch master updated: [SPARK-39996][BUILD] Upgrade `postgresql` to 42.5.0

Sun, 04 Sep 2022 06:25:39 -0700 

This is an automated email from the ASF dual-hosted git repository.

srowen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/master by this push:
     new 9150012697a [SPARK-39996][BUILD] Upgrade `postgresql` to 42.5.0
9150012697a is described below

commit 9150012697a5421ff8ab60304b744dfb5ae03eee
Author: Bjørn <bjornjorgen...@gmail.com>
AuthorDate: Sun Sep 4 08:25:16 2022 -0500

    [SPARK-39996][BUILD] Upgrade `postgresql` to 42.5.0
    
    ### What changes were proposed in this pull request?
    Upgrade `postgresql` 42.3.3 to 42.5.0
    
    ### Why are the changes needed?
    fix: 
[CVE-2022-31197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31197) 
Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as 
to prevent SQL injection.
    Previously, the column names for both key and data columns in the table 
were copied as-is into the generated
    SQL. This allowed a malicious table with column names that include 
statement terminator to be parsed and
    executed as multiple separate commands.
    Also adds a new test class ResultSetRefreshTest to verify this change.
    Reported by [Sho Kato](https://github.com/kato-sho)
    
    
[Changelog](https://jdbc.postgresql.org/documentation/changelog.html#version_42.5.0)
    ### Does this PR introduce _any_ user-facing change?
    No.
    
    ### How was this patch tested?
    Pass GA
    
    Closes #37762 from bjornjorgensen/ugrade-postgressql-42.5.0.
    
    Authored-by: Bjørn <bjornjorgen...@gmail.com>
    Signed-off-by: Sean Owen <sro...@gmail.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 9d4aa0232a5..1fc694ba43f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1226,7 +1226,7 @@
       <dependency>
         <groupId>org.postgresql</groupId>
         <artifactId>postgresql</artifactId>
-        <version>42.3.3</version>
+        <version>42.5.0</version>
         <scope>test</scope>
       </dependency>
       <dependency>


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org
For additional commands, e-mail: commits-h...@spark.apache.org

Reply via email to