Skip to content

Fix the vulnerability in postgresql #769

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 30, 2025
Merged

Fix the vulnerability in postgresql #769

merged 1 commit into from
Sep 30, 2025

Conversation

@Akanksha-kedia
Copy link
Contributor

@Akanksha-kedia Akanksha-kedia commented Sep 29, 2025
edited by ebyhr
Loading

Description

Screenshot 2025-09-29 at 2 41 46 PM Screenshot 2025-09-29 at 3 10 46 PM

Additional context and related issues

Release notes

(x) This is not user-visible or is docs only, and no release notes are required.

@cla-bot cla-bot bot added the cla-signed label Sep 29, 2025
@Akanksha-kedia
Copy link
Contributor Author

Akanksha-kedia commented Sep 29, 2025

@mosabua please review.

ebyhr
ebyhr requested changes Sep 29, 2025
View reviewed changes
mosabua
mosabua reviewed Sep 29, 2025
View reviewed changes
mosabua
mosabua requested changes Sep 29, 2025
View reviewed changes
Copy link
Member

@mosabua mosabua left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Airlift change makes no sense.

@Akanksha-kedia Akanksha-kedia changed the title Fix the vulnerability in postgresql and jetty-http2-common Fix the vulnerability in postgresql Sep 30, 2025
@Akanksha-kedia
Copy link
Contributor Author

Akanksha-kedia commented Sep 30, 2025

have avoided jetty and only kept postgresql
@mosabua @ebyhr please review

@ebyhr
Copy link
Member

ebyhr commented Sep 30, 2025

@Akanksha-kedia Please update the commit title.

@ebyhr ebyhr merged commit 92e9274 into trinodb:main Sep 30, 2025
2 of 3 checks passed
@github-actions github-actions bot added this to the 17 milestone Sep 30, 2025
@mosabua
Copy link
Member

mosabua commented Sep 30, 2025

In the future please do NOT use a misleading commit message like this. The change just does an update of the dependency. There was no exploit documented as possible before this change. If you really want to include more info you can do it as a separate text after the commit message and then link to the actual CVE report.

Maybe like so:

Update PostgreSQL JDBC driver to 42.7.8

- Removes reporting for CVE xyz.
- No known exploit existed before this change.

@mosabua mosabua mentioned this pull request Nov 7, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mosabua mosabua mosabua requested changes

@ebyhr ebyhr ebyhr approved these changes

Assignees

No one assigned

Labels

cla-signed

Milestone

17

Development

Successfully merging this pull request may close these issues.

3 participants

@Akanksha-kedia @ebyhr @mosabua