[SET-231] Update PostgreSQL jdbc driver from 42.4.3 to 42.4.4 due to 3rd party Vulnerability CVE-2024-1597 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.5.8, 2.6.5
Fix Version/s: 2.5.9, 2.6.6
Labels:
None

CVE-ID:
CVE-2024-1597

Description

Current Situation

JS7 Agent and JOC Cockpit are shipped with the JDBC Driver postgresql-42.4.3.jar. A vulnerability affects this version, https://nvd.nist.gov/vuln/detail/CVE-2024-1597.

We rate the impact to our software as low

Desired Behavior

JS7 components should ship with version 42.4.4 which fixes the issue.

Maintainer Notes

PostgreSQL JDBC Drivers are available from https://jdbc.postgresql.org/download/

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Gautam Vadera

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23 February 2024 13:38

Updated:: 08 April 2024 17:03

Resolved:: 27 February 2024 13:23