Bump the maven group across 1 directory with 28 updates

[dependabot]

Bumps the maven group with 23 updates in the /amp directory:

Package	From	To
commons-beanutils:commons-beanutils	1.8.0	1.10.1
commons-collections:commons-collections	3.1	3.2.2
commons-fileupload:commons-fileupload	1.2.1	1.5
commons-io:commons-io	2.5	2.14.0
org.hibernate:hibernate-core	4.2.13.Final	5.3.20.Final
org.hibernate:hibernate-validator	5.1.1.Final	6.0.23.Final
com.lowagie:itext	2.1.7	4.2.1
org.jdom:jdom	1.1	2.0.2
com.fasterxml.jackson.core:jackson-databind	2.9.5	2.12.7.1
org.jsoup:jsoup	1.7.1	1.15.3
org.springframework:spring-beans	3.0.7.RELEASE	5.2.22.RELEASE
org.apache.poi:poi	3.14	4.1.1
org.apache.poi:poi-scratchpad	3.14	5.2.1
org.apache.poi:poi-ooxml	3.14	5.4.0
ch.qos.logback:logback-classic	1.2.9	1.2.13
org.springframework.security:spring-security-core	3.1.4.RELEASE	5.7.14
org.apache.wicket:wicket-core	6.29.0	8.17.0
xalan:xalan	2.7.1	2.7.3
xerces:xercesImpl	2.10.0	2.12.2
org.postgresql:postgresql	42.3.1	42.3.9
com.itextpdf:itextpdf	5.5.0	5.5.13.3
org.apache.tika:tika-core	1.18	1.28.3
org.apache.commons:commons-text	1.9	1.10.0

Updates commons-beanutils:commons-beanutils from 1.8.0 to 1.10.1

Updates commons-collections:commons-collections from 3.1 to 3.2.2

Updates commons-fileupload:commons-fileupload from 1.2.1 to 1.5

Updates commons-io:commons-io from 2.5 to 2.14.0

Updates org.hibernate:hibernate-core from 4.2.13.Final to 5.3.20.Final

Release notes

Sourced from org.hibernate:hibernate-core's releases.

Hibernate ORM 5.2.0

5.2.0 includes many improvements and bug-fixes. For a complete list of changes, see https://hibernate.atlassian.net/projects/HHH/versions/23150/tab/release-report-done.

Many of the changes in 5.2.0 have important ramifications in terms of both usage and extension. Be sure to read the 5.2 Migration Guide for details.

Below is a discussion of the major changes.

Java 8 baseline

5.2 moves to Java 8 as its baseline. This means:

• The hibernate-java8 module has been removed, and that functionality has been moved into hibernate-core.
• Native support for Java 8 date/time types as Query parameters.
• Support for streaming (java.util.stream.Stream) query results.
• Support for java.util.Optional as return from methods that may return null.
• Leveraging Java 8 "default methods" when introducing new methods to extension points.

Consolidating JPA support into hibernate-core.

That effectively means that the hibernate-entitymanager module no longer exists. Its functionality being consumed into hibernate-core.

JCache support

Support for using any JCache-compliant cache impl as a second-level caching provider.

Session-level batch size support

Support has been added for specifying a batch size for write operations per Session.

5th bug-fix release for 5.0

The 5th bug-fix release for Hibernate ORM 5.0. This release and the upcoming 5.0.6 release have been done on an accelerated time-box of 2 weeks (from the normal 4 weeks for bug-fix releases) due to US holidays.

The complete list of changes can be found here (or here for people without a Hibernate Jira account).

For information on consuming the release via your favorite dependency-management-capable build tool, see http://hibernate.org/orm/downloads/

For those of you allergic to dependency-management-capable build tools, the release bundles can be obtained from SourceForge or BinTray.

Fourth bug-fix release for 5.0

The fourth bug-fix release for Hibernate ORM 5.0

There are 52 issues resolved in this release. 20 of those came out of the recent Jira cleanup. Initially that initiative pulled in roughly 750 issues. To date, 66 of those have been resolved - fixed or verified as out-of-date, unable-to-reproduce, etc. An additional 14 have been more properly reclassified as feature or enhancement requests rather than bugs. The really cool part is the amount of community help we have gotten in making that happen! Thanks to everyone responding, verifying and even fixing alot of these bugs!

The complete list of changes can be found here. People without a Hibernate Jira account will not be able to access the previous link and can access the changelog in GitHub; the issue I reported with Atlassian has been resolved and is ready for deployment into our hosted environment, I just do not know when that will happen.

For information on consuming the release via your favorite dependency-management-capable build tool, see http://hibernate.org/orm/downloads/

For those of you allergic to dependency-management-capable build tools, the release bundles can be obtained from SourceForge or BinTray.

Third bug-fix release for 5.0

http://in.relation.to/2015/10/28/hibernate-orm-503-final-release/

... (truncated)

Changelog

Sourced from org.hibernate:hibernate-core's changelog.

Changes in 5.3.20.Final (November 16th, 2020)

https://hibernate.atlassian.net/projects/HHH/versions/31894/tab/release-report-all-issues

** Bug * [HHH-14257] - An Entity A with a map collection having as index an Embeddable with a an association to the Entity A fails with a NPE

** Task * [HHH-14225] - CVE-2020-25638 Potential for SQL injection on use_sql_comments logging enabled * [HHH-14324] - Add .gradletasknamecache to .gitignore

** Improvement * [HHH-14325] - Add Query hint for specifying "query spaces" for native queries

Changes in 5.3.19.Final (November 10th, 2020)

https://hibernate.atlassian.net/projects/HHH/versions/31874/tab/release-report-all-issues

** Bug * [HHH-13310] - getParameterValue() not working for collections * [HHH-14275] - Broken link to Infinispan User Guide in Hibernate 5.3 User Guide

** Task * [HHH-14309] - Improve BulkOperationCleanupAction#affectedEntity

** Sub-task * [HHH-14196] - Add parsing of persistence.xml/orm.xml documents in the EE 9 namespace

Changes in 5.3.18.Final (August 5th, 2020)

https://hibernate.atlassian.net/projects/HHH/versions/31849/tab/release-report-all-issues

** Bug * [HHH-12268] - LazyInitializationException thrown from lazy collection when batch fetching enabled and owning entity refreshed with lock * [HHH-13110] - @​PreUpdate method on a Embeddable null on the parent caused NullPointerException * [HHH-13936] - No auto transaction joining from SessionImpl.doFlush * [HHH-14077] - CVE-2019-14900 SQL injection issue using JPA Criteria API

** Task * [HHH-14013] - Upgrade to Hibernate Validator 6.0.20.Final * [HHH-14096] - Removal of unused code: XMLHelper and its SAXReader factory helper * [HHH-14103] - Add test cases showing that an entity's transient attribute can be overridden to be persistent in entity subclasses

Changes in 5.3.17.Final (April 30th, 2020)

... (truncated)

Commits

• 64be512 5.3.20
• bc8e38a HHH-14325 - Add Query hint for specifying "query spaces" for native queries
• d5067ec HHH-14325 - Add Query hint for specifying "query spaces" for native queries
• 2896372 HHH-14257 Add test for issue
• 00b3ccb HHH-14257 An Entity A with a map collection having as index an Embeddable wit...
• bf0b86d HHH-14324 Add .gradletasknamecache to .gitignore
• d22bbb5 HHH-14225 CVE-2020-25638 Potential for SQL injection on use_sql_comments logg...
• d48e19d 5.3.19
• 3f3d38d 5.3.19
• 23dd258 5.3.19
• Additional commits viewable in compare view

Updates org.hibernate:hibernate-validator from 5.1.1.Final to 6.0.23.Final

Updates com.lowagie:itext from 2.1.7 to 4.2.1

Commits

• See full diff in compare view

Updates org.jdom:jdom from 1.1 to 2.0.2

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.9.5 to 2.12.7.1

Commits

• See full diff in compare view

Updates org.jsoup:jsoup from 1.7.1 to 1.15.3

Release notes

Sourced from org.jsoup:jsoup's releases.

jsoup 1.15.3

jsoup 1.15.3 is out now, and includes a security fix for potential XSS attacks, along with other bug fixes and improvements, including more descriptive validation error messages.

Details:

• Security advisory
• Release notes
• Download

jsoup 1.15.2 is out now with a bunch of improvements and bug fixes.

jsoup 1.15.1 is out now with a bunch of improvements and bug fixes.

jsoup 1.14.3

jsoup 1.14.3 is out now, adding native XPath selector support, improved \<template> support, and also includes a bunch of bug fixes, improvements, and performance enhancements.

See the release announcement for the full changelog.

jsoup 1.14.2

Caught by the fuzz! jsoup 1.14.2 is out now, and includes a set of parser bug fixes and improvements for handling rough HTML and XML, as identified by the Jazzer JVM fuzzer. This release also includes other fixes and improvements.

See the release announcement for the full changelog.

jsoup 1.14.1

jsoup 1.14.1 is out now, with simple request session management, increased parse robustness, and a ton of other improvements, speed-ups, and bug fixes.

See the full announcement for all the details on what's changed.

jsoup 1.13.1

See the release notes.

<dependency>
  <!-- jsoup HTML parser library @ https://jsoup.org/ -->
  <groupId>org.jsoup</groupId>
  <artifactId>jsoup</artifactId>
  <version>1.13.1</version>
</dependency>

jsoup-1.12.2

No release notes provided.

Changelog

Sourced from org.jsoup:jsoup's changelog.

jsoup changelog

Release 1.15.3 [2022-Aug-24]

• Security: fixed an issue where the jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled. GHSA-gp7f-rwcx-9369

• Improvement: the Cleaner will preserve the source position of cleaned elements, if source tracking is enabled in the original parse.

• Improvement: the error messages output from Validate are more descriptive. Exceptions are now ValidationExceptions (extending IllegalArgumentException). Stack traces do not include the Validate class, to make it simpler to see where the exception originated. Common validation errors including malformed URLs and empty selector results have more explicit error messages.

• Bugfix: the DataUtil would incorrectly read from InputStreams that emitted reads less than the requested size. This lead to incorrect results when parsing from chunked server responses, for e.g. jhy/jsoup#1807

• Build Improvement: added implementation version and related fields to the jar manifest. jhy/jsoup#1809

*** Release 1.15.2 [2022-Jul-04]

• Improvement: added the ability to track the position (line, column, index) in the original input source from where a given node was parsed. Accessible via Node.sourceRange() and Element.endSourceRange(). jhy/jsoup#1790

• Improvement: added Element.firstElementChild(), Element.lastElementChild(), Node.firstChild(), Node.lastChild(), as convenient accessors to those child nodes and elements.

• Improvement: added Element.expectFirst(cssQuery), which is just like Element.selectFirst(), but instead of returning a null if there is no match, will throw an IllegalArgumentException. This is useful if you want to simply abort processing if an expected match is not found.

• Improvement: when pretty-printing HTML, doctypes are emitted on a newline if there is a preceding comment. jhy/jsoup#1664

• Improvement: when pretty-printing, trim the leading and trailing spaces of textnodes in block tags when possible, so that they are indented correctly. jhy/jsoup#1798

• Improvement: in Element#selectXpath(), disable namespace awareness. This makes it possible to always select elements by their simple local name, regardless of whether an xmlns attribute was set. jhy/jsoup#1801

• Bugfix: when using the readToByteBuffer method, such as in Connection.Response.body(), if the document has not already been parsed and must be read fully, and there is any maximum buffer size being applied, only the default internal buffer size is read. jhy/jsoup#1774

... (truncated)

Commits

• c596417 [maven-release-plugin] prepare release jsoup-1.15.3
• d2d9ac3 Changelog for URL cleaner improvement
• 4ea768d Strip control characters from URLs when resolving absolute URLs
• 985f1fe Include help link for malformed URLs
• 6b67d05 Improved Validate error messages
• 653da57 Normalized API doc link
• 5ed84f6 Simplified the Test Server startup
• c58112a Set the read size correctly when capped
• fa13c80 Added jar manifest default implementation entries.
• 5b19390 Bump maven-resources-plugin from 3.2.0 to 3.3.0 (#1814)
• Additional commits viewable in compare view

Updates org.springframework:spring-beans from 3.0.7.RELEASE to 5.2.22.RELEASE

Release notes

Sourced from org.springframework:spring-beans's releases.

v5.2.22.RELEASE

⭐ New Features

• Refine CachedIntrospectionResults property introspection #28446

🐞 Bug Fixes

• Ignore invalid STOMP frame #28444

Commits

• 8f4c172 Release v5.2.22.RELEASE
• 9f238c9 Polishing
• 50177b1 Refine CachedIntrospectionResults property introspection
• 159a99b Ignore invalid STOMP frame
• 41e158c Next development version (v5.2.22.BUILD-SNAPSHOT)
• 833e750 Improve documentation and matching algorithm in data binders
• d70054d Upgrade to Log4j2 2.17.2
• 36e4951 Polishing
• 87b5080 Consistent use of getLocalAddr() without DNS lookups in request adapters
• 5cbf85a Avoid return value reference in potentially cached MethodParameter instance
• Additional commits viewable in compare view

Updates org.springframework:spring-context from 3.0.7.RELEASE to 5.2.22.RELEASE

Release notes

Sourced from org.springframework:spring-context's releases.

v5.2.22.RELEASE

⭐ New Features

• Refine CachedIntrospectionResults property introspection #28446

🐞 Bug Fixes

• Ignore invalid STOMP frame #28444

Commits

• 8f4c172 Release v5.2.22.RELEASE
• 9f238c9 Polishing
• 50177b1 Refine CachedIntrospectionResults property introspection
• 159a99b Ignore invalid STOMP frame
• 41e158c Next development version (v5.2.22.BUILD-SNAPSHOT)
• 833e750 Improve documentation and matching algorithm in data binders
• d70054d Upgrade to Log4j2 2.17.2
• 36e4951 Polishing
• 87b5080 Consistent use of getLocalAddr() without DNS lookups in request adapters
• 5cbf85a Avoid return value reference in potentially cached MethodParameter instance
• Additional commits viewable in compare view

Updates org.springframework:spring-core from 3.0.7.RELEASE to 5.2.22.RELEASE

Release notes

Sourced from org.springframework:spring-core's releases.

v5.2.22.RELEASE

⭐ New Features

• Refine CachedIntrospectionResults property introspection #28446

🐞 Bug Fixes

• Ignore invalid STOMP frame #28444

Commits

• 8f4c172 Release v5.2.22.RELEASE
• 9f238c9 Polishing
• 50177b1 Refine CachedIntrospectionResults property introspection
• 159a99b Ignore invalid STOMP frame
• 41e158c Next development version (v5.2.22.BUILD-SNAPSHOT)
• 833e750 Improve documentation and matching algorithm in data binders
• d70054d Upgrade to Log4j2 2.17.2
• 36e4951 Polishing
• 87b5080 Consistent use of getLocalAddr() without DNS lookups in request adapters
• 5cbf85a Avoid return value reference in potentially cached MethodParameter instance
• Additional commits viewable in compare view

Updates org.springframework:spring-expression from 3.0.7.RELEASE to 5.2.22.RELEASE

Release notes

Sourced from org.springframework:spring-expression's releases.

v5.2.22.RELEASE

⭐ New Features

• Refine CachedIntrospectionResults property introspection #28446

🐞 Bug Fixes

• Ignore invalid STOMP frame #28444

Commits

• 8f4c172 Release v5.2.22.RELEASE
• 9f238c9 Polishing
• 50177b1 Refine CachedIntrospectionResults property introspection
• 159a99b Ignore invalid STOMP frame
• 41e158c Next development version (v5.2.22.BUILD-SNAPSHOT)
• 833e750 Improve documentation and matching algorithm in data binders
• d70054d Upgrade to Log4j2 2.17.2
• 36e4951 Polishing
• 87b5080 Consistent use of getLocalAddr() without DNS lookups in request adapters
• 5cbf85a Avoid return value reference in potentially cached MethodParameter instance
• Additional commits viewable in compare view

Updates org.springframework:spring-web from 3.0.7.RELEASE to 5.2.22.RELEASE

Release notes

Sourced from org.springframework:spring-web's releases.

v5.2.22.RELEASE

⭐ New Features

• Refine CachedIntrospectionResults property introspection #28446

🐞 Bug Fixes

• Ignore invalid STOMP frame #28444

Commits

• 8f4c172 Release v5.2.22.RELEASE
• 9f238c9 Polishing
• 50177b1 Refine CachedIntrospectionResults property introspection
• 159a99b Ignore invalid STOMP frame
• 41e158c Next development version (v5.2.22.BUILD-SNAPSHOT)
• 833e750 Improve documentation and matching algorithm in data binders
• d70054d Upgrade to Log4j2 2.17.2
• 36e4951 Polishing
• 87b5080 Consistent use of getLocalAddr() without DNS lookups in request adapters
• 5cbf85a Avoid return value reference in potentially cached MethodParameter instance
• Additional commits viewable in compare view

Updates org.apache.poi:poi from 3.14 to 4.1.1

Updates org.apache.poi:poi-scratchpad from 3.14 to 5.2.1

Updates org.apache.poi:poi-ooxml from 3.14 to 5.4.0

Updates ch.qos.logback:logback-classic from 1.2.9 to 1.2.13

Commits

• 2648b9e prepare release 1.2.13
• bb09515 fix CVE-2023-6378
• 4573294 start work on 1.2.13-SNAPSHOT
• a388193 Merge branch 'branch_1.2.x' of github.com:qos-ch/logback into branch_1.2.x
• de44dc4 prepare release 1.2.12
• ca0cf17 Merge pull request #532 from joakime/fix-jetty-requestlog
• e31609b removed unused files
• 21e29ef Merge pull request #567 from spliffone/LOGBACK-1633
• e869000 fix: published POM file contain the wrong scm URL
• 009ea46 version for next dev cycle
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-core from 3.1.4.RELEASE to 5.7.14

Release notes

Sourced from org.springframework.security:spring-security-core's releases.

5.7.14

⭐ New Features

• Support ServerExchangeRejectedHandler @Bean #15975

🪲 Bug Fixes

• Support ServerWebExchangeFirewall @Bean #15974

5.7.13

No release notes provided.

5.7.12

🪲 Bug Fixes

• Check for null Authentication #14715

5.7.11

⭐ New Features

• Automate spring-security.xsd #13819

5.7.10

🪲 Bug Fixes

• Use default PathPatternParser instance #13461

🔨 Dependency Upgrades

• Update io.projectreactor to 2020.0.34 #13509
• Update org.springframework to 5.3.29 #13511
• Update org.springframework.data to 2021.2.14 #13512
• Update reactor-netty to 1.0.34 #13510

5.7.9

⭐ New Features

• Convert to Asciidoctor Tabs #13404
• Use Antora name of security #13328

🪲 Bug Fixes

• Additional filters registered when using Custom DSL #13203
• Clarify that Kotlin DSL needs an import #13092
• Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository #13098
• Fix Antora Warnings #13291
• Fix constant value in XContentTypeOptionsServerHttpHeadersWriter #13155
• Fix Documentation Title #13315
• Fix javadoc for migration from WebSecurityConfigurerAdapter #12996
• Fix typo in SecurityMockMvcResultMatchers.java #12793

... (truncated)

Changelog

Sourced from org.springframework.security:spring-security-core's changelog.

= Release Process

The release process for Spring Security is entirely automated via the https://github.com/spring-io/spring-security-release-tools/blob/main/release-plugin/README.adoc[Spring Security Release Plugin] and https://github.com/spring-io/spring-security-release-tools/tree/main/.github/workflows[reusable workflows]. The following table outlines the steps that are taken by the automation.

WARNING: The 5.8.x branch does not have all of the improvements from the 6.x.x branches. See "Status (5.8.x)" for which steps are still manual.

In case of a failure, you can follow the links below to read about each step, which includes instructions for performing the step manually if applicable. See for troubleshooting tips.

[cols="1,1,1"] |=== | Step | Status (5.8.x) | Status (6.0.x+)

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ❌ manual | ✅ automated

| | ❌ manual | ✅ automated

... (truncated)

Commits

• d0b2b33 Release 5.7.14
• 0eaffb3 Require Locale argument for toLower/toUpperCase usage
• e86d88d Support ServerExchangeRejectedHandler @​Bean
• e48d6b0 Support ServerWebExchangeFirewall @​Bean
• dd3c689 Next development version
• c552366 Release 5.7.13
• 7215c72 Migrate slack notifications to GChat
• 4ce7cde Add Firewall for WebFlux
• c8342fc Use antora-extensions 1.10.0
• 1b0c4d6 Next development version
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-web from 3.1.4.RELEASE to 5.7.14

Release notes

Sourced from org.springframework.security:spring-security-web's releases.

5.7.14

⭐ New Features

• Support ServerExchangeRejectedHandler @Bean #15975

🪲 Bug Fixes

• Support ServerWebExchangeFirewall @Bean #15974

5.7.13

No release notes provided.

5.7.12

🪲 Bug Fixes

• Check for null Authentication #14715

5.7.11

⭐ New Features

• Automate spring-security.xsd #13819

5.7.10

🪲 Bug Fixes

• Use default PathPatternParser instance #13461

🔨 Dependency Upgrades

• Update io.projectreactor to 2020.0.34 #13509
• Update org.springframework to 5.3.29 #13511
• Update org.springframework.data to 2021.2.14 #13512
• Update reactor-netty to 1.0.34 #13510

5.7.9

⭐ New Features

• Convert to Asciidoctor Tabs #13404
• Use Antora name of security #13328

🪲 Bug Fixes

• Additional filters registered when using Custom DSL #13203
• Clarify that Kotlin DSL needs an import #13092
• Document missing OAuth2LoginAuthenticationFilter set AuthorizationRequestRepository #13098
• Fix Antora Warnings #13291
• Fix constant value in XContentTypeOptionsServerHttpHeadersWriter #13155
• Fix Documentation Title #13315
• Fix javadoc for migration from WebSecurityConfigurerAdapter #12996
• Fix typo in SecurityMockMvcResultMatchers.java #12793

... (truncated)

Changelog

Sourced from org.springframework.security:spring-security-web's changelog.

= Release Process

The release process for Spring Security is entirely automated via the https://github.com/spring-io/spring-security-release-tools/blob/main/release-plugin/README.adoc[Spring Security Release Plugin] and https://github.com/spring-io/spring-security-release-tools/tree/main/.github/workflows[reusable workflows]. The following table outlines the steps that are taken by the automation.

WARNING: The 5.8.x branch does not have all of the improvements from the 6.x.x branches. See "Status (5.8.x)" for which steps are still manual.

In case of a failure, you can follow the links below to read about each step, which includes instructions for performing the step manually if applicable. See for troubleshooting tips.

[cols="1,1,1"] |=== | Step | Status (5.8.x) | Status (6.0.x+)

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ✅ automated | ✅ automated

| | ❌ manual | ✅ automated

| | ❌ manual | ✅ automated

... (truncated)

Commits

• d0b2b33 Release 5.7.14
• 0eaffb3 Require Locale argument for toLower/toUpperCase usage
• e86d88d Support ServerExchangeRejectedHandler @​Bean
• e48d6b0 Support ServerWebExchangeFirewall @​Bean
• dd3c689 Next development version
• c552366 Release 5.7.13
• 7215c72 Migrate slack notifications to GChat
• 4ce7cde Add Firewall for WebFlux
• c8342fc Use antora-extensions 1.10.0
• 1b0c4d6 Next development version
• Additional commits viewable in compare view

Updates org.apache.wicket:wicket-core from 6.29.0 to 8.17.0

Updates xalan:xalan from 2.7.1 to 2.7.3

Updates xerces:xercesImpl from 2.10.0 to 2.12.2

Updates org.postgresql:postgresql from 42.3.1 to 42.3.9

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.3.8

What's Changed

• backpatch changes for 42.5.1 by @​davecramer in pgjdbc/pgjdbc#2674

Full Changelog: pgjdbc/pgjdbc@REL42.3.7...REL42.3.8

v42.3.7

What's Changed

• backpatch changes from GHSA-r38f-c4h4-hqq2 security advisory for CVE-2022-31197 by @​davecramer in pgjdbc/pgjdbc#2607

Full Changelog: pgjdbc/pgjdbc@REL42.3.6...REL42.3.7

v42.3.6

What's Changed

• Fix heading format for version numbers [SKIP-CI] by @​davecramer in pgjdbc/pgjdbc#2504
• fix: close refcursors when underlying cursor==null instead of relying on defaultRowFetchSize by @​vlsi in pgjdbc/pgjdbc#2377
• Created release notes for 42.3.6 [SKIP-CI] by @​davecramer in pgjdbc/pgjdbc#2515

Full Changelog: pgjdbc/pgjdbc@REL42.3.5...REL42.3.6

v42.3.5

What's Changed

• move version to 42.3.5 [SKIP-CI] by @​davecramer in pgjdbc/pgjdbc#2493
• perf: enable tcpNoDelay by default by @​obourgain in pgjdbc/pgjdbc#2495
• docs: fix readme.md after #2495 by @​obourgain in pgjdbc/pgjdbc#2496
• Added KEYS file to allow for verifying artifacts by @​davecramer in pgjdbc/pgjdbc#2499
• feat: targetServerType=preferPrimary connection parameter by @​mitya555 in pgjdbc/pgjdbc#2483
• fix: revert removal of toOffsetDateTime(String timestamp) fixes #Issue 2497 by @​davecramer in pgjdbc/pgjdbc#2501
• chore: use GitHub Action concurrency feature to terminate CI jobs on fast PR pushes by @​vlsi in pgjdbc/pgjdbc#2405
• Releasenotes 42.3.5 by @​davecramer in pgjdbc/pgjdbc#2502
• More changlog additions added chore to terminate CI jobs on fast PR pushes [SKIP-CI] by @​davecramer in pgjdbc/pgjdbc#2503

New Contributors

• @​obourgain made their first contribution in pgjdbc/pgjdbc#2495
• @​mitya555 made their first contribution in pgjdbc/pgjdbc#2483

Full Changelog: pgjdbc/pgjdbc@REL42.3.4...REL42.3.5

v42.3.4

What's Changed

• Use non-synchronized getTimeZone in TimestampUtils by @​TeslaCN in pgjdbc/pgjdbc#2451
• docs: Update testing documentation by @​davecramer in pgjdbc/pgjdbc#2446
• fix: Throw an exception if the driver cannot parse the URL instead of returning NULL by @​davecramer in pgjdbc/pgjdbc#2441
• fix: Use PGProperty instead of the property names directly by @​davecramer in pgjdbc/pgjdbc#2444
• fix: change PGInterval parseISO8601Format to support fractional second by @​paulo-kluh in pgjdbc/pgjdbc#2457
• docs: update changelog, missing links at bottom and formatting by @​davecramer in pgjdbc/pgjdbc#2460
• docs: Fix CHANGELOG.md misformatted markdown headings by @​fcv in pgjdbc/pgjdbc#2461

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

Changelog

Notable changes since version 42.0.0, read the complete History of Changes.

The format is based on Keep a Changelog.

[Unreleased]

Changed

Added

Fixed

[42.7.5] (2025-01-14 08:00:00 -0400)

Added

• ci: Test with Java 23 [PR #3381](pgjdbc/pgjdbc#3381)

Fixed

• regression: revert change in fc60537 [PR #3476](pgjdbc/pgjdbc#3476)
• fix: PgDatabaseMetaData implementation of catalog as param and return value [PR #3390](pgjdbc/pgjdbc#3390)
• fix: Support default GSS credentials in the Java Postgres client [PR #3451](pgjdbc/pgjdbc#3451)
• fix: return only the transactions accessible by the current_user in XAResource.recover [PR #3450](pgjdbc/pgjdbc#3450)
• feat: don't force send extra_float_digits for PostgreSQL >= 12 fix [Issue #3432](pgjdbc/pgjdbc#3432) [PR #3446](pgjdbc/pgjdbc#3446)
• fix: exclude "include columns" from the list of primary keys [PR #3434](pgjdbc/pgjdbc#3434)
• perf: Enhance the meta query performance by specifying the oid. [PR #3427](pgjdbc/pgjdbc#3427)
• feat: support getObject(int, byte[].class) for bytea [PR #3274](pgjdbc/pgjdbc#3274)
• docs: document infinity and some minor edits [PR #3407](pgjdbc/pgjdbc#3407)
• fix: Added way to check for major server version, fixed check for RULE [PR #3402](pgjdbc/pgjdbc#3402)
• docs: fixed remaining paragraphs [PR #3398](pgjdbc/pgjdbc#3398)
• docs: fixed paragraphs in javadoc comments [PR #3397](pgjdbc/pgjdbc#3397)
• fix: Reuse buffers and reduce allocations in GSSInputStream addresses [Issue #3251](pgjdbc/pgjdbc#3251) [PR #3255](pgjdbc/pgjdbc#3255)
• chore: Update Gradle to 8.10.2 [PR #3388](pgjdbc/pgjdbc#3388)
• fix: getSchemas() [PR #3386](pgjdbc/pgjdbc#3386)
• fix: Update rpm postgresql-jdbc.spec.tpl with scram-client [PR #3324](pgjdbc/pgjdbc#3324)
• fix: Clearing thisRow and rowBuffer on close() of ResultSet [Issue #3383](pgjdbc/pgjdbc#3383) [PR #3384](pgjdbc/pgjdbc#3384)
• fix: Package was renamed to maven-bundle-plugin [PR #3382](pgjdbc/pgjdbc#3382)
• fix: As of version 18 the RULE privilege has been removed [PR #3378](pgjdbc/pgjdbc#3378)
• fix: use buffered inputstream to create GSSInputStream [PR #3373](pgjdbc/pgjdbc#3373)
• test: get rid of 8.4, 9.0 pg versions and use >= jdk version 17 [PR #3372](pgjdbc/pgjdbc#3372)
• Changed docker-compose version and renamed script file in instructions to match the real file name [PR #3363](pgjdbc/pgjdbc#3363)
• test:Do not assume "test" database in DatabaseMetaDataTransactionIsolationTest [PR #3364](Description has been truncated