The fix got merged into the 42.2.x branch:
https://github.com/pgjdbc/pgjdbc/commits/release/42.2/
So guess we just need to bump the dep in the pom.
But as far as I see the code doesn't use the PreferQueryMode flag,
so we're save.
Jean-Louis
I think there is a typo in the announcement. 42.2.8 is 4 year old, 42.2.28 was issued this night. That’s suspicious.
Le 21 févr. 2024 à 09:24, Sandro Bonazzola <sbonazzo@redhat.com> a écrit :
I'm not an expert on this topic, but according engine's pom we are using 42.2.27 which doesn't seem to be in the list of the affected version on https://github.com/advisories/GHSA-xfg6-62px-cxc2
Il giorno mer 21 feb 2024 alle ore 09:09 Fabrice Bacchella via Users <users@ovirt.org> ha scritto:
Does oVirt is exposed to CVE-2024-1597 ?_______________________________________________
To be exposed, the jdbc driver needs to be used with PreferQueryMode=SIMPLE. Is that the situation ?
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MORV4QFHRUUKWEWTXSLUWKADCF7YTYW6/
--
Sandro BonazzolaMANAGER, SOFTWARE ENGINEERINGRed Hat In-Vehicle Operating System
Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours.
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/U6RRN65LSS3NOMSR2LLT5QJAN3NNK2OA/