Update dependency org.postgresql:postgresql to v42

[mend-for-github-com]

This PR contains the following updates:

Package	Update	Change
org.postgresql:postgresql (source)	major	9.4.1212.jre7 -> 42.2.13

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	7.7	CVE-2020-13692	#128

---

Release Notes

pgjdbc/pgjdbc

v42.2.13

Notable Changes

• Security: The primary reason to release this version and to continue the 42.2.x branch is for CVE-2020-13692.
  Reported by David Dworken, this is an XXE and more information can be found here.
  Sehrope Sarkuni reworked the XML parsing to provide a solution in commit 14b62aca4.
• The build system has been changed to Gradle thanks to Vladimir PR 1627.
• Regression: com.github.waffle:waffle-jna, org.osgi:org.osgi.core, org.osgi:org.osgi.enterprise dependencies are listed as non-optional issue 1975.

Changed

Added

• jre-6 was added back to allow us to release fixes for all artifacts in the 42.2.x branch PR 1787

Fixed

• I/O error ru translation PR 1756
• Issue 1771 PgDatabaseMetaData.getFunctions() returns
  procedures fixed in PR 1774
• getTypeMap() returning null PR 1781
• Updated openssl example command PR 1763
• fix documentation with ordered list to be displayed correctly PR 1783

v42.2.12

Notable changes

We have released 42.2.12 to correct regressions in this version: Specifically

• PR 1729 was reverted as this is a breaking change
• PR 1719 has been reverted as it introduced errors in the PgType Cache

We recommend that version 42.2.11 not be used.

Changed

• reverted PR 1729 throw an error instead of silently rolling back a commit error.
  This change introduced a breaking change which will be moved to 42.3.0
• reverted PR 1719 add support for full names of data types (#​1719)

v42.2.11

Notable changes
As mentioned above this version is broken and should not be used.

Changed

• Reverted PR 1641. The driver will now wait for EOF when sending cancel signals.
• DatabaseMetaData#getProcedures returns only procedures (not functions) for PostgreSQL 11+ PR 1723
• Convert silent rollbacks into exception if application sends commit or xa.prepare command PR 1729

Added

• feat: raiseExceptionOnSilentRollback connection option to configure if silent rollback should raise an exception PR 1729
• feat: Expose ByteStreamWriter in CopyManager PR 1702
• feat: add way to distinguish base and partitioned tables in PgDatabaseMetaData.getTables PR 1708
• refactor: introduce tuple abstraction (rebased) PR 1701
• refactor: make PSQLState enum consts for integrity constraint violations PR 1699
• test: add makefile to create ssl certs PR 1706

Fixed

• fix: Always use . as decimal separator in PGInterval PR 1705
• fix: allow DatabaseMetaData.getColumns to describe an unset scale PR 1716

Changed

• Build system update from Maven to Gradle PR 1627

Added

• docker-compose image for creating test databases (see docker folder)

v42.2.10

Changed

• (!) Regression: remove receiving EOF from backend after cancel PR 1641. The regression is that the subsequent query might receive the cancel signal.

Added

• Add maxResultBuffer property PR 1657
• add caller push of binary data (rebase of #​953) PR 1659

Fixed

• Cleanup PGProperty, sort values, and add some missing to docs PR 1686
• Fixing LocalTime rounding (losing precision) PR 1570
• Network Performance of PgDatabaseMetaData.getTypeInfo() method PR 1668
• Issue #​1680 updating a boolean field requires special handling to set it to t or f instead of true or false PR 1682
• bug in pgstream for replication PR 1681
• Issue #​1677 NumberFormatException when fetching PGInterval with small value PR 1678
• Metadata queries improvements with large schemas. PR 1673
• Utf 8 encoding optimizations PR 1444
• interval overflow PR 1658
• Issue #​1482 where the port was being added to the GSSAPI service name PR 1651
• remove receiving EOF from backend after cancel since according to protocol the server closes the connection once cancel is sent (connection reset exception is always thrown) PR 1641
• Unable to register out parameter Issue #​1646 PR 1648

v42.2.9

Changed

Added

• read only transactions PR 1252
• pkcs12 key functionality PR 1599
• new "escapeSyntaxCallMode" connection property PR 1560
• connection property to limit server error detail in exception exceptions PR 1579
• cancelQuery() to PGConnection public interface PR 1157
• support for large update counts (JDBC 4.2) PR 935
• Add Binary Support for Oid.NUMERIC and Oid.NUMERIC_ARRAY PR 1636

Fixed

• issue 716 getTypeInfo() may not return data in the order specified in Oracle documentation PR 1506
• PgSQLXML setCharacterStream() results in null value PR 1608
• get correct column length for simple domains PR 1605
• NPE as a result of calling executeQuery twice on a statement fixes issue #​684 PR 1610
• handle numeric domain types PR 1611
• pginterval to take iso8601 strings PR 1612
• remove currentTimeMillis from code, tests are OK PR 1617
• NPE when calling setNull on a PreparedStatement with no parameters PR 1620
• allow OUT parameter registration when using CallableStatement native CALL PR 1561
• add release save point into execute with batch PR 1583
• Prevent use of extended query protocol for BEGIN before COPY PR 1639

v42.2.8

Changed

Added

Fixed

• fix: Revert inet default Java type to PGObject and handle values with net masks PR 1568

v42.2.7

Changed

Added

• Expose parameter status messages (GUC_REPORT) to the user PR 1435
• Add automatic module name to manifest for jdk9+ PR 1538
• Log ignoring rollback when no transaction in progress PR 1549
• Map inet type to InetAddress PR 1527 issue 1134

Fixed

• fix issue 1547 As long as peek returns some bytes do not reset the timeout, this allows us to continue checking until any async notifies are consumed PR 1548
• fix: issue 1466 In logical decoding the if the backend was requesting a reply we… PR 1467
• fix: issue 1534 Proleptic java.time support PR 1539
• fix Ensure isValid() will not last more than timeout seconds PR 1557

v42.2.6

Known issues

• Waffle has dropped support for 1.6, 1.7 as such the new waffle 1.9.x is only available in jre8
• Microseconds in timestamps might be truncated when transferred in binary mode
• 24:00 time handling is not consistent issue 1385
• Unexpected packet type during stream replication issue 1466
• Driver goes missing after OSGi bundle restart issue 1476

Changed

• Change IS_GENERATED to IS_GENERATEDCOLUMN as per spec PR 1485
• Fix missing metadata columns, and misspelled columns in PgDatabaseMetaData#getTables PR 1323

Added

• CI tests with Java 11, and Java EA
• Support temporary replication slots in ReplicationCreateSlotBuilder PR 1306
• Support PostgreSQL 11, 12
• Return function (PostgreSQL 11) columns in PgDatabaseMetaData#getFunctionColumns
• Return information on create replication slot, now the snapshot_name is exported
  to allow a consistent snapshot in some uses cases. PR 1335

Fixed

• Fixed async copy performance (1ms per op) in SSL mode PR 1314
• Return Double.NaN for 'NaN'::numeric PR 1304
• Performance issue in PgDatabaseMetaData#getTypeInfo with lots of types in DB PR 1302
• PGCopyInputStream#read should cap values to [0, 255], -1 PR 1349
• Fixes LocalDateTime handling of BC dates PR 1388
• Release savepoints in autosave mode to prevent out of shared memory errors at the server side PR 1409
• Fix execution with big decimal in simple query mode. PR 1463
• Fix rounding for timestamps truncated to dates before 1970 PR 1502

v42.2.5

Known issues

• 1ms per async copy call issue 1312

Changed

• ssl=true implies sslmode=verify-full, that is it requires valid server certificate cdeeaca4

targetServerType=master has been deprecated in favour of targetServerType=primary. master
will still be accepted but not documented.

Added

• Support for sslmode=allow/prefer/require cdeeaca4

Fixed

• Security: added server hostname verification for non-default SSL factories in sslmode=verify-full (CVE-2018-10936) cdeeaca4
• Updated documentation on SSL configuration fa032732
• Updated Japanese translations PR 1275
• IndexOutOfBounds on prepared multistatement with insert values c2885dd0

v42.2.4

Changed

• PreparedStatement.setNull(int parameterIndex, int t, String typeName) no longer ignores the typeName
  argument if it is not null PR 1160

Fixed

• Fix treatment of SQL_TSI_YEAR, SQL_TSI_WEEK, SQL_TSI_MINUTE PR 1250
• Map integrity constraint violation to XA_RBINTEGRITY instead of XAER_RMFAIL PR 1175 f2d1352c

v42.2.3

Known issues

• SQL_TSI_YEAR is treated as hour, SQL_TSI_WEEK is treated as hour, SQL_TSI_MINUTE is treated as second

Changed

• Reduce the severity of the error log messages when an exception is re-thrown. The error will be
  thrown to caller to be dealt with so no need to log at this verbosity by pgjdbc PR 1187
• Deprecate Fastpath API PR 903
• Support parenthesis in {oj ...} JDBC escape syntax PR 1204
• ubenchmark module moved pgjdbc/benchmarks repository due to licensing issues PR 1215
• Include section on how to submit a bug report in CONTRIBUTING.md PR 951

Fixed

• getString for PGObject-based types returned "null" string instead of null PR 1154
• Field metadata cache can be disabled via databaseMetadataCacheFields=0 PR 1052
• Properly encode special symbols in passwords in BaseDataSource PR 1201
• Adjust date, hour, minute, second when rounding nanosecond part of a timestamp PR 1212
• perf: reduce memory allocations in query cache PR 1227
• perf: reduce memory allocations in SQL parser PR 1230, PR 1233
• Encode URL parameters in BaseDataSource PR 1201
• Improve JavaDoc formatting PR 1236

v42.2.2

Added

• Documentation on server-side prepared statements PR 1135

Fixed

• Avoid failure for insert ... on conflict...update for reWriteBatchedInserts=true case PR 1130
• fix: allowEncodingChanges should allow set client_encoding=... PR 1125
• Wrong data from Blob/Clob when mark/reset is used PR 971
• Adjust XAException return codes for better compatibility with XA specification PR 782
• Wrong results when single statement is used with different bind typesPR 1137
• Support generated keys for WITH queries that miss RETURNING PR 1138
• Support generated keys when INSERT/UPDATE/DELETE keyword is followed by a comment PR 1138

v42.2.1

Fixed

• Unfortunately changing the default of gssEncMode to ALLOW was not enough. The GSSEncMode Enum was not changed as well
  fixed in #​1920

v42.2.0

Known issues

• SCRAM does not work as scram:client library is not packaged
• client_encoding has to be UTF8 even with allowEncodingChanges=true

Added

• Support SCRAM-SHA-256 for PostgreSQL 10 in the JDBC 4.2 version (Java 8+) using the Ongres SCRAM library. PR 842
• Make SELECT INTO and CREATE TABLE AS return row counts to the client in their command tags. Issue 958 PR 962
• Support Subject Alternative Names for SSL connections. PR 952
• Support isAutoIncrement metadata for PostgreSQL 10 IDENTITY column. PR 1004
• Support for primitive arrays PR#​887 3e0491a
• Implement support for get/setNetworkTimeout() in connections. PR 849
• Make GSS JAAS login optional, add an option "jaasLogin" PR 922 see Connecting to the Database

Changed

• Improve behaviour of ResultSet.getObject(int, Class). PR 932
• Parse CommandComplete message using a regular expresion, allows complete catch of server returned commands for INSERT, UPDATE, DELETE, SELECT, FETCH, MOVE, COPY and future commands. PR 962
• Use 'time with timezone' and 'timestamp with timezone' as is and ignore the user provided Calendars, 'time' and 'timestamp' work as earlier except "00:00:00" now maps to 1970-01-01 and "24:00:00" uses the system provided Calendar ignoring the user-provided one PR 1053
• Change behaviour of multihost connection. The new behaviour is to try all secondaries first before trying the master PR 844.
• Avoid reflective access to TimeZone.defaultTimeZone in Java 9+ PR 1002 fixes Issue 986

Fixed

• Make warnings available as soon as they are received from the server. This is useful for long running queries, where it can be beneficial to know about a warning before the query completes. PR 857
• Use 00:00:00 and 24:00:00 for LocalTime.MIN/MAX. PR 992
• Now the DatabaseMetaData.getFunctions() implementation complies with the JDBC docs. PR 918
• Execute autosave/rollback savepoint via simple queries always to prevent "statement S_xx not exists" when autosaving fixes Issue #​955
• Received resultset tuples, but no field structure for them" when bind failure happens on 5th execution of a statement Issue 811

Removed

• Drop support for the (insecure) crypt authentication method. PR 1026

Deprecated

• Reintroduce Driver.getVersion for backward compatibility reasons, mark it as deprecated as application should not rely on it (regression since 42.0.0) 50d5dd3e

v42.1.4

Changed

• Statements with non-zero fetchSize no longer require server-side named handle. This might cause issues when using old PostgreSQL versions (pre-8.4)+fetchSize+interleaved ResultSet processing combo. Issue 869

v42.1.3

Fixed

• Fix NPE in PreparedStatement.executeBatch in case of empty batch (regression since 42.1.2). PR 867

v42.1.2

Changed

• Better logic for returning keyword detection. Previously, pgjdbc could be defeated by column names that contain returning, so pgjdbc failed to "return generated keys" as it considered statement as already having returning keyword PR 824 201daf1d
• Use server-prepared statements for batch inserts when prepareThreshold>0. Note: this enables batch to use server-prepared from the first executeBatch() execution (previously it waited for prepareThreshold executeBatch() calls) abc3d9d7

Fixed

• Replication API: fix issue in #​834 setting statusIntervalUpdate causes high CPU load. PR 835 59236b74

Regresions

• NPE in PreparedStatement.executeBatch in case of empty batch. Fixed in 42.1.3

v42.1.1

Fixed

• Fix infinite dates that might be corrupted when transferred in binary for certain JREs. For instance, 5881610-07-11 instead of infinity. 1e5bf563

v42.1.0

Added

• Support fetching a REF_CURSOR using getObject PR 809

Fixed

• Fix data being truncated in setCharacterStream (bug introduced in 42.0.0) PR 802
• Fix calculation of lastReceiveLSN for logical replication PR 801
• Make sure org.postgresql.Driver is loaded when accessing though DataSource interface Issue 768

Regressions

• There's no 42.1.0.jre6 version due to infinity handling bug. Fixed in 42.1.1.jre6

v42.0.0

Added

• Replication protocol API was added: replication API documentation. PR 550
• java.util.logging is now used for logging: logging documentation. PR 722
• Add support for PreparedStatement.setCharacterStream(int, Reader). ee4c4265

Changed

• Version bumped to 42.0.0 to avoid version clash with PostgreSQL version and follow a better sematic versioning. 46634923
• Ensure executeBatch() can be used with pgbouncer. Previously pgjdbc could use server-prepared statements for batch execution even with prepareThreshold=0. Issue 742
• Error position is displayed when SQL has unterminated literals, comments, etc. Issue 688
• Strict handling of accepted values in getBoolean and setObject(BOOLEAN), now it follows PostgreSQL accepted values, only 1 and 0 for numeric types are accepted (previously !=0 was true). PR 732
• Return correct versions and name of the driver. PR 668

Removed

• Support for PostgreSQL versions below 8.2 was dropped. PR 661

Deprecated

• Deprecated PGPoolingDataSource, instead of this class you should use a fully featured connection pool like HikariCP, vibur-dbcp, commons-dbcp, c3p0, etc. PR 739

Regressions

• Data truncated in setCharacterStream. Fixed in 42.1.0
• No suitable driver found for jdbc:postgresql when using a DataSource implementation. Fixed in 42.1.0

---

• If you want to rebase/retry this PR, check this box