Changelogs

Release notes for every shipped version of pgJDBC. Click a version for the full changelog including author breakdown and pull-request references.

• REL42.7.11 2026-04-28 Security release: caps SCRAM PBKDF2 iterations (CVE-2026-42198). Adds require_auth, fixes cursor fetching after BEGIN, SSL fallback/timeout handling, COPY hang on IOException, and more.
• REL42.7.10 2026-02-11 Migrates to Shadow 9. Fixes a fastpath protocol-error race. Reverts the 42.7.9 Calendar proleptic-Gregorian change.
• REL42.7.9 2026-01-15 Adds queryTimeout property and PEMKeyManager for PEM certs. Fixes memory leak on Java <= 21 and NaN decoding in numeric arrays.
• REL42.7.8 2025-09-18 Adds convertBooleanToNumeric ResultSet getter. DatabaseMetaData now uses server-prepared statements. Fixes pre-PG12 replication.
• REL42.7.7 2025-06-11 Security: channelBinding=require no longer silently accepts non-SASL auth (CVE-2025-49146).
• REL42.7.6 2025-05-27 Handles protocol 3.2 wider cancel keys. Java 24 compatibility for PgConnection#abort. Restores ApplicationName setting.
• REL42.7.5 2025-01-14 Adds getObject(int, byte[].class) for bytea, default GSS credentials, extra_float_digits skip on PG >= 12. XAResource.recover filters by current_user.
• REL42.7.4 2024-08-22 Adds SCRAM channel binding (scram 3.1), direct SSL ALPN connections, maxSendBufferSize. Fixes TIME '24:00' binary decode and Infinity::numeric.
• REL42.7.3 2024-03-14 Fixes boolean and uuid types in SimpleQuery mode. Build enforces JDK 17+. Companion to the 42.2.29-42.6.2 ByteBuffer#position re-releases.
• REL42.4.5 2024-03-13 Fixes ByteBuffer#position NoSuchMethodError on Java 8 (42.4.4 built with Java 17). Also fixes SimpleParameterList type casting for well-known types.
• REL42.3.10 2024-03-13 Fixes ByteBuffer#position NoSuchMethodError on Java 8 (42.3.9 built with Java 17). Also fixes SimpleParameterList type casting for well-known types.
• REL42.2.29 2024-03-13 Fixes ByteBuffer#position NoSuchMethodError on Java 8 (42.2.28 built with Java 17). Also fixes SimpleParameterList type casting for well-known types.
• REL42.5.6 2024-03-13 Fixes ByteBuffer#position NoSuchMethodError on Java 8 (42.5.5 built with Java 17). Also fixes SimpleParameterList type casting for well-known types.
• REL42.6.2 2024-03-13 Fixes ByteBuffer#position NoSuchMethodError on Java 8 (42.6.1 built with Java 17). Also fixes SimpleParameterList type casting for well-known types.
• REL42.7.2 2024-02-21 Security: SQL injection via line-comment generation in SimpleQuery mode (CVE-2024-1597). Adds PasswordUtil for client-side password encryption.
• REL42.6.1 2024-02-21 Security: SQL injection via line-comment generation in SimpleQuery mode with numeric placeholder followed by string placeholder (CVE-2024-1597).
• REL42.5.5 2024-02-21 Security: SQL injection via line-comment generation in SimpleQuery mode with numeric placeholder followed by string placeholder (CVE-2024-1597).
• REL42.4.4 2024-02-21 Security: SQL injection via line-comment generation in SimpleQuery mode with numeric placeholder followed by string placeholder (CVE-2024-1597).
• REL42.3.9 2024-02-21 Security: SQL injection via line-comment generation in SimpleQuery mode with numeric placeholder followed by string placeholder (CVE-2024-1597).
• REL42.2.28 2024-02-21 Security: SQL injection via line-comment generation in SimpleQuery mode with numeric placeholder followed by string placeholder (CVE-2024-1597).
• REL42.7.1 2023-12-06 Fixes 42.7.0 regressions: ByteBuffer#position NoSuchMethodError on Java 8, SET-then-SHOW wrong results, DateStyle canonical name.
• REL42.7.0 2023-11-20 Opens the 42.7.x line: getCatalogs returns all catalogs, PreparedStatement allows SET combined with other queries, varbit added to TypeInfoCache.
• REL42.6.0 2023-03-17 Opens the 42.6.x line: replaces Object.finalize() with PhantomReferences for leak tracking; swaps internal synchronized for ReentrantLock (Loom).
• REL42.5.4 2023-02-16 Fixes BOX_ARRAY OID lookup in OidValueCorrectnessTest and switches the cache-presence test from box (now cached) to xid. CI tweaks.
• REL42.5.3 2023-02-03 Fixes the two 42.5.2 regressions: adds box to TypeInfoCache and corrects the PgResultSet LONG_MIN copy-paste error.
• REL42.5.2 2023-01-31 Do not use: two regressions fixed in 42.5.3. Adds gssResponseTimeout, auto binary transfer for custom types, thread-safe PgResultSet#getTimestamp.
• REL42.5.1 2022-11-23 Security: StreamWrapper temp-file world-readable on Unix when spilling large setText/setBytea payloads (CVE-2022-41946). Fixes binary bool decoding.
• REL42.5.0 2022-08-24 Opens the 42.5.x line: reverts the 42.4.x change that aliased SQL float to float4; float now aliases to float8 again.
• REL42.4.2 2022-08-17 Fixes GSS regression from Java-17 build changes. setObject accepts UUID arrays. Adds SSL-upgrade response timeout; synchronizes statement execution.
• REL42.4.1 2022-08-03 Security: SQL injection in PgResultSet.refresh() via unescaped column identifiers (CVE-2022-31197). Adds Java 17 build support.
• REL42.4.0 2022-06-09 Opens the 42.4.x line: queries with up to 65535 parameters. Adds GROUP_STARTUP_PARAMETERS=false (pgbouncer). Fixes JarIndex parsing regression.
• REL42.3.6 2022-05-24 Fixes "cursor <unnamed portal 1> does not exist" when setting fetchSize on CallableStatement refcursors (regression since 42.3.2).
• REL42.3.5 2022-05-04 Restores tcpNoDelay=true default (regression vs 42.2.x). Adds targetServerType=preferPrimary and KEYS file for artifact verification.
• REL42.3.4 2022-04-15 Adds getObject/setObject(OffsetTime.class) and direct wire-format LocalDate conversion. Throws SQLException on unparseable URLs instead of null.
• REL42.3.3 2022-02-15 Removes loggerFile/loggerLevel runtime effect; configure logging via java.util.logging mechanisms (logging.properties) instead.
• REL42.3.2 2022-02-01 Security: plugin class names instantiated without interface checks (CVE-2022-21724). Adds authenticationPluginClassName, tcpNoDelay, pg_service.conf.
• REL42.2.25 2022-02-01 Security: authenticationPluginClassName/sslfactory/socketFactory class names were instantiated without interface checks (CVE-2022-21724).
• REL42.3.1 2021-10-29 Switches to JRE UTF-8 decoding, interns common strings, treats Object[] as multi-dim arrays. Fixes binary numeric decode for multiples of 10000.
• REL42.3.0 2021-10-18 Opens the 42.3.x line: drops Java 6/7. Groups startup statements into one transaction on PG 9.0+. Adds QUOTE_RETURNING_IDENTIFIERS property.
• REL42.2.24 2021-09-22 Fixes startup regression from OID-based sql-type lookup (42.2.23). Also fixes OID unsigned handling and fastpath ParameterStatus messages.
• REL42.2.23 2021-07-06 Fixes Numeric getColumnPrecision returning 131089 when unspecified, refreshRow making rows read-only, and updateable results via unique indexes.
• REL42.2.22 2021-06-16 Reverts the 42.2.21 async-notify peek() change: byte-availability checks on blocking encrypted streams caused unacceptable delays.
• REL42.2.21 2021-06-10 Backpatches updateable ResultSet requiring primary keys, async notify after ReadyForQuery, OSGi activator rework, and search_path-respecting metadata.
• REL42.2.20 2021-04-19 Fixes partitioned-index discovery. isValid() no longer shares its timeout with setQueryTimeout. getTables returns UPPER-case columns per spec.
• REL42.2.19 2021-02-18 SCRAM uses SASLprep so passwords with spaces work. Fixes cancel-socket timeout, PGCopyInputStream duplicate last row, Connection.isValid timeout.
• REL42.2.18 2020-10-15 Completes the gssEncMode=ALLOW default change: the GSSEncMode enum was also flipped (the 42.2.17 fix was incomplete).
• REL42.2.17 2020-10-09 gssEncMode default flipped to ALLOW for cloud providers that misimplement libpq. Restores enum/jsonb arrays as String. Fixes NPE on PGbox nulls.
• REL42.2.16 2020-08-20 Fixes binary-format arrays to be 1-based per SQL standard (regression since 42.2.0 affected multi-dim, text, oid, bytea arrays).
• REL42.2.15 2020-08-14 Adds GSSAPI encrypted connections via gssEncMode (PG 12+) and Checker-Framework nullness verification. Fixes socketTimeout enforcement.
• REL42.2.14 2020-06-10 Restores waffle-jna/org.osgi.core/org.osgi.enterprise as optional Maven dependencies (regression from the 42.2.13 Gradle migration).
• REL42.2.13 2020-06-04 Security: XXE in SQLXML parsing (CVE-2020-13692). Build system switched to Gradle. Note: waffle-jna/OSGi deps inadvertently became non-optional.
• REL42.2.12 2020-03-31 Reverts the 42.2.11 silent-rollback-to-exception change (breaking) and the full-data-type-name lookup (PgType cache errors).
• REL42.2.11 2020-03-10 Do not use: two breaking changes were reverted in 42.2.12. Exposes ByteStreamWriter in CopyManager; partitioned-vs-base tables in getTables.
• REL42.2.10 2020-01-30 Adds maxResultBuffer property. Fixes boolean update needing t/f, GSS service name port leak, PGInterval small-value parsing, UTF-8 encoding perf.
• REL42.2.9 2019-12-06 Adds escapeSyntaxCallMode, readOnlyMode, pkcs12 SSL keys, large update counts, binary NUMERIC. Fixes BEGIN-before-COPY via extended protocol.
• REL42.2.8 2019-09-13 Reverts the 42.2.7 inet-as-InetAddress default; inet returns PGObject again and now handles values with net masks.
• REL42.2.7 2019-09-10 Adds Automatic-Module-Name for JDK 9+, GUC_REPORT parameter-status exposure, and inet-to-InetAddress mapping. Fixes proleptic java.time conversion.
• REL42.2.6 2019-06-19 Adds PostgreSQL 11/12 support and temporary replication slots. Fixes async-copy 1ms-per-op stall in SSL mode and savepoint exhaustion in autosave.
• REL42.2.5 2018-08-27 Security: SSL hostname verification for non-default SSL factories (CVE-2018-10936). ssl=true now implies sslmode=verify-full.
• REL42.2.4 2018-07-14 Fixes SQL_TSI_YEAR/WEEK/MINUTE escape handling (regression from 42.2.3). setNull respects typeName. Maps integrity violations to XA_RBINTEGRITY.
• REL42.2.3 2018-07-12 Deprecates Fastpath API. Fixes special-character encoding in BaseDataSource passwords and timestamp nanosecond rounding. Lowers re-throw log severity.
• REL42.2.2 2018-03-15 Fixes Blob/Clob mark/reset, reWriteBatchedInserts with ON CONFLICT update, and RETURNING for WITH queries and INSERT/UPDATE/DELETE after comments.
• REL42.2.1 2018-01-25 Packages the SCRAM client classes so shaded jars work. Fixes DateStyle=ISO connect failure (pgbouncer) and reWriteBatchedInserts with ON CONFLICT.
• REL42.2.0 2018-01-17 Opens the 42.2.x line: adds SCRAM-SHA-256, GSS jaasLogin option, IDENTITY metadata, getNetworkTimeout, Subject Alternative Names. Drops crypt auth.
• REL42.1.4 2017-08-01 Statements with non-zero fetchSize no longer require a server-side named handle (may regress on pre-8.4 PG with interleaved ResultSets).
• REL42.1.3 2017-07-14 Fixes NPE in PreparedStatement.executeBatch on empty batch (regression from 42.1.2).
• REL42.1.2 2017-07-12 Better RETURNING-keyword detection. Batch inserts now use server-prepared statements when prepareThreshold>0. Fixes statusIntervalUpdate high CPU.
• REL42.1.1 2017-05-05 Fixes infinite dates being corrupted in binary transfer on some JREs (e.g. 5881610-07-11 instead of infinity).
• REL42.1.0 2017-05-04 Fixes the 42.0.0 setCharacterStream truncation and DataSource driver-loading regressions. Adds REF_CURSOR fetching via getObject.
• REL42.0.0 2017-02-20 Opens the 42.x line: drops PostgreSQL < 8.2, adds replication protocol API, switches to java.util.logging. Deprecates PGPoolingDataSource.