Download Latest Version
postgresql-42.7.7.jar (1.1 MB)
Get an email when there's a new version of PostgreSQL JDBC Driver
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| postgresql-42.7.7.jar | 2025-06-11 | 1.1 MB | |
| README.md | 2025-06-11 | 2.7 kB | |
| v42.7.7 source code.tar.gz | 2025-06-11 | 2.3 MB | |
| v42.7.7 source code.zip | 2025-06-11 | 3.0 MB | |
| Totals: 4 Items | 6.4 MB | 22 | |
Changes
Security
- security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration.
Fix
channel binding requiredhandling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued
Added
- test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings
🐛 Bug Fixes
- fix: ensure Connection.isValid() returns true even if prepared statements deallocate @vlsi (#3655)
🧰 Maintenance
- chore: bump slf4j and logback versions used for pgjdbc-osgi-test @vlsi (#3653)
- chore: fix the default branch name for dependency-submission action @vlsi (#3650)
- chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @vlsi (#3646)