Commit da6f2c9 1 parent c543134 commit da6f2c9 Copy full SHA for da6f2c9
File tree 1 file changed +19
-0
lines changed
1 file changed +19
-0
lines changed Original file line number Diff line number Diff line change 1+ # 5.5.4 (March 4, 2024)
2+
3+ Fix CVE-2024 -27304
4+
5+ SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer
6+ overflow in the calculated message size can cause the one large message to be sent as multiple messages under the
7+ attacker's control.
8+
9+ Thanks to Paul Gerste for reporting this issue.
10+
11+ * Fix behavior of CollectRows to return empty slice if Rows are empty (Felix)
12+ * Fix simple protocol encoding of json.RawMessage
13+ * Fix * Pipeline.getResults should close pipeline on error
14+ * Fix panic in TryFindUnderlyingTypeScanPlan (David Kurman)
15+ * Fix deallocation of invalidated cached statements in a transaction
16+ * Handle invalid sslkey file
17+ * Fix scan float4 into sql.Scanner
18+ * Fix pgtype.Bits not making copy of data from read buffer. This would cause the data to be corrupted by future reads.
19+
120# 5.5.3 (February 3, 2024)
221
322* Fix: prepared statement already exists
You can’t perform that action at this time.
0 commit comments