Upgrade postgres to 42.4.1 to fix CVE-2022-31197 (#621)

* Upgrade postgres to 42.4.1 to fix CVE-2022-31197
Consensys · Aug 5, 2022 · a737eef · a737eef
1 parent f83f0cc
commit a737eef
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,9 @@
 - Introduced `--slashing-protection-db-health-check-interval-milliseconds` to specify the interval between slashing db health check procedures.
 - Updated Teku libraries version (support for Prater/Görli merge).
 
+### Bugs Fixed
+- Updated to PostgreSQL JDBC driver to 42.4.1. Resolves a potential vulnerability CVE-2022-31197.
+
 ## 22.7.0
 ### Features Added
 - Support register validator API endpoint [#577](https://github.com/ConsenSys/web3signer/issues/577)

diff --git a/gradle/versions.gradle b/gradle/versions.gradle
@@ -122,7 +122,7 @@ dependencyManagement {
     dependency 'com.azure:azure-identity:1.4.3'
 
     dependency 'com.zaxxer:HikariCP:3.4.5'
-    dependency 'org.postgresql:postgresql:42.3.3'
+    dependency 'org.postgresql:postgresql:42.4.1'
 
     dependencySet(group: 'org.jdbi', version: '3.14.4') {
       entry 'jdbi3-core'