Skip to content

Commit

Permalink
Update CHANGELOG.md
Browse files Browse the repository at this point in the history
  • Loading branch information
jackc committed Mar 4, 2024
1 parent c672dff commit cfbc8b2
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
# 1.14.2 (March 4, 2024)

* Fix CVE-2024-27304. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in
size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages
under the attacker's control.
* Update of github.com/jackc/pgproto3/v2 to v2.3.3
* Bump golang.org/x/crypto from 0.6.0 to 0.17.0

# 1.14.1 (July 19, 2023)

* Fix: Enable failover efforts when pg_hba.conf disallows non-ssl connections (Brandon Kauffman)
Expand Down

0 comments on commit cfbc8b2

Please sign in to comment.