Skip to content

Bump the maven group across 17 directories with 10 updates#43

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/frameworks/Java/act/maven-5d970c6dcc
Open

Bump the maven group across 17 directories with 10 updates#43
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/frameworks/Java/act/maven-5d970c6dcc

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 25, 2026

Bumps the maven group with 1 update in the /frameworks/Java/activeweb directory: com.fasterxml.jackson.core:jackson-core.
Bumps the maven group with 1 update in the /frameworks/Java/isocket-nio directory: org.apache.logging.log4j:log4j-core.
Bumps the maven group with 1 update in the /frameworks/Java/javalin directory: gg.jte:jte.
Bumps the maven group with 1 update in the /frameworks/Java/jooby directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /frameworks/Java/light-java directory: io.undertow:undertow-core.
Bumps the maven group with 1 update in the /frameworks/Java/microhttp directory: com.fasterxml.jackson.core:jackson-core.
Bumps the maven group with 1 update in the /frameworks/Java/netty directory: io.netty:netty-codec-http.
Bumps the maven group with 1 update in the /frameworks/Java/ninja-standalone directory: com.fasterxml.jackson.core:jackson-core.
Bumps the maven group with 1 update in the /frameworks/Java/restexpress directory: com.fasterxml.jackson.core:jackson-databind.
Bumps the maven group with 1 update in the /frameworks/Java/simple-server directory: org.apache.logging.log4j:log4j-core.
Bumps the maven group with 1 update in the /frameworks/Java/smart-socket directory: org.apache.logging.log4j:log4j-core.
Bumps the maven group with 1 update in the /frameworks/Java/undertow directory: io.undertow:undertow-core.
Bumps the maven group with 1 update in the /frameworks/Java/undertow-jersey directory: io.undertow:undertow-core.
Bumps the maven group with 1 update in the /frameworks/Java/vertx directory: io.vertx:vertx-core.
Bumps the maven group with 1 update in the /frameworks/Java/wicket directory: org.apache.wicket:wicket-core.
Bumps the maven group with 1 update in the /frameworks/Kotlin/kooby directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /frameworks/Prolog/tuProlog directory: io.vertx:vertx-web.

Updates com.fasterxml.jackson.core:jackson-core from 2.9.9 to 2.15.0

Changelog

Sourced from com.fasterxml.jackson.core:jackson-core's changelog.

#release configuration #Sun Apr 23 14:19:10 PDT 2023 scm.commentPrefix=[maven-release-plugin] exec.pomFileName=pom.xml pushChanges=false releaseStrategyId=default project.dev.com.fasterxml.jackson.core:jackson-core=2.15.1-SNAPSHOT project.scm.com.fasterxml.jackson.core:jackson-core.connection=scm:git:git@github.com:FasterXML/jackson-core.git scm.tag=jackson-core-2.15.0 remoteTagging=true project.scm.com.fasterxml.jackson.core:jackson-core.developerConnection=scm:git:git@github.com:FasterXML/jackson-core.git exec.additionalArguments=-Prelease scm.branchCommitComment=@{prefix} prepare branch @{releaseLabel} projectVersionPolicyId=default scm.url=scm:git:git@github.com:FasterXML/jackson-core.git scm.tagNameFormat=@{project.artifactId}-@{project.version} project.scm.com.fasterxml.jackson.core:jackson-core.tag=HEAD pinExternals=false project.rel.com.fasterxml.jackson.core:jackson-core=2.15.0 preparationGoals=clean verify scm.releaseCommitComment=@{prefix} prepare release @{releaseLabel} exec.snapshotReleasePluginAllowed=false project.scm.com.fasterxml.jackson.core:jackson-core.url=https://github.com/FasterXML/jackson-core scm.developmentCommitComment=@{prefix} prepare for next development iteration scm.rollbackCommitComment=@{prefix} rollback the release of @{releaseLabel} completedPhase=end-release

Commits
  • a2c0bdc [maven-release-plugin] prepare release jackson-core-2.15.0
  • 180027a Prepare for 2.15.0 release
  • 2b41925 ...
  • 85340aa Merge branch '2.14' into 2.15
  • ed846d9 ...
  • 94ea208 Update release notes wrt #990
  • a4f2086 [2.14 only] backport removal of BigDecimal to BigInt conversion (#990)
  • 1976c0d Try to get Release workflow working wrt SLSA provenance (fix #844) (#989)
  • 0ee3ad8 ...
  • 163540e [maven-release-plugin] prepare for next development iteration
  • Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3

Updates gg.jte:jte from 2.2.3 to 3.1.16

Release notes

Sourced from gg.jte:jte's releases.

3.1.16

  • GHSA-vh22-6c6h-rm8q Fix jte HTML templates with script tags or script attributes that include a Javascript template string (backticks) are subject to XSS. (thanks to https://github.com/Petersoj for reporting and reviewing the bugfix) It is strongly advised to upgrade as soon as possible if you use jte to output variables in Javascript template strings.
  • #416 Fix compilation in module enabled applications (thanks to @​rickardoberg)

3.1.15

  • #401 spring-boot-starter: temporarily revert #398 (Add template change watcher for livereload), since the devtools dependency causes issues with production builds. This will get re-introduced, when we find a proper solution for it

3.1.14

  • #398 spring-boot-starter: Add template change watcher for livereload (thanks to @​tschuehly!)

3.1.13

  • #365 Suppress warnings in generated Java source files. Thanks @​rpost!
  • #381 make jte a non-optional dependency of spring-boot-starter-3
  • #385 Update property names to use kebab-case format and update Spring Boot to version 3.3.4. Thanks @​tschuehly!
  • #388 Add spring-boot-starter dependency to jte-spring-boot-starters. Thanks @​tschuehly!
  • #378 Add new property gg.jte.expose-request-attributes to jte-spring-boot-starter-3. Thanks @​blaluc!

3.1.12

  • #359 fix for comments between html attributes (thanks to @​tschuehly for finding & reporting)

3.1.11

3.1.10

  • #328 Fix ${"\\"} causes "Unexpected end of template expression", thanks to @​mhdeeb
  • #326 fix unsafe output in html tag content
  • #333 Update Gradle to 8.6 and add wrapper validation, thanks to @​leonard84
  • #339 Maven Plugin: Fix Kotlin compiler args parameter setting, thanks to @​marcospereira

3.1.9

Hotfix for #325, HTML Comments Inside Content Blocks Cause Compilation Failure in jte 3.1.7/3.1.8

Thank you @​PsychotherapistSam for reporting!

3.1.8

Caution! There is a bug with HTML comments in this release. Please upgrade to 3.1.9 instead.

  • #324 Fix Kotlin models extension code generation for tags/templates in subfolders. Thanks @​marcospereira for this quick hotfix!

3.1.7

Caution! There is a bug with HTML comments and with Kotlin model generation in this release. Please upgrade to 3.1.9 instead.

  • #311 Use Stream#toList() instead of collect(). Thanks to @​MariusVolkhart This change could potentially break user code for these public methods: 
     public List<String> TemplateEngine#generateAll()
 public List<String> TemplateEngine#precompileAll()

... (truncated)

Commits
  • d50dce8 Bump version to 3.1.16
  • a6fb00d Merge commit from fork
  • 0c7d4ad Fix compilation in module enabled applications (#416)
  • 6f5434e ci: Re-arrange workflows to remove duplication (#410)
  • 190ced3 Fix broken link
  • afc0dac Bump version to 3.1.16-SNAPSHOT for further development
  • 0b4d997 Bump version to 3.1.15
  • 1ea5060 Revert "Add template change watcher for livereload (#398)"
  • 1513abf Bump version to 3.1.15-SNAPSHOT for further development
  • 6c22d52 Bump version to 3.1.14
  • Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.4 to 42.7.7

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

  • fix: ensure Connection.isValid() returns true even if prepared statements deallocate @​vlsi (#3655)

🧰 Maintenance

  • chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
  • chore: fix the default branch name for dependency-submission action @​vlsi (#3650)
  • chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)

⬆️ Dependencies

v42.7.6

Changes

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.7] (2025-06-10)

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

[42.7.6]

Features

  • fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property [PR #3513](pgjdbc/pgjdbc#3513)

Performance Improvements

  • performance: Improve ResultSetMetadata.fetchFieldMetaData by using IN row values instead of UNION ALL for improved query performance (later reverted) [PR #3510](pgjdbc/pgjdbc#3510)
  • feat:Use a single simple query for all startup parameters, so groupStartupParameters is no longer needed [PR #3613](pgjdbc/pgjdbc#3613)

Bug Fixes

Protocol & Connection Handling

Metadata & Catalog Handling

  • fix: Set column name explicitly when using current_database() in queries [PR #3526](pgjdbc/pgjdbc#3526)
  • fix: Use query to find the current catalog instead of relying on the database in the connection URL [pull #3565](pgjdbc/pgjdbc#3565)
  • fix: Refactored empty resultset to use empty result set if the catalog is not correct [PR #3588](pgjdbc/pgjdbc#3588)

API Improvements

Infrastructure & Build Improvements

... (truncated)

Commits
  • 9217ed1 Merge commit from fork
  • cb10dce fix: ensure Connection.isValid() returns true even if prepared statements dea...
  • 10e3546 chore: bump slf4j and logback versions used for pgjdbc-osgi-test
  • 6c5ea88 chore: fix the default branch name for dependency-submission action
  • 5616d5f chore(deps): update oracle-actions/setup-java action to v1.4.2
  • 0d43f0a fix(deps): update dependency checkstyle to v10.25.0
  • d0a8890 chore: add gradle/actions/dependency-submission so GitHub shows all dependenc...
  • 7105c75 fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25
  • d9a6fc6 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
  • 19dff83 chore(deps): update plugin com.gradle.develocity to v4.0.2
  • Additional commits viewable in compare view

Updates io.undertow:undertow-core from 2.3.17.Final to 2.3.21.Final

Release notes

Sourced from io.undertow:undertow-core's releases.

v2.3.21.Final

Release 2.3.21.Final fixes CVE-2024-3884 CVE-2024-4027 CVE-2025-12543 Full list of Jiras: view in Jira

    Release Notes - Undertow - Version 2.3.21.Final

... (truncated)

Commits
  • 791c908 Prepare 2.3.21.Final
  • 5374f57 Merge pull request #1862 from fl4via/backport-fixes_2.3.x
  • 7e25c8f [UNDERTOW-2609] Fix the since version in the @​Deprecated annotation at HttpSe...
  • bd97428 [UNDERTOW-2662] Remove the option to disable the RFC 6265 cookie parsing and ...
  • e45da52 Revert "[UNDERTOW-2675] Replace the new UndertowOptions by system properties ...
  • f60b476 Temporarily revert "[UNDERTOW-2662] Remove the option to disable the RFC 6265...
  • e47fed7 Temporarily revert "[UNDERTOW-2609] Fix the since version in the @​Deprecated ...
  • 6484e91 Merge pull request #1861 from fl4via/backport-fixes_2.3.x
  • 6e4b999 [UNDERTOW-2609] Fix the since version in the @​Deprecated annotation at HttpSe...
  • 2a7d993 [UNDERTOW-2421] Consolidate cookie attrib code and add support to attributes ...
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.13.3 to 2.15.0

Changelog

Sourced from com.fasterxml.jackson.core:jackson-core's changelog.

#release configuration #Sun Apr 23 14:19:10 PDT 2023 scm.commentPrefix=[maven-release-plugin] exec.pomFileName=pom.xml pushChanges=false releaseStrategyId=default project.dev.com.fasterxml.jackson.core:jackson-core=2.15.1-SNAPSHOT project.scm.com.fasterxml.jackson.core:jackson-core.connection=scm:git:git@github.com:FasterXML/jackson-core.git scm.tag=jackson-core-2.15.0 remoteTagging=true project.scm.com.fasterxml.jackson.core:jackson-core.developerConnection=scm:git:git@github.com:FasterXML/jackson-core.git exec.additionalArguments=-Prelease scm.branchCommitComment=@{prefix} prepare branch @{releaseLabel} projectVersionPolicyId=default scm.url=scm:git:git@github.com:FasterXML/jackson-core.git scm.tagNameFormat=@{project.artifactId}-@{project.version} project.scm.com.fasterxml.jackson.core:jackson-core.tag=HEAD pinExternals=false project.rel.com.fasterxml.jackson.core:jackson-core=2.15.0 preparationGoals=clean verify scm.releaseCommitComment=@{prefix} prepare release @{releaseLabel} exec.snapshotReleasePluginAllowed=false project.scm.com.fasterxml.jackson.core:jackson-core.url=https://github.com/FasterXML/jackson-core scm.developmentCommitComment=@{prefix} prepare for next development iteration scm.rollbackCommitComment=@{prefix} rollback the release of @{releaseLabel} completedPhase=end-release

Commits
  • a2c0bdc [maven-release-plugin] prepare release jackson-core-2.15.0
  • 180027a Prepare for 2.15.0 release
  • 2b41925 ...
  • 85340aa Merge branch '2.14' into 2.15
  • ed846d9 ...
  • 94ea208 Update release notes wrt #990
  • a4f2086 [2.14 only] backport removal of BigDecimal to BigInt conversion (#990)
  • 1976c0d Try to get Release workflow working wrt SLSA provenance (fix #844) (#989)
  • 0ee3ad8 ...
  • 163540e [maven-release-plugin] prepare for next development iteration
  • Additional commits viewable in compare view

Updates io.netty:netty-codec-http from 4.1.108.Final to 4.1.129.Final

Commits
  • 1729bf3 [maven-release-plugin] prepare release netty-4.1.129.Final
  • c4a6d19 Fix tests to compile with older JDK versions
  • 77e81f1 Merge commit from fork
  • 9896970 Fix Socket reading of abstract unix domain addresses (#16010) (#16012)
  • 42d458a Update lz4-java version to 1.10.1 (#15978) (#15981)
  • cf6965b Use exact length when allocating the acceptedAddress byte[] (#15973) (#15983)
  • 1f4ba6b Pcap: Fix possible buffer leak when initializion fails (#15977)
  • ad85492 Close Channel and fail bootstrap when setting a ChannelOption causes … (#15970)
  • 11346d6 Discard the following HttpContent for preflight request (#15941) (#15962)
  • 0d215df SctpServerChannelConfig must support ChannelOption.SO_BACKLOG (#15965)
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.9.9 to 2.15.0

Changelog

Sourced from com.fasterxml.jackson.core:jackson-core's changelog.

#release configuration #Sun Apr 23 14:19:10 PDT 2023 scm.commentPrefix=[maven-release-plugin] exec.pomFileName=pom.xml pushChanges=false releaseStrategyId=default project.dev.com.fasterxml.jackson.core:jackson-core=2.15.1-SNAPSHOT project.scm.com.fasterxml.jackson.core:jackson-core.connection=scm:git:git@github.com:FasterXML/jackson-core.git scm.tag=jackson-core-2.15.0 remoteTagging=true project.scm.com.fasterxml.jackson.core:jackson-core.developerConnection=scm:git:git@github.com:FasterXML/jackson-core.git exec.additionalArguments=-Prelease scm.branchCommitComment=@{prefix} prepare branch @{releaseLabel} projectVersionPolicyId=default scm.url=scm:git:git@github.com:FasterXML/jackson-core.git scm.tagNameFormat=@{project.artifactId}-@{project.version} project.scm.com.fasterxml.jackson.core:jackson-core.tag=HEAD pinExternals=false project.rel.com.fasterxml.jackson.core:jackson-core=2.15.0 preparationGoals=clean verify scm.releaseCommitComment=@{prefix} prepare release @{releaseLabel} exec.snapshotReleasePluginAllowed=false project.scm.com.fasterxml.jackson.core:jackson-core.url=https://github.com/FasterXML/jackson-core scm.developmentCommitComment=@{prefix} prepare for next development iteration scm.rollbackCommitComment=@{prefix} rollback the release of @{releaseLabel} completedPhase=end-release

Commits
  • a2c0bdc [maven-release-plugin] prepare release jackson-core-2.15.0
  • 180027a Prepare for 2.15.0 release
  • 2b41925 ...
  • 85340aa Merge branch '2.14' into 2.15
  • ed846d9 ...
  • 94ea208 Update release notes wrt #990
  • a4f2086 [2.14 only] backport removal of BigDecimal to BigInt conversion (#990)
  • 1976c0d Try to get Release workflow working wrt SLSA provenance (fix #844) (#989)
  • 0ee3ad8 ...
  • 163540e [maven-release-plugin] prepare for next development iteration
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.12.6.1 to 2.12.7.1

Commits

Updates org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3

Updates org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3

Updates io.undertow:undertow-core from 2.3.17.Final to 2.3.21.Final

Release notes

Sourced from io.undertow:undertow-core's releases.

v2.3.21.Final

Release 2.3.21.Final fixes CVE-2024-3884 CVE-2024-4027 CVE-2025-12543 Full list of Jiras: view in Jira

    Release Notes - Undertow - Version 2.3.21.Final

... (truncated)

Commits
  • 791c908 Prepare 2.3.21.Final
  • 5374f57 Merge pull request #1862 from fl4via/backport-fixes_2.3.x
  • 7e25c8f [UNDERTOW-2609] Fix the since version in the @​Deprecated annotation at HttpSe...
  • bd97428 [UNDERTOW-2662] Remove the option to disable the RFC 6265 cookie parsing and ...
  • e45da52 Revert "[UNDERTOW-2675] Replace the new UndertowOptions by system properties ...
  • f60b476 Temporarily revert "[UNDERTOW-2662] Remove the option to disable the RFC 6265...
  • e47fed7 Temporarily revert "[UNDERTOW-2609] Fix the since version in the @​Deprecated ...
  • 6484e91 Merge pull request #1861 from fl4via/backport-fixes_2.3.x
  • 6e4b999 [UNDERTOW-2609] Fix the since version in the @​Deprecated annotation at HttpSe...
  • 2a7d993 [UNDERTOW-2421] Consolidate cookie attrib code and add support to attributes ...
  • Additional commits viewable in compare view

Updates io.undertow:undertow-core from 2.3.17.Final to 2.3.21.Final

Release notes

Sourced from io.undertow:undertow-core's releases.

v2.3.21.Final

Release 2.3.21.Final fixes CVE-2024-3884 CVE-2024-4027 CVE-2025-12543 Full list of Jiras: view in Jira

    Release Notes - Undertow - Version 2.3.21.Final

... (truncated)

Commits
  • 791c908 Prepare 2.3.21.Final
  • 5374f57 Merge pull request #1862 from fl4via/backport-fixes_2.3.x
  • 7e25c8f [UNDERTOW-2609] Fix the since version in the @​Deprecated annotation at HttpSe...
  • bd97428 [UNDERTOW-2662] Remove the option to disable the RFC 6265 cookie parsing and ...
  • e45da52 Revert "[UNDERTOW-2675] Replace the new UndertowOptions by system properties ...
  • f60b476 Temporarily revert "[UNDERTOW-2662] Remove the option to disable the RFC 6265...
  • e47fed7 Temporarily revert "[UNDERTOW-2609] Fix the since version in the @​Deprecated ...
  • 6484e91 Merge pull request #1861 from fl4via/backport-fixes_2.3.x
  • 6e4b999 [UNDERTOW-2609] Fix the since version in the @​Deprecated annotation at HttpSe...
  • 2a7d993 [UNDERTOW-2421] Consolidate cookie attrib code and add support to attributes ...
  • Additional commits viewable in compare view

Updates io.vertx:vertx-core from 4.5.9 to 4.5.24

Commits
  • 98983a8 Releasing 4.5.24
  • d007e7b Fix a bug in the removeDots implementation.
  • 03b51c6 Update the Vert.x logging implementation to log better human readable message...
  • 5762bdf Ensure setup is only called once
  • da78d5c Stabilize test HttpBandwidthLimitingTest.testDynamicOutboundRateUpdateSharedS...
  • b430d5b Stabilize test by keeping reference to NetClient
  • bc34930 Ensure setup is only called once
  • 16ba3c6 Restore handling of headers after goaway received
  • f039681 Set next snapshot version
  • 269c166 Releasing 4.5.23
  • Additional commits viewable in compare view

Updates org.apache.wicket:wicket-core from 9.18.0 to 9.19.0

Updates org.postgresql:postgresql from 42.7.4 to 42.7.7

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

  • fix: ensure Connection.isValid() returns true even if prepared statements deallocate @​vlsi (#3655)

🧰 Maintenance

  • chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
  • chore: fix the default branch name for dependency-submission action @​vlsi (#3650)
  • chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)

⬆️ Dependencies

v42.7.6

Changes

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.7] (2025-06-10)

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

[42.7.6]

Features

  • fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property [PR #3513](pgjdbc/pgjdbc#3513)

Performance Improvements

  • performance: Improve ResultSetMetadata.fetchFieldMetaData by using IN row values instead of UNION ALL for improved query performance (later reverted) [PR #3510](pgjdbc/pgjdbc#3510)
  • feat:Use a single simple query for all startup parameters, so groupStartupParameters is no longer needed [PR #3613](pgjdbc/pgjdbc#3613)

Bug Fixes

Protocol & Connection Handling

Metadata & Catalog Handling

  • fix: Set column name explicitly when using current_database() in queries [PR #3526](pgjdbc/pgjdbc#3526)
  • fix: Use query to find the current catalog instead of relying on the database in the connection URL [pull #3565](pgjdbc/pgjdbc#3565)
  • fix: Refactored empty resultset to use empty result set if the catalog is not correct [PR #3588](pgjdbc/pgjdbc#3588)

API Improvements

Infrastructure & Build Improvements

... (truncated)

Commits
  • 9217ed1 Merge commit from fork
  • cb10dce fix: ensure Connection.isValid() returns true even if prepared statements dea...
  • 10e3546 chore: bump slf4j and logback versions used for pgjdbc-osgi-test
  • 6c5ea88 chore: fix the default branch name for dependency-submission action
  • 5616d5f chore(deps): update oracle-actions/setup-java action to v1.4.2
  • 0d43f0a fix(deps): update dependency checkstyle to v10.25.0
  • d0a8890 chore: add gradle/actions/dependency-submission so GitHub shows all dependenc...
  • 7105c75 fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25
  • d9a6fc6 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
  • 19dff83 chore(deps): update plugin com.gradle.develocity to v4.0.2
  • Additional commits viewable in compare view

Updates io.vertx:vertx-web from 4.3.8 to 4.5.22

Commits

@dependabot
Bump the maven group across 17 directories with 10 updates
2f467c8 
Bumps the maven group with 1 update in the /frameworks/Java/activeweb directory: [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core).
Bumps the maven group with 1 update in the /frameworks/Java/isocket-nio directory: org.apache.logging.log4j:log4j-core.
Bumps the maven group with 1 update in the /frameworks/Java/javalin directory: [gg.jte:jte](https://github.com/casid/jte).
Bumps the maven group with 1 update in the /frameworks/Java/jooby directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /frameworks/Java/light-java directory: [io.undertow:undertow-core](https://github.com/undertow-io/undertow).
Bumps the maven group with 1 update in the /frameworks/Java/microhttp directory: [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core).
Bumps the maven group with 1 update in the /frameworks/Java/netty directory: [io.netty:netty-codec-http](https://github.com/netty/netty).
Bumps the maven group with 1 update in the /frameworks/Java/ninja-standalone directory: [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core).
Bumps the maven group with 1 update in the /frameworks/Java/restexpress directory: [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson).
Bumps the maven group with 1 update in the /frameworks/Java/simple-server directory: org.apache.logging.log4j:log4j-core.
Bumps the maven group with 1 update in the /frameworks/Java/smart-socket directory: org.apache.logging.log4j:log4j-core.
Bumps the maven group with 1 update in the /frameworks/Java/undertow directory: [io.undertow:undertow-core](https://github.com/undertow-io/undertow).
Bumps the maven group with 1 update in the /frameworks/Java/undertow-jersey directory: [io.undertow:undertow-core](https://github.com/undertow-io/undertow).
Bumps the maven group with 1 update in the /frameworks/Java/vertx directory: [io.vertx:vertx-core](https://github.com/eclipse/vert.x).
Bumps the maven group with 1 update in the /frameworks/Java/wicket directory: org.apache.wicket:wicket-core.
Bumps the maven group with 1 update in the /frameworks/Kotlin/kooby directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /frameworks/Prolog/tuProlog directory: [io.vertx:vertx-web](https://github.com/vert-x3/vertx-web).


Updates `com.fasterxml.jackson.core:jackson-core` from 2.9.9 to 2.15.0
- [Changelog](https://github.com/FasterXML/jackson-core/blob/jackson-core-2.15.0/release.properties)
- [Commits](FasterXML/jackson-core@jackson-core-2.9.9...jackson-core-2.15.0)

Updates `org.apache.logging.log4j:log4j-core` from 2.17.1 to 2.25.3

Updates `gg.jte:jte` from 2.2.3 to 3.1.16
- [Release notes](https://github.com/casid/jte/releases)
- [Commits](casid/jte@2.2.3...3.1.16)

Updates `org.postgresql:postgresql` from 42.7.4 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.4...REL42.7.7)

Updates `io.undertow:undertow-core` from 2.3.17.Final to 2.3.21.Final
- [Release notes](https://github.com/undertow-io/undertow/releases)
- [Commits](undertow-io/undertow@2.3.17.Final...2.3.21.Final)

Updates `com.fasterxml.jackson.core:jackson-core` from 2.13.3 to 2.15.0
- [Changelog](https://github.com/FasterXML/jackson-core/blob/jackson-core-2.15.0/release.properties)
- [Commits](FasterXML/jackson-core@jackson-core-2.9.9...jackson-core-2.15.0)

Updates `io.netty:netty-codec-http` from 4.1.108.Final to 4.1.129.Final
- [Commits](netty/netty@netty-4.1.108.Final...netty-4.1.129.Final)

Updates `com.fasterxml.jackson.core:jackson-core` from 2.9.9 to 2.15.0
- [Changelog](https://github.com/FasterXML/jackson-core/blob/jackson-core-2.15.0/release.properties)
- [Commits](FasterXML/jackson-core@jackson-core-2.9.9...jackson-core-2.15.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.12.6.1 to 2.12.7.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `org.apache.logging.log4j:log4j-core` from 2.17.1 to 2.25.3

Updates `org.apache.logging.log4j:log4j-core` from 2.17.1 to 2.25.3

Updates `io.undertow:undertow-core` from 2.3.17.Final to 2.3.21.Final
- [Release notes](https://github.com/undertow-io/undertow/releases)
- [Commits](undertow-io/undertow@2.3.17.Final...2.3.21.Final)

Updates `io.undertow:undertow-core` from 2.3.17.Final to 2.3.21.Final
- [Release notes](https://github.com/undertow-io/undertow/releases)
- [Commits](undertow-io/undertow@2.3.17.Final...2.3.21.Final)

Updates `io.vertx:vertx-core` from 4.5.9 to 4.5.24
- [Commits](eclipse-vertx/vert.x@4.5.9...4.5.24)

Updates `org.apache.wicket:wicket-core` from 9.18.0 to 9.19.0

Updates `org.postgresql:postgresql` from 42.7.4 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.4...REL42.7.7)

Updates `io.vertx:vertx-web` from 4.3.8 to 4.5.22
- [Commits](vert-x3/vertx-web@4.3.8...4.5.22)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.core:jackson-core
  dependency-version: 2.15.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-version: 2.25.3
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: gg.jte:jte
  dependency-version: 3.1.16
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: io.undertow:undertow-core
  dependency-version: 2.3.21.Final
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: com.fasterxml.jackson.core:jackson-core
  dependency-version: 2.15.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: io.netty:netty-codec-http
  dependency-version: 4.1.129.Final
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: com.fasterxml.jackson.core:jackson-core
  dependency-version: 2.15.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.12.7.1
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-version: 2.25.3
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-version: 2.25.3
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: io.undertow:undertow-core
  dependency-version: 2.3.21.Final
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: io.undertow:undertow-core
  dependency-version: 2.3.21.Final
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: io.vertx:vertx-core
  dependency-version: 4.5.24
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.apache.wicket:wicket-core
  dependency-version: 9.19.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: io.vertx:vertx-web
  dependency-version: 4.5.22
  dependency-type: direct:production
  dependency-group: maven
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Feb 25, 2026
@dependabot dependabot bot mentioned this pull request Feb 25, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants