On 2/22/24 01:10, Arthur Toumassian wrote:
Hello,
The CVE-2024-1597 concerns JDBC postgres instances where the mode
*PreferQueryMode=SIMPLE
*To be sure, i'd like to know if guacamole-auth-jdbc uses
*PreferQueryMode=SIMPLEĀ ?
*Thank you
No, it does not.
Guacamole also does not bundle any JDBC drivers except within the Docker
image. If you've installed things natively and find that your copy of a
driver is potentially affected by a vulnerability, you can just upgrade
that driver and restart the webapp.
If you installed things using the Docker images, you can rebuild the
image and use the "PGSQL_JDBC_VERSION" build argument to request a newer
driver:
docker build -t guacamole/guacamole \
--build-arg PGSQL_JDBC_VERSION=42.6.1 .
I've just updated our nightly rebuild to specify the above so that the
"latest" tag gets an updated driver.
- Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org
