Message-ID: From: "jorsol (@jorsol)" To: "pgjdbc/pgjdbc" Date: Wed, 17 Sep 2025 14:55:17 +0000 Subject: Re: [pgjdbc/pgjdbc] PR #3799: fix(deps): update dependency com.ongres.scram:scram-client to 3.2 In-Reply-To: References: List-Id: X-GitHub-Author-Login: jorsol X-GitHub-Comment-Id: 3303402127 X-GitHub-Comment-Type: issue_comment X-GitHub-Issue: 3799 X-GitHub-Repo: pgjdbc/pgjdbc X-GitHub-Type: comment X-GitHub-Url: https://github.com/pgjdbc/pgjdbc/pull/3799#issuecomment-3303402127 Content-Type: text/plain; charset=utf-8 Hi @sehrope — the only relevant change is a security fix. The attack would be highly complex and likely impractical, but we’re addressing it to be on the safe side. I’d lean “no” as well on marking it as a driver security issue.