Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wI4nV-007lhj-2u for pgsql-pkg-debian@arkaria.postgresql.org; Wed, 29 Apr 2026 13:17:50 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wI4nV-003dsq-0e for pgsql-pkg-debian@arkaria.postgresql.org; Wed, 29 Apr 2026 13:17:49 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wI4nV-003dsi-01 for pgsql-pkg-debian@lists.postgresql.org; Wed, 29 Apr 2026 13:17:49 +0000 Received: from mahout.postgresql.org ([2001:4800:3e1:1::227]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wI4nT-00000003nxj-0Nc7 for pgsql-pkg-debian@lists.postgresql.org; Wed, 29 Apr 2026 13:17:48 +0000 Received: from atalia.postgresql.org ([2001:4800:3e1:1::231]) by mahout.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wI4nR-00ADqc-16 for pgsql-pkg-debian@lists.postgresql.org; Wed, 29 Apr 2026 13:17:45 +0000 Received: from aptuser by atalia.postgresql.org with local (Exim 4.98.2) (envelope-from ) id 1wI4nR-00000006Q0Q-3DPW for pgsql-pkg-debian@lists.postgresql.org; Wed, 29 Apr 2026 13:17:45 +0000 From: apt.postgresql.org Repository Update To: PostgreSQL on Debian and Ubuntu Reply-To: PostgreSQL on Debian and Ubuntu Subject: libpgjava updated to version 42.7.11-1.pgdg+1 Message-Id: Date: Wed, 29 Apr 2026 13:17:45 +0000 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk The package libpgjava was updated on apt.postgresql.org. apt-listchanges: Changelogs --------------------------- libpgjava (42.7.11-1.pgdg+1) sid-pgdg; urgency=medium * Rebuild for sid-pgdg. * No source changes. -- PostgreSQL on Debian and Ubuntu Wed, 29 Apr 2026 11:08:43 +0200 libpgjava (42.7.11-1) unstable; urgency=medium * New upstream version 42.7.11. * Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. (CVE-2026-42198) -- Christoph Berg Wed, 29 Apr 2026 11:08:43 +0200 New version 42.7.11-1.pgdg+1: libpgjava | 42.7.11-1.pgdg+1 | sid-pgdg | source libpgjava | 42.7.10-1.pgdg+1 | sid-pgdg | source libpgjava | 42.7.11-1.pgdg14+1 | forky-pgdg | source libpgjava | 42.7.10-1.pgdg14+1 | forky-pgdg | source libpgjava | 42.7.11-1.pgdg13+1 | trixie-pgdg | source libpgjava | 42.7.10-1.pgdg13+1 | trixie-pgdg | source libpgjava | 42.7.11-1.pgdg12+1 | bookworm-pgdg | source libpgjava | 42.7.10-1.pgdg12+1 | bookworm-pgdg | source libpgjava | 42.7.11-1.pgdg11+1 | bullseye-pgdg | source libpgjava | 42.7.10-1.pgdg11+1 | bullseye-pgdg | source libpgjava | 42.7.11-1.pgdg26.04+1 | resolute-pgdg | source libpgjava | 42.7.10-1.pgdg26.04+1 | resolute-pgdg | source libpgjava | 42.7.11-1.pgdg25.10+1 | questing-pgdg | source libpgjava | 42.7.10-1.pgdg25.10+1 | questing-pgdg | source libpgjava | 42.7.11-1.pgdg24.04+1 | noble-pgdg | source libpgjava | 42.7.10-1.pgdg24.04+1 | noble-pgdg | source libpgjava | 42.7.11-1.pgdg22.04+1 | jammy-pgdg | source libpgjava | 42.7.10-1.pgdg22.04+1 | jammy-pgdg | source libpostgresql-jdbc-java | 42.7.11-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.10-1.pgdg+1 | sid-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.11-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.10-1.pgdg14+1 | forky-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.11-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.10-1.pgdg13+1 | trixie-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.11-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.10-1.pgdg12+1 | bookworm-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.11-1.pgdg11+1 | bullseye-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.10-1.pgdg11+1 | bullseye-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.11-1.pgdg26.04+1 | resolute-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.10-1.pgdg26.04+1 | resolute-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.11-1.pgdg25.10+1 | questing-pgdg | amd64 libpostgresql-jdbc-java | 42.7.10-1.pgdg25.10+1 | questing-pgdg | amd64 libpostgresql-jdbc-java | 42.7.11-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.10-1.pgdg24.04+1 | noble-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.11-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el libpostgresql-jdbc-java | 42.7.10-1.pgdg22.04+1 | jammy-pgdg | amd64, arm64, ppc64el The public mirrors serving apt.postgresql.org are synced hourly, the updated packages will be available there shortly.