snowflake-jdbc-3.12.9.jar has CVE-2012-0507.gen security issue patched in versions > 3.13.29 - needs to be updated
Closed this issue · 3 comments
Describe the bug
A clear and concise description of what the bug is.
Uses snowflake-jdbc-3.12.9.jar which has CVE-2012-0507.gen vulnerability.
Current version of snowflake-jdbc is 3.16.1, issue patched in versions > 3.13.29
To Reproduce
snowflake-jdbc-3.12.9.jar in SQLPro Studio.app contents
/Applications/SQLPro Studio.app/Contents/Frameworks/SQLProSnowflakeCore.framework/Versions/A/Resources/jdbc/snowflake-jdbc-3.12.9.jar
read security advisory for versions < 3.13.29
GHSA-4g3j-c4wg-6j7x
Expected behavior
No security advisories in packages used.
Environment details (please complete the following information):
- Device: MacBook
- OS: macOS Sonoma 14.5 (23F79)
- SQLPro app Version SQLPro Studio Version 2024.31 (Build 111098.5)
- Installation source: App Store
Additional context
GHSA-4g3j-c4wg-6j7x
Issues will be closed until environmental details are provided.
If the above template is not completed, issues with be closed with the statement Issue has been closed. Please edit the initial post (or create a new issue) and follow the template. Once completed, the issue may be reopened.
Thank you, I'll get this removed for the next build. I don't actually use the jar file, it was just for testing so it will be removed completely.
SQLPro Studio 2024.32 has now been approved and all jar files have been removed. If you get the chance, please have a check and confirm that this resolves the issue you were seeing.
looks good. thank you.