A serious security alert (CVE-2022-21724) was announced for the PostgreSQL JDBC driver on February 2, 2022. We need to upgrade PostgresSQL JDBC driver to 42.2.25 and above to remediate it.
We have identified total 4 PostgresSQL JDBC drivers in FME Server and FME Desktop:
>FME Server Root]\\Utilities\\tomcat\\lib\\postgresql-42.2.24.jar
>FME Server Root]\\Utilities\\jdbc\\postgresql-42.2.24.jar
>FME Server Root]\\Server\\fme\\plugins\\postgresql-42.2.16.jar
>FME Desktop Root]\\FME\\plugins\\postgresql-42.2.16.jar
Is there any patch available to remediate this vulnerability in those products? Or can we just replace those drivers with the required version?