Hi,
Is Payara susceptible to this CVE-2022-31197?
So I guess the question is if in JPA/ecpliselink the ResultSet.refreshRow() is called?
gr. Hans
If it’s specific to PostGres, then with a pure default setup no - we don’t bundle a PostGres JDBC driver. The flaw appears to be specific to the PostGreSQL JDBC Driver, of which they’ve already released a patched version (as of August 3rd).