You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -50,7 +50,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/)
50
50
**Who benefits**: Developers consuming metadata via DatabaseMetaData.getIndexInfo() on SQL Server or Azure Synapse DW.
51
51
**Impact**: Replaces CachedRowSet merging with a UNION ALL query, ensuring standard JDBC cursor behavior while maintaining columnstore index support.
52
52
53
-
-**Address a hostname validation vulnerability by securely parsing certificate common names.**
53
+
-**Address a hostname validation vulnerability by securely parsing certificate common names.**[#2801](https://github.com/microsoft/mssql-jdbc/pull/2801)
54
54
**What was fixed**: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks.
55
55
**Who benefits**: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation.
56
56
**Impact**: This fix closes a security gap, protecting applications from man-in-the-middle attacks and ensuring compliance with security best practices.
0 commit comments