Liquibase 4.17.2 Release Notes

Liquibase v4.17.2 is a patch release that upgrades the HSQL driver to remove a security vulnerability.

See GitHub formatted release notes for more information. Full changelog: 4.17.1–4.17.2 (November 2, 2022)

Note: The newest HSQL driver requires Java 11, so if you use HSQL and JAVA 8, you will need to upgrade your Java.

Security Updates

No security updates are necessary

JDBC Driver and Third-Party Library Updates

• Upgrade hsqldb from 2.5.2 to 2.7.1 by @dependabot here
• [opencsv-upgrade] Updates opencsv to 5.7.1 by @abrackx here

OWASP Dependency Check: Reported Vulnerabilities

• hsqldb.jar - This is a vulnerability reported against the HSQLDB driver. We are currently on the newest version of HSQLDB and there is no fix for the issue as of yet.
• snakeyaml.jar - This is a vulnerability reported against the snakeyaml. We are currently on snakeyaml 1.33 and this issue has been fixed in 1.32.