CVEs Spring Boot
Several vulnerabilities have been disclosed affecting the Spring Boot framework:
A version of the Spring Boot framework is included in the INFOMOTION Data Management Center package and used across all deployment options.
Based on our analysis and existing automated tests of authorization procedures, we do not believe Data Management Center to be impacted by the vulnerability.
Nonetheless, we are now releasing an updated version 2025.2.6 of Data Management Center that includes a patched version of the Spring Framework.
CVE Postgres
Additionally, a vulnerability in the PostgreSQL JDBC Driver (pgJDBC) has been disclosed under CVE-2026-42198. The vulnerability affects pgJDBC versions from 42.2.0 up to, but not including, 42.7.11 and enables a client-side Denial of Service during SCRAM-SHA-256 authentication.
A version of PostgreSQL JDBC Driver is included in the INFOMOTION Data Management Center package and used across all deployment options.
Based on our analysis, the vulnerability requires SCRAM-SHA-256 to be the active authentication method on the PostgreSQL server. Deployments not using SCRAM-SHA-256 authentication are not affected by this CVE.
Nonetheless, we are now releasing an updated version 2025.2.6 of Data Management Center that includes a patched version of the PostgreSQL JDBC Driver (42.7.11), which fully resolves the vulnerability regardless of the authentication method in use.
Bugfixes
- Snowflake: Deleting a table no longer causes continuous background queries to Snowflake, which were incurring unnecessary costs
- Snowflake: Valid DQ rule conditions are now correctly validated instead of being incorrectly rejected
- Snowflake: Numeric precision, scale and string length of columns are now correctly preserved when synchronizing table structures to Snowflake
- Snowflake: The SNOWFLAKE_USERNAME environment variable is no longer incorrectly required when using OAuth authentication
- Column Management: Duplicate column name detection is now case-insensitive, preventing naming conflicts that would fail at the database level
- Column Management: SQL reserved word warnings no longer appear on display titles
Dependency Upgrades
- Upgrade Spring Boot from
4.0.5 to 4.0.6.
- Upgrade Spring Framework from
7.0.5 to 7.0.6.
- Upgrade PostgreSQL JDBC Driver from
42.7.4 to 42.7.11.
(since 2025.2.5)
Container Image: infomotiondmc.azurecr.io/dmc@sha256:7890639e02f36bac2218a029f9eecb26afe80ff72e0640c0d59b32f5c0071b2b
WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.6/dmc.war (sha256: 2b511dc366aea94945d8dcdc35f4f33d427eef60de2938b93d8c1669f9983c83)