Postgres Pro
Downloads
Home   >   mailing lists

set_user 2.0.1 released - Mailing list pgsql-announce

From Crunchy Data via PostgreSQL Announce
Subject set_user 2.0.1 released
Date
Msg-id 163016845889.699.3584067677876520138@wrigleys.postgresql.org
Whole thread Raw
List pgsql-announce
Tree view
 

set_user 2.0.1 released

Crunchy Data is pleased to announce the release of the PostgreSQL set_user Extension module version 2.0.1.

This release contains one security fix and one other bug fix. It is highly recommended to update to this version of set_user as soon as possible.

Security Issues

  • CVE-2021-38140: Fixed potential privilege escalation using RESET SESSION AUTHORIZATION after calling set_user(). This is now blocked along with RESET ROLE.

Fixes

  • Fix GUC deprecation logic to stop printing noisy NOTICEs every time GUCs are referenced.

Links

Crunchy Data is proud to support the development and maintenance of set_user).

This email was sent to you from Crunchy Data. It was delivered on their behalf by the PostgreSQL project. Any questions about the content of the message should be sent to Crunchy Data.

You were sent this email as a subscriber of the pgsql-announce mailinglist, for for one of the content tags Related Open Source or Security. To unsubscribe from further emails, or change which emails you want to receive, please click the personal unsubscribe link that you can find in the headers of this email, or visit https://lists.postgresql.org/unsubscribe/.
 

pgsql-announce by date:

Previous
From: MigOps via PostgreSQL Announce
Date:
Subject: PostgreSQL DBMS_JOB compatibility extension
Next
From: Red Hat via PostgreSQL Announce
Date:
Subject: pgmoneta 0.5.0