PostgreSQL news

PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 Released!

Thu, 13 Feb 2025 00:00:00 +0000

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 17.3, 16.7, 15.11, 14.16, and 13.19. This release fixes 1 security vulnerability and over 70 bugs reported over the last several months.

For the full list of changes, please review the release notes.

Security Issues

CVE-2025-1094: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

CVSS v3.1 Base Score: 8.1

Supported, Vulnerable Versions: 13 - 17.

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.

The PostgreSQL project thanks Stephen Fewer, Principal Security Researcher, Rapid7 for reporting this problem.

Bug Fixes and Improvements

This update fixes over 70 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 17. Some of these issues may also affect other supported versions of PostgreSQL.

Restore pre-v17 truncation behavior for >63-byte database names and usernames in connection requests.
Don't perform connection privilege checks and limits on parallel workers, and instead inherit these from the leader process.
Remove Lock suffix from LWLock wait event names.
Fix possible re-use of stale results in window aggregates, which could lead to incorrect results.
Several race condition fixes for vacuum that in the worst case could cause corruption to a system catalog.
Several fixes for truncating tables and indexes that prevent potential corruption.
Fix for detaching a partition where its own foreign-key constraint references a partitioned table.
Fix for the FFn (e.g., FF1) format codes for to_timestamp, where an integer format code before the FFn would consume all available digits.
Fixes for SQL/JSON and XMLTABLE() to double-quote specific entries when necessary.
Include the ldapscheme option in pg_hba_file_rules().
Several fixes for UNION, including not merging columns with non-compatible collations.
Several fixes that could impact availability or speed of starting a connection to PostgreSQL.
Fix multiple memory leaks in logical decoding output.
Fix several memory leaks in PL/Python.
Add psql tab completion for COPY (MERGE INTO).
Make pg_controldata more resilient when displaying info from corruptedpg_control files.
Fix for a memory leak in pg_restore with zstd-compressed data.
Fix pg_basebackup to correctly handle pg_wal.tar files exceeding 2GB on Windows.
Modify earthdistance to use SQL-standard function bodies, which fixes possible issues with major version upgrades to v17 when databases use this extension.
Fix crash in pageinspect in instances where the brin_page_items() function definition is not updated to the latest version.
Fix race condition when trying to cancel a postgres_fdw remote query.

This release also updates time zone data files to tzdata release 2025a for DST law changes in Paraguay, plus historical corrections for the Philippines.

Updating

All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shutdown PostgreSQL and update its binaries.

Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.

For more details, please see the release notes.

Links

If you have corrections or suggestions for this release announcement, please send them to the pgsql-www@lists.postgresql.org public mailing list.

PostgreSQL 17.2, 16.6, 15.10, 14.15, 13.18, and 12.22 Released!

Thu, 21 Nov 2024 00:00:00 +0000

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 17.2, 16.6, 15.10, 14.15, and 13.18. Additionally, due to the nature of one of the issues in the previous update release, the PostgreSQL Global Development Group is also releasing a 12.22 release for PostgreSQL 12. PostgreSQL 12 is now EOL and will not receive more fixes.

For the full list of changes, please review the release notes.

PostgreSQL 12 EOL Notice

This is the final release of PostgreSQL 12. PostgreSQL 12 is now end-of-life and will no longer receive security and bug fixes. If you are running PostgreSQL 12 in a production environment, we suggest that you make plans to upgrade to a newer, supported version of PostgreSQL. Please see our versioning policy for more information.

Bug Fixes and Improvements

The issues listed below affect PostgreSQL 17. Some of these issues may also affect other supported versions of PostgreSQL.

Restore functionality of ALTER ROLE .. SET ROLE and ALTER DATABASE .. SET ROLE. The fix for CVE-2024-10978 accidentally caused settings for role to not be applied if they came from non-interactive sources, including previous ALTER {ROLE|DATABASE} commands and the PGOPTIONS environment variable.
Restore compatibility for the timescaledb and other PostgreSQL extensions built using PostgreSQL prior to the 2024-11-14 release (17.0, 16.4, 15.8, 14.13, 13.16, 12.20, and earlier). This fix restores struct ResultRelInfo to its previous size, so that affected extensions don't need to be rebuilt.
Fix cases where a logical replication slot's restart_lsn could go backwards.
Avoid deleting still-needed WAL files during pg_rewind.
Fix race conditions associated with dropping shared statistics entries, which could lead to loss of statistics data.
Fix crash with ALTER TABLE when checking to see if an index's opclass options have changed if the table has an index with a non-default operator class.

Updating

Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.

For more details, please see the release notes.

Links

If you have corrections or suggestions for this release announcement, please send them to the pgsql-www@lists.postgresql.org public mailing list.

PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 Released!

Thu, 14 Nov 2024 00:00:00 +0000

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21. This release fixes 4 security vulnerabilities and over 35 bugs reported over the last several months.

For the full list of changes, please review the release notes.

PostgreSQL 12 EOL Notice

Security Issues

CVE-2024-10976: PostgreSQL row security below e.g. subqueries disregards user ID changes

CVSS v3.1 Base Score: 4.2

Supported, Vulnerable Versions: 12 - 17.

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs.

Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

The PostgreSQL project thanks Wolfgang Walther for reporting this problem.

CVE-2024-10977: PostgreSQL libpq retains an error message from man-in-the-middle

CVSS v3.1 Base Score: 3.1

Supported, Vulnerable Versions: 12 - 17.

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

The PostgreSQL project thanks Jacob Champion for reporting this problem.

CVE-2024-10978: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

CVSS v3.1 Base Score: 4.2

Supported, Vulnerable Versions: 12 - 17.

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

The PostgreSQL project thanks Tom Lane for reporting this problem.

CVE-2024-10979: PostgreSQL PL/Perl environment variable changes execute arbitrary code

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 12 - 17.

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

The PostgreSQL project thanks Coby Abrams for reporting this problem.

Bug Fixes and Improvements

This update fixes over 35 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 17. Some of these issues may also affect other supported versions of PostgreSQL.

Fix when attaching or detaching table partitions with foreign key constraints. After upgrade, users impacted by this issue will need to perform manual steps to finish fixing it. Please see the "Upgrading" section and the release notes for more information.
Fix when using libc as the default collation provider when LC_CTYPE is C while LC_COLLATE is a different locale. This could lead to incorrect query results. If you have these settings in your database, please reindex any affected indexes after updating to this release. This issue impacted 17.0 only.
Several query planner fixes, including disallowing joining partitions (partitionwise join) if the collations of the partitions don't match.
Fix possible wrong answers or wrong varnullingrels planner errors for MERGE ... WHEN NOT MATCHED BY SOURCE actions.
Fix validation of the COPY FORCE_NOT_NULL and FORCE_NULL.
Fix server crash when a json_objectagg() call contains a volatile function.
Ensure there's a registered dependency between a partitioned table and a non-built-in access method specified in CREATE TABLE ... USING. This fix only prevents problems for partitioned tables created after this update.
Fix race condition in committing a serializable transaction.
Fix race condition in COMMIT PREPARED that could require manual file removal after a crash-and-recovery.
Fix for pg_cursors view to prevent errors by excluding cursors that aren't completely set up.
Reduce logical decoding memory consumption.
Fix to prevent stable functions from receiving stale row values when they're called from a CALL statement's argument list and the CALL is within a PL/pgSQL EXCEPTION block.
Fix for JIT crashes on ARM (aarch64) systems.
The psql \watch now treats values that are less than 1ms to be 0 (no wait between executions).
Fix failure to use credentials for a replication user in the password file (pgpass)
pg_combinebackup now throws an error if an incremental backup file is present in a directory that should contain a full backup.
Fix to avoid reindexing temporary tables and indexes in vacuumdb and parallel reindexdb.

This release also updates time zone data files to tzdata release 2024b. This tzdata release changes the old System-V-compatibility zone names to duplicate the corresponding geographic zones; for example PST8PDT is now an alias for America/Los_Angeles. The main visible consequence is that for timestamps before the introduction of standardized time zones, the zone is considered to represent local mean solar time for the named location. For example, in PST8PDT, timestamptz input such as 1801-01-01 00:00 would previously have been rendered as 1801-01-01 00:00:00-08, but now it is rendered as 1801-01-01 00:00:00-07:52:58.

Also, historical corrections for Mexico, Mongolia, and Portugal. Notably, Asia/Choibalsan is now an alias for Asia/Ulaanbaatar rather than being a separate zone, mainly because the differences between those zones were found to be based on untrustworthy data.

Updating

If you have a partitioned table with foreign key constraints where you've run the ATTACH PARTITION/DETACH PARTITION commands, you will need to take further steps after upgrading. You can fix this by executing an ALTER TABLE ... DROP CONSTRAINT on the now stand-alone table for each faulty constraint, and then re-add the constraint. If re-adding the constraint fails, you will need to manually re-establish consistency between the referencing and referenced tables, then re-add the constraint.

This query can be used to identify broken constraints and construct the commands needed to recreate them:

SELECT conrelid::pg_catalog.regclass AS "constrained table", conname AS constraint, confrelid::pg_catalog.regclass AS "references", pg_catalog.format('ALTER TABLE %s DROP CONSTRAINT %I;', conrelid::pg_catalog.regclass, conname) AS "drop", pg_catalog.format('ALTER TABLE %s ADD CONSTRAINT %I %s;', conrelid::pg_catalog.regclass, conname, pg_catalog.pg_get_constraintdef(oid)) AS "add" FROM pg_catalog.pg_constraint c WHERE contype = 'f' AND conparentid = 0 AND (SELECT count(*) FROM pg_catalog.pg_constraint c2 WHERE c2.conparentid = c.oid) <> (SELECT count(*) FROM pg_catalog.pg_inherits i WHERE (i.inhparent = c.conrelid OR i.inhparent = c.confrelid) AND EXISTS (SELECT 1 FROM pg_catalog.pg_partitioned_table WHERE partrelid = i.inhparent));

Since it is possible that one or more of the ADD CONSTRAINT steps will fail, you should save the query's output in a file and then attempt to perform each step.

Additionally, if you are running PostgreSQL 17.0 and using libc as your default collation provider, and have set LC_CTYPE to be C while LC_COLLATE is a different locale, you will need to rebuild your text-based indexes. You can do this with the REINDEX INDEX CONCURRENTLY command.

Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.

For more details, please see the release notes.

Links

If you have corrections or suggestions for this release announcement, please send them to the pgsql-www@lists.postgresql.org public mailing list.

PostgreSQL 16.4, 15.8, 14.13, 13.16, 12.20, and 17 Beta 3 Released!

Thu, 08 Aug 2024 00:00:00 +0000

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 16.4, 15.8, 14.13, 13.16, and 12.20, as well as the third beta release of PostgreSQL 17. This release fixes 1 security vulnerability and over 55 bugs reported over the last several months.

For the full list of changes, please review the release notes.

PostgreSQL 12 EOL Notice

PostgreSQL 12 will stop receiving fixes on November 14, 2024. If you are running PostgreSQL 12 in a production environment, we suggest that you make plans to upgrade to a newer, supported version of PostgreSQL. Please see our versioning policy for more information.

Security Issues

CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 12 - 16.

An attacker able to create and drop non-temporary objects could inject SQL code that would be executed by a concurrent pg_dump session with the privileges of the role running pg_dump (which is often a superuser). The attack involves replacing a sequence or similar object with a view or foreign table that will execute malicious code. To prevent this, introduce a new server parameter restrict_nonsystem_relation_kind that can disable expansion of non-builtin views as well as access to foreign tables, and teach pg_dump to set it when available. Note that the attack is prevented only if both pg_dump and the server it is dumping from are new enough to have this fix.

The PostgreSQL project thanks Noah Misch for reporting this problem.

Bug Fixes and Improvements

This update fixes over 55 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 16. Some of these issues may also affect other supported versions of PostgreSQL.

Avoid incorrect results from "Merge Right Anti Join" plans, where if the inner relation is known to have unique join keys, the merge could misbehave when there are duplicated join keys in the outer relation.
Prevent infinite loop in VACUUM.
Fix partition pruning setup during ALTER TABLE DETACH ... PARTITION CONCURRENTLY.
Fix behavior of stable functions that are used as an argument to a CALL statement.
pg_sequence_last_value() now returns NULL instead of throwing an error when called on unlogged sequences on standby servers and on temporary sequences of other sessions.
Fix parsing of ignored operators in websearch_to_tsquery().
Correctly check updatability of view columns targeted by INSERT ... DEFAULT.
Lock owned sequences during ALTER TABLE ... SET LOGGED|UNLOGGED.
Don't throw an error if a queued AFTER trigger no longer exists.
Fix selection of an arbiter index for INSERT ... ON CONFLICT when the desired index has expressions or predicates, for example, through an updatable view.
Refuse to modify a temporary table of another session with ALTER TABLE.
Fix handling of extended statistics on expressions in CREATE TABLE ... LIKE STATISTICS.
Fix failure to recalculate sub-queries generated from MIN() or MAX() aggregates.
Disallow underscores in positional parameters.
Avoid crashing when a JIT-inlined backend function throws an error.
Fix handling of subtransactions of prepared transactions when starting a hot standby server.
Prevent incorrect initialization of logical replication slots.
Fix memory leak in the logical replication WAL sender when publishing changes to a partitioned table whose partitions have row types that are physically different from the table.
Disable creation of stateful TLS session tickets by OpenSSL.
Fix how PL/pgSQL handles integer ranges containing underscores (e.g., FOR i IN 1_001..1_002).
Fix incompatibility between PL/Perl and Perl 5.40.
Several fixes related to recursive PL/Python functions and triggers.
Ensure that pg_restore -l reports dependent table of contents entries correctly.
pg_stat_statements now passes a query ID for utility (non-SELECT/INSERT/UPDATE) statements that appears in SQL-language functions.
Fix for postgres_fdw when mapping a foreign table to a nontrivial remote view.
postgres_fdw no longer sends a FETCH FIRST WITH TIES clause to a remote server.

Updating

Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.

For more details, please see the release notes.

A Note on the PostgreSQL 17 Beta

This release marks the third beta release of PostgreSQL 17 and puts the community one step closer to general availability tentatively around the end of the third quarter.

In the spirit of the open source PostgreSQL community, we strongly encourage you to test the new features of PostgreSQL 17 on your systems to help us eliminate bugs or other issues that may exist. While we do not advise you to run PostgreSQL 17 Beta 3 in production environments, we encourage you to find ways to run your typical application workloads against this beta release.

Your testing and feedback will help the community ensure that the PostgreSQL 17 release upholds our standards of delivering a stable, reliable release of the world's most advanced open source relational database. Please read more about our beta testing process and how you can contribute:

/developer/beta/

Upgrading to PostgreSQL 17 Beta 3

To upgrade to PostgreSQL 17 Beta 3 from an earlier version of PostgreSQL, you will need to use a strategy similar to upgrading between major versions of PostgreSQL (e.g. pg_upgrade or pg_dump / pg_restore). For more information, please visit the documentation section on upgrading.

Changes Since Beta 2

Fixes and changes in PostgreSQL 17 Beta 3 include:

Rename the standby_slot_names parameter to to synchronized_standby_slots.
Several SQL/JSON fixes.
Fix pg_combinebackup --clone.
Fix pg_createsubscriber to work for database names that contain a space.
pg_createsubscriber now drops pre-existing subscriptions when run on a target database.
Improve efficiency in retrieving subscription information during pg_upgrade.
Fix TLS fallback behavior during sslmode=prefer to error when a server sends an error during the startup process.
Document an error case with pg_basebackup incremental backup on a standby server when it's executed immediately after the previous backup.
Fix issue where pg_upgrade --transaction-size can cause the backend to use an order of magnitude more RAM.

Please see the release notes for a complete list of new and changed features, and PostgreSQL 17 open items for more details on fixes and changes.

Testing for Bugs & Compatibility

The stability of each PostgreSQL release greatly depends on you, the community, to test the upcoming version with your workloads and testing tools in order to find bugs and regressions before the general availability of PostgreSQL 17. As this is a Beta, minor changes to database behaviors, feature details, and APIs are still possible. Your feedback and testing will help determine the final tweaks on the new features, so please test in the near future. The quality of user testing helps determine when we can make a final release.

A list of open issues is publicly available in the PostgreSQL wiki. You can report bugs using this form on the PostgreSQL website:

/account/submitbug/

Links

If you have corrections or suggestions for this release announcement, please send them to the pgsql-www@lists.postgresql.org public mailing list.

Greenmask v0.2.0b1 Release

Mon, 01 Jul 2024 00:00:00 +0000

Greenmask v0.2.0b1 Release

PostgreSQL Logical Dump and Anonymization Tool

This major beta release introduces new features and refactored transformers, significantly enhancing Greenmask's flexibility to better meet business needs. Help us improve GreenMask and tailor it to meet community needs. We welcome your feedback in the release discussion on GitHub.

Greenmask Overview

Greenmask is a versatile open-source tool for database backup, anonymization, and restoration. Written in pure Go with ported PostgreSQL libraries, it is platform-independent and stateless, requiring no schema modifications. It is customizable and compatible with existing PostgreSQL utilities.

Greenmask is ideally suited for:

Routine backup and restoration tasks, ensuring data integrity and availability.
Anonymization and data masking for staging environments and analytics, protecting sensitive information while maintaining data utility.

Key features

Deterministic transformers — deterministic approach to data transformation based on the hash functions. This ensures that the same input data will always produce the same output data. Almost each transformer supports either random or hash engine making it universal for any use case.
Dynamic parameters — almost each transformer supports dynamic parameters, allowing to parametrize the transformer dynamically from the table column value. This is helpful for resolving the functional dependencies between columns and satisfying the constraints.
Database type safe - Ensures data integrity by validating data and utilizing the database driver for encoding and decoding operations. This approach guarantees the preservation of data formats.
Transformation validation and easy maintainable - During obfuscation development, Greenmask provides validation warnings and a transformation diff feature, allowing you to monitor and maintain transformations effectively throughout the software lifecycle.
Partitioned tables transformation inheritance - Define transformation configurations once and apply them to all partitions within partitioned tables, simplifying the obfuscation process.
Stateless - Greenmask operates as a logical dump and does not impact your existing database schema.
Backward compatible - It fully supports the same features and protocols as existing vanilla PostgreSQL utilities. Dumps created by Greenmask can be successfully restored using the pg_restore utility.
Extensible - Users have the flexibility to implement domain-based transformations in any programming language or use predefined templates.
Provide a variety of storage - Greenmask offers a variety of storage options for local and remote data storage, including directories and S3-like storage solutions.

Playground usage for the beta version

If you want to run a Greenmask playground for the beta version execute:

git checkout tags/v0.2.0b1 -b v0.2.0b1 docker-compose run greenmask-from-source

Changes overview

Introduced dynamic parameters in the transformers
- Most transformers now support dynamic parameters where applicable.
- Dynamic parameters are strictly enforced. If you need to cast values to another type, Greenmask provides templates and predefined cast functions accessible via cast_to. These functions cover frequent operations such as UnixTimestampToDate and IntToBool.
The transformation logic has been significantly refactored, making transformers more customizable and flexible than before.
Introduced transformation engines
- random - generates transformer values based on pseudo-random algorithms.
- hash - generates transformer values using hash functions. Currently, it utilizes sha3 hash functions, which are secure but perform slowly. In the stable release, there will be an option to choose between sha3 and SipHash.
Introduced static parameters value template

Notable changes

Core

Introduced the Parametrizer interface, now implemented for both dynamic and static parameters.
Renamed most of the toolkit types for enhanced clarity and comprehensive documentation coverage.
Refactored the Driver initialization logic.
Added validation warnings for overridden types in the Driver.
Migrated existing built-in transformers to utilize the new Parametrizer interface.
Implemented a new abstraction, TransformationContext, as the first step towards enabling new feature transformation conditions (#34).
Optimized most transformers for performance in both dynamic and static modes. While dynamic mode offers flexibility, static mode ensures performance remains high. Using only the necessary transformation features helps keep transformation time predictable.

Documentation

Documentation has been significantly refactored. New information about features and updates to transformer descriptions have been added.

Transformers

RandomEmail - Introduces a new transformer that supports both random and deterministic engines. It allows for flexible email value generation; you can use column values in the template and choose to keep the original domain or select any from the domains parameter.
NoiseDate, NoiseFloat, NoiseInt - These transformers support both random and deterministic engines, offering dynamic mode parameters that control the noise thresholds within the min and max range. Unlike previous implementations which used a single ratio parameter, the new release features min_ratio and max_ratio parameters to define noise values more precisely. Utilizing the hash engine in these transformers enhances security by complicating statistical analysis for attackers, especially when the same salt is used consistently over long periods.
NoiseNumeric - A newly implemented transformer, sharing features with NoiseInt and NoiseFloat, but specifically designed for numeric values (large integers or floats). It provides a decimal parameter to handle values with fractions.
RandomChoice - Now supports the hash engine
RandomDate, RandomFloat, RandomInt - Now enhanced with hash engine support. Threshold parameters min and max have been updated to support dynamic mode, allowing for more flexible configurations.
RandomNumeric - A new transformer specifically designed for numeric types (large integers or floats), sharing similar features with RandomInt and RandomFloat, but tailored for handling huge numeric values.
RandomString - Now supports hash engine mode
RandomUnixTimestamp - This new transformer generates Unix timestamps with selectable units (second, millisecond, microsecond, nanosecond). Similar in function to RandomDate, it supports the hash engine and dynamic parameters for min and max thresholds, with the ability to override these units using min_unit and max_unit parameters.
RandomUuid - Added hash engine support
RandomPerson - Implemented a new transformer that replaces RandomName, RandomLastName, RandomFirstName, RandomFirstNameMale, RandomFirstNameFemale, RandomTitleMale, and RandomTitleFemale. This new transformer offers enhanced customizability while providing similar functionalities as the previous versions. It generates personal data such as FirstName, LastName, and Title, based on the provided gender parameter, which now supports dynamic mode. Future minor versions will allow for overriding the default names database.
Added tsModify - a new template function for time.Time objects modification
Introduced a new RandomIp transformer capable of generating a random IP address based on the specified netmask.
Added a new RandomMac transformer for generating random Mac addresses.
Deleted transformers include RandomMacAddress, RandomIPv4, RandomIPv6, RandomUnixTime, RandomTitleMale, RandomTitleFemale, RandomFirstName, RandomFirstNameMale, RandomFirstNameFemale, RandomLastName, and RandomName due to the introduction of more flexible and unified options.

Useful Links

Public Roadmap
Explore detailed Documentation
Access the Latest Release on GitHub
Contact us for support at Email Support

PostgreSQL 16.3, 15.7, 14.12, 13.15, and 12.19 Released!

Thu, 09 May 2024 00:00:00 +0000

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 16.3, 15.7, 14.12, 13.15, and 12.19. This release fixes one security vulnerability and over 55 bugs reported over the last several months.

A security vulnerability was found in the system views pg_stats_ext and pg_stats_ext_exprs, potentially allowing authenticated database users to see data they don't have sufficient privileges to view. The fix for this vulnerability only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after this fix is applied. If you have a current PostgreSQL installation and are concerned about this issue, please follow the instructions in the "Updating" section for remediation steps.

For the full list of changes, please review the release notes.

PostgreSQL 12 EOL Notice

Security Issues

CVE-2024-4317: Restrict visibility of `pg_stats_ext` and `pg_stats_ext_exprs` entries to the table owner

CVSS v3.1 Base Score: 3.1

Supported, Vulnerable Versions: 14 - 16.

Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute.

This fix only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after this fix is applied. If you have a current PostgreSQL installation and are concerned about this issue, please follow the instructions in the "Updating" section for remediation steps.

The PostgreSQL project thanks Lukas Fittl for reporting this problem.

Bug Fixes and Improvements

Fix issue with INSERT with a multi-row VALUES clause where a target column is a domain over an array or composite type.
Require the SELECT privilege on the target table when using MERGE when using MERGE ... DO NOTHING.
Per the SQL standard, throw an error if a target row in MERGE joins to more than one source row during a modification.
Fix incorrect pruning of NULL partition when a table is partitioned on a boolean column and the query has a boolean IS NOT clause.
Make ALTER FOREIGN TABLE ... SET SCHEMA move any owned sequences into the new schema.
CREATE DATABASE now recognizes STRATEGY keywords case-insensitively.
Fix how EXPLAIN counts heap pages during bitmap heap scan to show all counted pages, not just ones with visible tuples.
Avoid deadlock during removal of orphaned temporary tables.
Several fixes for VACUUM, including one that can reduce unnecessary I/O.
Several query planner fixes.
Add optimization for certain operations where an installation has thousands of roles.
Fix confusion for SQL-language procedures that return a single composite-type column.
Fix incorrect rounding and overflow hazards in date_bin().
Detect integer overflow when adding or subtracting an interval to/from a timestamp.
Fix several race conditions with logical replication, including determining if a table sync operation is required.
Disconnect if a new server session's client socket cannot be put into non-blocking mode.
initdb -c now matches parameter names case-insensitively.
Fix how PL/pgSQL parses of single-line comments (-- style comments) following expression.

Updating

For existing installations that are impacted by CVE-2024-4317 that wish to remediate the issue, you will have to perform the following steps:

Find the SQL script fix-CVE-2024-4317.sql in the share directory of your PostgreSQL installation (e.g. in /usr/share/postgresql/), or download it from the PostgreSQL git repository from one of the URLs below. You will need to use the script that matches your major version:
PostgreSQL 16: https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/catalog/fix-CVE-2024-4317.sql;hb=refs/heads/REL_16_STABLE
PostgreSQL 15: https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/catalog/fix-CVE-2024-4317.sql;hb=refs/heads/REL_15_STABLE
PostgreSQL 14: https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/catalog/fix-CVE-2024-4317.sql;hb=refs/heads/REL_14_STABLE

From the above URLs, you can click the URL that says "raw" to download a version that you can copy and paste.

Be sure to use the script appropriate to your PostgreSQL major version. If you do not see this file, either your version is not vulnerable (only PostgreSQL 14, 15, and 16 are affected) or your minor version is too old to have the fix.

In each database of the cluster, run the fix-CVE-2024-4317.sql script as a database superuser. For example, in psql, with the file located in /usr/share/postgresql/, this command would look like:

\i /usr/share/postgresql/fix-CVE-2024-4317.sql

You must also execute this script in the template0 and template1 databases, or the vulnerability will still exist in databases you create later. To fix template0, you'll need to temporarily allow it accept connections. You can do this with the following command:

ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;

After executing the fix-CVE-2024-4317.sql script in template0 and template1, you should revoke the ability for template0 to accept connections. You can do this with the following command:

ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;

Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.

For more details, please see the release notes.

Links

If you have corrections or suggestions for this release announcement, please send them to the pgsql-www@lists.postgresql.org public mailing list.

pgAdmin 4 v8.6 Released

Thu, 02 May 2024 00:00:00 +0000

The pgAdmin Development Team is pleased to announce pgAdmin 4 version 8.6. This release of pgAdmin 4 includes 15 bug fixes and new features. For more details please see the release notes.

pgAdmin is the leading Open Source graphical management tool for PostgreSQL. For more information, please see the website.

Notable changes in this release include:

Features:

Added the new columns "last_seq_scan" and "last_idx_scan" from the pg_stat_all_tables and pg_stat_all_indexes tables respectively to the Statistics tab.
Added support for excluding multiple tables while taking Backup.

Bugs/Housekeeping:

Fixed an XSS vulnerability in the /settings/store endpoint (CVE-2024-4216).
Fixed Multi-Factor Authentication bypass vulnerability (CVE-2024-4215).
Update UI library MUI from v4 to v5.
Upgraded Flask, Flask-Security-Too, Werkzeug, and other dependencies, ensuring compatibility with Python 3.7.
Fixed violates check constraint issue when creating a pgAgent schedule.
Fixed an issue where pressing backspace should remove the spaces and not the entire tab width, on enabling 'Use spaces?' in the preferences.
Fixed an issue where incorrect select/exec scripts were generated for functions/procedures.
Fixed an issue when closing the view data second tab; it raises the error that the 'ViewCommand' object has no attribute 'auto_commit'.
Install dbus-python, an in-direct dependency of the Keyring package as a system package for Debian platforms.

Builds for Windows and macOS are available now, along with a Python Wheel, Docker Container, RPM, DEB Package, and source code tarball from the tarball area.

PostgreSQL JDBC 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, 42.2.28, and 42.2.28.jre7 Security update for CVE-2024-1597

Wed, 21 Feb 2024 00:00:00 +0000

The PostgreSQL JDBC team have released 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, 42.2.28, and 42.2.28.jre7 to address a security issue: CVE-2024-1597. (Note there is no fix for 42.2.26.jre6 see the advisory for workarounds)

SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value.

There is no vulnerability in the driver when using the default query mode. Users that do not override the query mode are not impacted.

See the security advisory for the details. Thanks to Paul Gerste for finding and reporting the issue.

PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 Released!

Thu, 08 Feb 2024 00:00:00 +0000

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 16.2, 15.6, 14.11, 13.14, and 12.18. This release fixes one security vulnerability and over 65 bugs reported over the last several months.

If you use GIN indexes, you may need to reindex after updating to this release. Please see the release notes for more information.

For the full list of changes, please review the release notes.

Security Issues

CVE-2024-0985: PostgreSQL non-owner `REFRESH MATERIALIZED VIEW CONCURRENTLY` executes arbitrary SQL

CVSS v3 Base Score: 8.0

Supported, Vulnerable Versions: 12 - 16.

One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with the privileges of the user running REFRESH. The fix for the vulnerability makes is so that all user-determined code is run as the view's owner, as expected.

The PostgreSQL project thanks Pedro Gallegos for reporting this problem.

Bug Fixes and Improvements

This update fixes over 65 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 16. Some of these issues may also affect other supported versions of PostgreSQL.

Fix memory leak when performing JIT inlining that could lead to out-of-memory conditions.
Several query planner fixes.
Align MERGE behavior with UPDATE when updating a partition key column and skip firing AFTER UPDATE ROW trigger and other post-update actions.
Fix problems with duplicate token names in ALTER TEXT SEARCH CONFIGURATION ... MAPPING commands.
Fix DROP ROLE with duplicate role names.
Properly lock the associated table during DROP STATISTICS to prevent errors if ANALYZE is running concurrently.
Fix function volatility checking for GENERATED and DEFAULT expressions.
Ensure collation matches when matching an existing index to a new partitioned index.
Avoid failure if a child index is dropped concurrently with REINDEX INDEX on a partitioned index.
Fix for locking during cleanup of GIN indexes. For this case, if multiple processes tried to clean the same GIN index page, there was a chance of index corruption. If you believe you were affected by this issue, reindex your GIN indexes after installing this update.
Avoid failure with partitioned SP-GiST indexes.
Several ownership fixes for large objects.
In EXPLAIN (BUFFERS), change name of I/O timing data "shared/local" to "shared".
Ensure durability of the CREATE DATABASE command if a system crash occurred during or shortly after execution.
Add more logging messages when starting and ending recovery from a backup.
Revert a change that made the walreceiver process unresponsive to SIGTERM while waiting for a replication connection to be established.
Several fixes for logical replication.
Fix incompatibility with OpenSSL 3.2.
Fix PL/pgSQL to allow CREATE FUNCTION/CREATE PROCEDURE SQL commands that use SQL-standard function bodies.
Fix for error handling in libpq pipeline mode.
Ensure initdb always uncomments postgresql.conf entries for the lc_ family of parameters.
In pg_dump, don't dump RLS policies or security labels for extension member objects.

This release also updates time zone data files to tzdata release 2024a for DST law changes in Greenland, Kazakhstan, and Palestine, plus corrections for the Antarctic stations Casey and Vostok. Also historical corrections for Vietnam, Toronto, and Miquelon.

Updating

If you use GIN indexes, you may need to reindex after updating to this release. Please see the release notes for more information.

Users who have skipped one or more update releases may need to run additional post-update steps; please see the release notes from earlier versions for details.

For more details, please see the release notes.

Links

If you have corrections or suggestions for this release announcement, please send them to the pgsql-www@lists.postgresql.org public mailing list.

PostgreSQL is now a CVE Numbering Authority (CNA)

Thu, 18 Jan 2024 00:00:00 +0000

The PostgreSQL Security team is pleased to announce that PostgreSQL is now a CVE Numbering Authority (CNA). A CNA has responsibilities for assigning CVE IDs and participating in responsible disclosure with projects within its scope. You can find out more information about the role of PostgreSQL as a CNA on the PostgreSQL security page:

/support/security/

The process for reporting a security vulnerability in PostgreSQL has not changed. If you believe you have discovered a security vulnerability in PostgreSQL, please send an email to security@postgresql.org. For more information on what is considered a vulnerability and the reporting process, please review the PostgreSQL security page:

/support/security/

You can find the original announcement on PostgreSQL being added as a CNA on the CVE page:

https://www.cve.org/Media/News/item/news/2024/01/16/PostgreSQL-Added-as-CNA

PostgreSQL news

PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 Released!

Security Issues

CVE-2025-1094: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

Bug Fixes and Improvements

Updating

Links

PostgreSQL 17.2, 16.6, 15.10, 14.15, 13.18, and 12.22 Released!

PostgreSQL 12 EOL Notice

Bug Fixes and Improvements

Updating

Links

PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 Released!

PostgreSQL 12 EOL Notice

Security Issues

CVE-2024-10976: PostgreSQL row security below e.g. subqueries disregards user ID changes

CVE-2024-10977: PostgreSQL libpq retains an error message from man-in-the-middle

CVE-2024-10978: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

CVE-2024-10979: PostgreSQL PL/Perl environment variable changes execute arbitrary code

Bug Fixes and Improvements

Updating

Links

PostgreSQL 16.4, 15.8, 14.13, 13.16, 12.20, and 17 Beta 3 Released!

PostgreSQL 12 EOL Notice

Security Issues

CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Bug Fixes and Improvements

Updating

A Note on the PostgreSQL 17 Beta

Upgrading to PostgreSQL 17 Beta 3

Changes Since Beta 2

Testing for Bugs & Compatibility

Links

Greenmask v0.2.0b1 Release

Greenmask v0.2.0b1 Release

PostgreSQL Logical Dump and Anonymization Tool

Greenmask Overview

Greenmask is ideally suited for:

Key features

Playground usage for the beta version

Changes overview

Notable changes

Core

Documentation

Transformers

Useful Links

PostgreSQL 16.3, 15.7, 14.12, 13.15, and 12.19 Released!

PostgreSQL 12 EOL Notice

Security Issues

CVE-2024-4317: Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner

Bug Fixes and Improvements

Updating

Links

pgAdmin 4 v8.6 Released

Features:

Bugs/Housekeeping:

PostgreSQL JDBC 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, 42.2.28, and 42.2.28.jre7 Security update for CVE-2024-1597

PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 Released!

Security Issues

CVE-2024-0985: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL

Bug Fixes and Improvements

Updating

Links

PostgreSQL is now a CVE Numbering Authority (CNA)

CVE-2024-4317: Restrict visibility of `pg_stats_ext` and `pg_stats_ext_exprs` entries to the table owner

CVE-2024-0985: PostgreSQL non-owner `REFRESH MATERIALIZED VIEW CONCURRENTLY` executes arbitrary SQL