The PostgreSQL team released an update yesterday to the versions 10.5, 9.6.10, 9.5.14, 9.4.19, 9.3.24 of its database system. The latest update focuses on fixing two security issues and bugs detected in the past three months.
PostgreSQL is a popular open source relational database management system that offers reliability, correctness, robustness, and performance measures. It runs on all major operating systems such as Linux, UNIX (AIX, BSD, HP-UX, SGI IRIX, Mac OS X, Solaris, Tru64), and Windows.
Let’s discuss the highlights of the recent major update.
The recent release focuses on fixing two major security issues:
There was an internal issue in Libpq, a client connection API for PostgreSQL. When trying to reconnect, all the connection state variables couldn’t be reset.
Specifically, the state variable that helps determine whether or not a password is needed for a connection would not be reset. This allowed the users of features requiring libpq, namely, the dblink or postgres_fdw extensions, to login to servers they should not be able to access.
To check if your database has either extension installed, run the following from your PostgreSQL shell:
\dx dblink|postgres_fdw
An attacker can issue CREATE TABLE. This allows the arbitrary bytes of server memory to be easily read with the help of an upsert (INSERT … ON CONFLICT DO UPDATE) query. By default, any user can easily exploit that. A user with specific INSERT privileges and an UPDATE privilege on at least one column in a given table is capable of updating other columns with the help of a view and an upsert query.
To get complete information on other bug fixes and improvements, check out the official PostgreSQL release notes.
Handling backup and recovery in PostgreSQL 10 [Tutorial]
How to perform data partitioning in PostgreSQL 10
6 index types in PostgreSQL 10 you should know
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…