Eymoutiers, France, May 27th, 2026
Dalibo is pleased to announce PostgreSQL Anonymizer 3.1 introducing innovative
data masking techniques to protect your data !
PostgreSQL Anonymizer is an extension that hides or replaces personally
identifiable information (PII) or commercially sensitive data from a PostgreSQL
database.
The extension offers 6 different masking strategies:
Each strategy is complemented by an enhanced suite of Masking Functions, including advanced techniques such as: Substitution, Randomization, Faking, Pseudonymization, Partial Scrambling, Shuffling, Noise Addition and Generalization.
The extension can be installed with Debian and RPM packages, an Ansible role, a Docker image, etc. You can use it on most major DBaaS providers including : Alibaba Cloud, Crunchy Bridge, Google Cloud SQL, IBM Cloud, Microsoft Azure Database, Neon, Yandex It is also available on some Postgres forks such as EDB Advanced Postgres, Greenplum and Yugabyte.
See the INSTALL section of the documentation for more details!
Local Differential Privacy is a stronger approach to adding noise. Unlike the regular noise functions, LDP provides a formal mathematical guarantee: given the output, an observer cannot determine the original value with high confidence, no matter what auxiliary information they have. The strength of this guarantee is controlled by a parameter called epsilon -- a smaller epsilon means stronger privacy but less accuracy.
This is particularly useful for survey data and categorical values (e.g. ratings, age brackets, answer choices) where you want to collect aggregate statistics while protecting individual responses.
Currently LDP is achieved using the Generalized Randomized Response Mechanism (GRRM). Additional mechanisms may be introduced in the near future.
Version 3.1 includes fixes for a critical vulnerability allowing users to gain superuser privileges under certains circumstances. The risk is very high on PostgreSQL 14 and on instances upgrades from PostgreSQL 14 and earlier.
All users should upgrade the extension to version 3.1 as soon as possible.
If a quick upgrade is not possible, the workaround below can mitigate the risk:
CREATE OR REPLACE FUNCTION anon.k_anonymity(relid regclass)
RETURNS INTEGER AS $$ SELECT NULL::INTEGER $$ LANGUAGE SQL;
For more details see issue 640 (CVE-2026-9617).
This release includes code, bugfixes, documentation, code reviews and ideas from Adem Bencheikh Lehocine, Benoit Lobréau, Buut, and other contributors.
The Local Differential Privacy features are part of a larger research project named DIFPRIPOS aiming at integrating differential privacy mechanisms into PostgreSQL. This project is financed by ANR, the French National Research Agency. Many thanks to Jean-François Couchot and Cedric Eichler for coordination and oversight.
We would also like to thanks the people at Efluid who helped us with their ideas, comments and testing.
And also special thanks to the PGRX team for their amazing work!
PostgreSQL Anonymizer is part of the [Dalibo Labs] initiative. It is mainly developed by [Damien Clochard].
This is an open project, contributions are welcome. We need your feedback and ideas! Let us know what you think of this tool, how it fits your needs and what features are missing.
If you want to help, you can find a list of Junior Jobs.