set_user 2.0.1 released

Posted on 2021-08-28 by Crunchy Data
Related Open Source Security

Crunchy Data is pleased to announce the release of the PostgreSQL set_user Extension module version 2.0.1.

This release contains one security fix and one other bug fix. It is highly recommended to update to this version of set_user as soon as possible.

Security Issues

  • CVE-2021-38140: Fixed potential privilege escalation using RESET SESSION AUTHORIZATION after calling set_user(). This is now blocked along with RESET ROLE.


  • Fix GUC deprecation logic to stop printing noisy NOTICEs every time GUCs are referenced.


Crunchy Data is proud to support the development and maintenance of set_user).