8th February 2024: PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 Released!

set_user 2.0.1 released

Posted on 2021-08-28 by Crunchy Data
Related Open Source Security

Crunchy Data is pleased to announce the release of the PostgreSQL set_user Extension module version 2.0.1.

This release contains one security fix and one other bug fix. It is highly recommended to update to this version of set_user as soon as possible.

Security Issues

  • CVE-2021-38140: Fixed potential privilege escalation using RESET SESSION AUTHORIZATION after calling set_user(). This is now blocked along with RESET ROLE.

Fixes

  • Fix GUC deprecation logic to stop printing noisy NOTICEs every time GUCs are referenced.

Links

Crunchy Data is proud to support the development and maintenance of set_user).