| From: | Crunchy Data via PostgreSQL Announce <announce-noreply(at)postgresql(dot)org> |
|---|---|
| To: | PostgreSQL Announce <pgsql-announce(at)lists(dot)postgresql(dot)org> |
| Subject: | set_user 2.0.1 released |
| Date: | 2021-08-28 16:34:18 |
| Message-ID: | 163016845889.699.3584067677876520138@wrigleys.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-announce |
Crunchy Data is pleased to announce the release of the PostgreSQL
[set_user](github.com/pgaudit/set_user) Extension module version 2.0.1.
This release contains one security fix and one other bug fix. It is highly
recommended to update to this version of `set_user` as soon as possible.
### Security Issues
- [CVE-2021-38140](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38140):
Fixed potential privilege escalation using `RESET SESSION
AUTHORIZATION` after calling `set_user()`. This is now blocked along with
`RESET ROLE`.
### Fixes
- Fix GUC deprecation logic to stop printing noisy NOTICEs every time
GUCs are referenced.
### Links
- [Project Repo](https://github.com/pgaudit/set_user)
- [Installation](https://github.com/pgaudit/set_user#installation)
- [Documentation](https://github.com/pgaudit/set_user#postgresql-set_user-extension-module)
- [Release Notes](https://github.com/pgaudit/set_user/releases/tag/REL2_0_1)
[Crunchy Data](https://www.crunchydata.com) is proud to support the development
and maintenance of [set_user](https://github.com/pgaudit/set_user)).
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Red Hat via PostgreSQL Announce | 2021-08-30 00:12:40 | pgmoneta 0.5.0 |
| Previous Message | MigOps via PostgreSQL Announce | 2021-08-25 23:50:59 | PostgreSQL DBMS_JOB compatibility extension |