| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | richard coleman <rcoleman(dot)ascentgl(at)gmail(dot)com> |
| Cc: | Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com>, pgAdmin Support <pgadmin-support(at)postgresql(dot)org> |
| Subject: | Re: pgAdmin 4 v4.28 released |
| Date: | 2020-11-12 16:05:03 |
| Message-ID: | CA+OCxoyogMQKduE-aqu8vtDJDc0-PvOea3-Ddg7VNaJD5twbmQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-support |
Richard,
On Thu, Nov 12, 2020 at 3:59 PM richard coleman <rcoleman(dot)ascentgl(at)gmail(dot)com>
wrote:
> Hi All,
>
> The release notes list:
>
> Issue #5919 <https://redmine.postgresql.org/issues/5919> - Added security
> related enhancements.
>
>
> But this issue does not show up on the list of issues and following the
> link returns a 403 error. What exactly was included in this change?
>
The issue (like all security issues) was marked as private. We make the
public following the release, which has now been done. The commit lists the
following changes:
Added following security enhancements:
1) Added ALLOWED_HOSTS list to limit the host address.
2) Added CSP and HSTS security header.
3) Hide the webserver/ development framework version.
>
> It doesn't seem exactly *transparent* that *secret* changes are being
> made to this program.
>
We almost always make security changes in secret, in much the same way as
other Open Source projects (e.g. PostgreSQL) do. That is to help protect
users by not advertising potential vulnerabilities before fixes are
available.
>
> Thanks,
>
> rik.
>
> On Thu, Nov 12, 2020 at 6:34 AM Akshay Joshi <
> akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>
>> The pgAdmin Development Team is pleased to announce pgAdmin 4 version
>> 4.28.
>> This release of pgAdmin 4 includes 19 bug fixes and new features. For
>> more details please see the release notes at:
>>
>> https://www.pgadmin.org/docs/pgadmin4/4.28/release_notes_4_28.html.
>>
>> pgAdmin is the leading Open Source graphical management tool for
>> PostgreSQL. For more information, please see:
>>
>> https://www.pgadmin.org/
>>
>> Notable changes in this release include:
>>
>> - Added support to download utility files at the client-side.
>> - Added support to rename query tool and debugger tabs title.
>> - Added support for dynamic tab size.
>> - Added tab title placeholder for Query Tool, View/Edit Data, and
>> Debugger.
>> - Added support to compare schemas and databases in schema diff.
>> - Ensure that non-superuser should be able to debug the function.
>> - Ensure that query history should be listed by date/time in
>> descending order.
>> - Ensure that Grant Wizard should include foreign tables.
>> - Ensure that search object functionality works with case insensitive
>> string.
>>
>>
>> Builds for Windows and macOS are available now, along with a Python Wheel,
>> Docker Container, RPM, DEB Package, and source code tarball from:
>>
>> https://www.pgadmin.org/download/
>>
>> --
>> Akshay Joshi
>> pgAdmin Project
>>
>>
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
| From | Date | Subject | |
|---|---|---|---|
| Next Message | richard coleman | 2020-11-12 16:13:00 | Re: pgAdmin 4 v4.28 released |
| Previous Message | richard coleman | 2020-11-12 15:59:15 | Re: pgAdmin 4 v4.28 released |