Broken behavior after minor update CVE-2024-10978

From: Антон Глушаков <a(dot)glushakov86(at)gmail(dot)com>
To: pgsql-admin(at)lists(dot)postgresql(dot)org
Subject: Broken behavior after minor update CVE-2024-10978
Date: 2024-11-18 12:17:26
Message-ID: CAHnOmac-kzCxxm8OKa31FDJiyHRLgwbcs555_-HdeqhRJ6mEow@mail.gmail.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-admin

After upgrading to version 14.14, the behavior of roles related to the "set
role" option broke.
We actively use the feature "alter user <username> set role db_role"
in order to automatically change the role context upon login.
But now this behavior has changed, and the context does not change, which
unfortunately breaks all role-based access to data.

If this was an abnormal behavior, is there an alternative way to
automatically change the role context when connecting to the DB?

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Motog Plus 2024-11-18 16:08:31 Guidance Needed for PostgreSQL Upgrade from 12 to 15
Previous Message Laurenz Albe 2024-11-17 18:18:58 Re: RDS restore failed due to WAL log and disk space-- any tidy fixes?