The PostgreSQL Global Development Group recently released important updates for several supported PostgreSQL versions, including 16.4, 15.8, 14.13, 13.16, 12.20, as well as the 17 Beta 3. One security vulnerability and over 55 bugs were addressed, many of which affect PostgreSQL 16 and other supported versions.
Security Issue: pg_dump
The August 8th release addresses security vulnerability CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. From the CVE page:
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
This vulnerability impacts all supported versions of 12 - 16 prior to this release.
PostgreSQL 12 EOL: November 14, 2024
Also of note, PostgreSQL 12.20 marks the final update before this version reaches its End-of-Life (EOL). If your systems are still running PostgreSQL 12, it's crucial to act now.
As PostgreSQL 12 enters its EOL phase, it will no longer receive updates or security patches, leaving your databases vulnerable. Upgrading to a newer version ensures that you continue to receive essential security updates. It also allows you to take advantage of the latest features and performance improvements.
Not ready to upgrade yet?
Command Prompt offers comprehensive EOL support to help you transition smoothly. Whether you need guidance on the upgrade process or long-term support for your legacy systems, we're here to assist you.
Don't wait until it's too late— contact us today to discuss how we can help you upgrade your PostgreSQL version and secure your database infrastructure for the future.