Release Announcement EDB Pgpool-II 4.2.6, 4.1.9, 4.0.16, 3.7.21, 3.6.28

Customer Portal
Customer Portal

This article was originally published on December 01, 2021

WHAT’S NEW

This update is notifying you of the new release of EDB Pgpool-II 4.2.6, 4.1.9, 4.0.16, 3.7.21 and 3.6.28. Pgpool-II acts as a service that sits between client applications and a PostgreSQL database server. Using Pgpool-II can add the following benefits to your application connection infrastructure:

  • Reroute and load balance Read-Only transactions to Standby database servers
  • Reuse connections to prevent reconnects
  • Reduce Postgres connections by queuing stale connections

EDB Pgpool-II is enhanced to support additional EDB Postgres Advanced capabilities and can be used with PostgreSQL or EDB Postgres Advanced.

Highlights of this release

 

Type

Highlights



 

Security Fix

Reject extraneous data after SSL encryption handshake.
In the server-side implementation of SSL negotiation, it was possible for a man-in-the-middle attacker to inject arbitrary SQL commands if it was configured to use cert authentication or hostssl + trust. This resembles PostgreSQL's CVE-2021-23214.


In the client-side implementation of SSL negotiation, it was possible for a man-in-the-middle attacker to inject arbitrary responses if the database server is using trust authentication with a clientcert requirement. It is not possible with cert authentication because Pgpool-II does not implement the cert authentication between Pgpool-II and PostgreSQL. This resembles PostgreSQL's CVE-2021-23222.

 

These releases also contain a merge with upstream. For more information, please refer to the upstream release notes: 

TELL ME MORE

For more details, please review the EDB Pgpool-II 4.2.x documentation:
https://www.enterprisedb.com/docs/pgpool/latest/


IS THIS FOR ME?

This announcement is for EDB customers who are using, or are interested in, EDB Pgpool-II and have a subscription purchased for:

  • Enterprise Subscription

HOW TO GET THE SOFTWARE

EDB Pgpool-II 4.2 is available from the EDB website https://www.enterprisedb.com/downloads/pgpool

To request the credentials required to access EDB repositories, please visit https://www.enterprisedb.com/repository-access-request

 


TROUBLESHOOTING 

If you experience any problems around the installation, migration, upgrade, or general use of your EDB software please contact our Technical Support teams.

Customers may reach us at the EDB Customer Support Portal, and we’re also available 24x7 via email and phone at the details below:

techsupport@enterprisedb.com

trial-help@enterprisedb.com

 

US +1-732-331-1320 / 1-800-235-5891

UK +44-2033719820

Brazil +55-2139581371

India +91-20-66449612

Was this article helpful?

0 out of 0 found this helpful