This article was originally published on May 09, 2024
WHAT’S NEW
This update is notifying you of new software releases in the EDB repositories of PostgreSQL, EDB Postgres Extended (PGE) Server, and EDB Postgres Advanced Server (EPAS).
PGE and EPAS merge updates from the latest upstream PostgreSQL, and EPAS includes additional bug fixes for its superset of features beyond PostgreSQL.
Database Distributions Versions Released
PostgreSQL 16.3, 15.7, 14.12, 13.15 and 12.19
EDB Postgres Extended Server 16.3.0, 15.7.0, 14.12, 13.15 and 12.19
EDB Postgres Advanced Server 16.3.0, 15.7.0, 14.12.0, 13.15.21 and 12.19.24
Highlights of these releases include:
- Merge with community release. Click here to find more information about the merge and other fixes.
- CVE-2024-4317: A security vulnerability, reported as CVE-2024-4317, has been discovered that affects systems views in PostgreSQL, which also affects PGE and EPAS. Please consult here for more details.
- CVE-2024-4545: A security vulnerability, identified as CVE-2024-4545 with a CVSS Score of 7.7 (High), has been discovered that affects EPAS 15 and 16, where edbldr could be used to read sensitive files on the system. This vulnerability can potentially allow a low-privilege user to read files they would not otherwise have access to. The server minor update closes this vulnerability. Please read the Release Notes for more details.
Bug fixes:
EDB Postgres Advanced Server Release |
Description |
12 and above |
edb_filter_log: Correctly redact the password when the tab is used before the keyword. (#36220) |
edb_audit: Fix automatic rotation of logfiles based on day (edb_audit_rotation_day) to work correctly on Windows. (#99282) | |
Fix server crash by correctly fetching all the attributes from the sublink in CONNECT BY processing. (#102746) | |
Conditionally free the path in add_path() to avoid rare possible server crashes when the freed path is still used, specifically in FDWs. (#86497) | |
edbldr: Resolve crash when loading data into multiple tables with different encodings from the target database. | |
15 and above |
edbldr: check pg_read_server_files privilege before data file access. (#35906) |
pg_dump: Fix possible data loss and pg_dump failures when the user has rowids. (#35901) | |
Only 16 |
Fix assertion in DROP ROLE statement having duplicate names. |
edb_dblink_oci: Fix server crash in left join with whole-row reference. |
*References in the parenthesis correspond to customer case numbers.
For more details, please review the PGE and EPAS documentation:
https://www.enterprisedb.com/docs/pge/latest/
https://www.enterprisedb.com/docs/epas/latest/
IS THIS FOR ME?
This announcement is for all EDB customers and PostgreSQL users.
HOW TO GET THE SOFTWARE
Database Server installers are available as native packages in the form of RPMs and DEBs, visit EDB Repos. To request the credentials required to access EDB repositories, visit Create new account.
TROUBLESHOOTING
If you experience any problems around the installation, migration, upgrade or general use of your EDB software, please contact our Technical Support teams. Customers may reach us at https://techsupport.enterprisedb.com, and we're also available 24x7 via email and phone at the details below:
Customer Support Email: techsupport@enterprisedb.com
Trial Use Assistance: trial-help@enterprisedb.com
US +1-732-331-1320 / 1-800-235-5891
UK +44-2033719820
Brazil +55-2139581371
India +91-20-66449612
End-of-Support Reminder:
Software: PostgreSQL/EDB Postgres Extended Server/EDB Postgres Advanced Server
- Version: 12.x
- End of Standard Support: December 9th, 2024