Patch release for EDB Postgres Extended (PGE) Server & EPAS

Customer Portal
Customer Portal

This article was originally published on May 09, 2024

WHAT’S NEW

This update is notifying you of new software releases in the EDB repositories of PostgreSQL, EDB Postgres Extended (PGE) Server, and EDB Postgres Advanced Server (EPAS).

PGE and EPAS merge updates from the latest upstream PostgreSQL, and EPAS includes additional bug fixes for its superset of features beyond PostgreSQL.
 

Database Distributions Versions Released

PostgreSQL 16.3, 15.7, 14.12, 13.15 and 12.19

EDB Postgres Extended Server        16.3.0, 15.7.0, 14.12, 13.15 and 12.19

EDB Postgres Advanced Server 16.3.0, 15.7.0, 14.12.0, 13.15.21 and 12.19.24
 

Highlights of these releases include:

  • Merge with community release. Click here to find more information about the merge and other fixes.
  • CVE-2024-4317: A security vulnerability, reported as CVE-2024-4317, has been discovered that affects systems views in PostgreSQL, which also affects PGE and EPAS. Please consult here for more details. 
  • CVE-2024-4545: A security vulnerability, identified as CVE-2024-4545 with a CVSS Score of 7.7 (High), has been discovered that affects EPAS 15 and 16, where edbldr could be used to read sensitive files on the system. This vulnerability can potentially allow a low-privilege user to read files they would not otherwise have access to. The server minor update closes this vulnerability. Please read the Release Notes for more details.

Bug fixes:

 

EDB Postgres

Advanced Server

Release

Description

12 and above

edb_filter_log: Correctly redact the password when the tab is used before the keyword. (#36220)

edb_audit: Fix automatic rotation of logfiles based on day (edb_audit_rotation_day) to work correctly on Windows. (#99282)

Fix server crash by correctly fetching all the attributes from the sublink in CONNECT BY processing. (#102746)

Conditionally free the path in add_path() to avoid rare possible server crashes when the freed path is still used, specifically in FDWs. (#86497)

edbldr: Resolve crash when loading data into multiple tables with different encodings from the target database.

15 and above

edbldr: check pg_read_server_files privilege before data file access. (#35906)
Permission to read data from the server File System should be restricted to superusers or users who possess the pg_read_server_files role. However, in affected versions of EPAS, any user can use edbldr to read data from any server file which is accessible to the OS user account under which EPAS is running. With this fix, a non-superuser using edbldr must either possess the pg_read_server_files role or must load data from standard input, rather than the server filesystem. Customer Advisory: CVE-2024-4545-for-db-2681

pg_dump: Fix possible data loss and pg_dump failures when the user has rowids. (#35901)

Only 16

Fix assertion in DROP ROLE statement having duplicate names.

edb_dblink_oci: Fix server crash in left join with whole-row reference.

 

*References in the parenthesis correspond to customer case numbers.

 
 

For more details, please review the PGE and EPAS documentation: 

https://www.enterprisedb.com/docs/pge/latest/

 

https://www.enterprisedb.com/docs/epas/latest/
 


IS THIS FOR ME?

This announcement is for all EDB customers and PostgreSQL users. 


 

HOW TO GET THE SOFTWARE

Database Server installers are available as native packages in the form of RPMs and DEBs, visit EDB Repos. To request the credentials required to access EDB repositories, visit Create new account.



TROUBLESHOOTING 

If you experience any problems around the installation, migration, upgrade or general use of your EDB software, please contact our Technical Support teams. Customers may reach us at https://techsupport.enterprisedb.com, and we're also available 24x7 via email and phone at the details below:

Customer Support Email: techsupport@enterprisedb.com

Trial Use Assistance: trial-help@enterprisedb.com

US +1-732-331-1320 / 1-800-235-5891

UK +44-2033719820

Brazil +55-2139581371

India +91-20-66449612

 
End-of-Support Reminder: 

Software: PostgreSQL/EDB Postgres Extended Server/EDB Postgres Advanced Server

  • Version: 12.x
  • End of Standard Support: December 9th, 2024

Was this article helpful?

0 out of 0 found this helpful