Merge pull request #5371 from EnterpriseDB/release/2024-03-11a

Release/2024-03-11a

advocacy_docs/security/assessments/cve-2024-1597.mdx

@@ -1,19 +1,19 @@
 ---
 title: CVE-2024-1597 - SQL Injection via line comment generation
 navTitle: CVE-2024-1597
-affectedProducts: pgJDBC all versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 and EDB pgJDBC all versions prior to 42.5.5
+affectedProducts: pgJDBC all versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 and EDB pgJDBC all versions prior to 42.5.5
 ---
 
 First Published: 2024/02/26
 
-Last Updated: 2024/02/26
+Last Updated: 2024/03/08
 
 Important: This is an assessment of the impact of CVE-2024-1597 on EDB products and services. It links to and details the CVE and supplements that information with EDB's own assessment.
 
 
 ## Summary 
 
-pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.
+pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.
 
 
 ## Vulnerability details
@@ -36,7 +36,7 @@ CVSS Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
 * All versions prior to 42.6.1
 * All versions prior to 42.5.5
 * All versions prior to 42.3.9
-* All versions prior to 42.2.8
+* All versions prior to 42.2.28
 
 ### EnterpriseDB pgJDBC
 

advocacy_docs/security/assessments/index.mdx

@@ -29,13 +29,13 @@ The CVEs listed in this section are from PostgreSQL and other parties who have r
 <details><summary><h3 style="display:inline"> CVE-2024-1597 </h3>
 <span>
 &nbsp;&nbsp;<a href="cve-2024-1597">Read Assessment</a>
-&nbsp;&nbsp;Updated: </span><span>2024/02/26</span>
+&nbsp;&nbsp;Updated: </span><span>2024/03/08</span>
 <h4>SQL Injection via line comment generation</h4>
-<h5> pgJDBC all versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 and EDB pgJDBC all versions prior to 42.5.5</h5>
+<h5> pgJDBC all versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 and EDB pgJDBC all versions prior to 42.5.5</h5>
 </summary>
 <hr/>
 <em>Summary:</em>&nbsp;
-pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.
+pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.
 <br/>
 <a href="cve-2024-1597">Read More...</a>
 </details></td></tr>

advocacy_docs/security/index.mdx

@@ -122,13 +122,13 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1
 <details><summary><h3 style="display:inline"> CVE-2024-1597 </h3>
 <span>
 &nbsp;&nbsp;<a href="assessments/cve-2024-1597">Read Assesment</a>
-&nbsp;&nbsp;Updated: </span><span>2024/02/26</span>
+&nbsp;&nbsp;Updated: </span><span>2024/03/08</span>
 <h4>SQL Injection via line comment generation</h4>
-<h5> pgJDBC all versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 and EDB pgJDBC all versions prior to 42.5.5</h5>
+<h5> pgJDBC all versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 and EDB pgJDBC all versions prior to 42.5.5</h5>
 </summary>
 <hr/>
 <em>Summary:</em>&nbsp;
-pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.
+pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.
 <br/>
 <a href="assessments/cve-2024-1597">Read More...</a>
 </details></td></tr>

product_docs/docs/biganimal/release/using_cluster/05_monitoring_and_logging/monitoring_using_biganimal_observability/index.mdx

@@ -35,9 +35,9 @@ The **Monitoring and Logging** tab displays the detailed monitoring metrics at a
 
 To view the monitoring metrics at different levels, select any of these levels:
 
-- **Cluster** - This is the default level. It displays the aggregated metrics for the selected cluster to view a bigger picture of the system status.
+- **Cluster** — This is the default level. It displays the aggregated metrics for the selected cluster to view a bigger picture of the system status.
 
-- **Node** - Select the **Node** from the drop-down list at the top. It displays metrics for each node that composes a cluster. You can select one or more nodes using the drop-down button next to the node-level. If you select multi-node, it displays the metrics for each selected node on the chart using different colors. Also, it displays whether a node is primary or replica on the charts.
+- **Node** — Select the node from the list at the top to display metrics for each node that composes a cluster. You can select one or more nodes using the button next to the node level. Selecting multiple nodes displays the metrics for each selected node on the chart using a different color for each node. Also, it displays whether a node is primary or replica on the charts.
 
 ## Single-value charts
 
@@ -49,20 +49,20 @@ These charts display a specific single value based on the last value in the sele
 
 ## Historical charts
 
-By default, these charts displays the historical data of the last 15 minutes. To view the historical data of a particular time range, customize the time range using a time-range picker. These charts display key metrics in single-line and bar or multi-line and bar form. They provide a concise snapshot of the information such as:
+By default, these charts displays the historical data of the last 15 minutes. To view the historical data of a particular time range, customize the time range using a time-range picker. These charts display key metrics in single-line or multi-line form. They provide a concise snapshot of the information such as:
   - **Memory** (line chart) — The historical trend of memory usage percentage over a time period.
-  - **CPU** (bar chart) — The historical trend of CPU usage percentage over a time period.
-  - **Network activity** (multi-line chart) — The historical data transfer to and from the network card per second, over a time period.
-  - **Disk IOPS** (multi-line chart) — The historical trends in the number of reads, writes, and total operations on the disk per second, over a time period.
-  - **Transaction per second** (multi-line chart) — The historical trends in the number of transactions per second, over a time period.
+  - **CPU** (line chart) — The historical trend of CPU usage percentage over a time period.
+  - **Network activity** (line chart) — The historical data transfer to and from the network card per second, over a time period.
+  - **Disk IOPS** (line chart) — The historical trends in the number of reads, writes, and total operations on the disk per second, over a time period.
+  - **Transaction per second** (line chart) — The historical trends in the number of transactions per second, over a time period.
   - **Active connections** (line chart) — The current number of connections between the client applications and the Postgres cluster.
   - **Disk throughput** (line chart) — The amount of data transferred to and from the disk per second for the Postgres cluster.
   - **Database size** (line chart) — The amount of storage volume used by the Postgres cluster.
 
 
 ## Features for both types of charts
 
-All these charts have tools and features that help you to get more information about the metrics or the chart. The [time-range picker](#time-range-picker) helps with viewing the data on these charts for a specific time-range interval. The [different level](#different-level) helps to view the data on these charts at cluster and node-level. The [information tooltip](#information-tooltip) helps you to view the information for a particular chart. The [charts error state](#charts-error-state) helps you to find the error and provides the option to edit the configurations and fix the error.
+All these charts have tools and features that help you to get more information about the metrics or the chart. The [time-range picker](#time-range-picker) helps with viewing the data on these charts for a specific time-range interval. The [different level](#different-level) helps to view the data on these charts at cluster and node level. The [information tooltip](#information-tooltip) helps you to view the information for a particular chart. The [charts error state](#charts-error-state) helps you to find the error and provides the option to edit the configurations and fix the error.
 
 ### Time-range picker
 

product_docs/docs/pgd/3.7/bdr/catalogs.mdx

@@ -600,7 +600,6 @@ node.
 | node_local_dbname      | name    | Database name of the node                                                   |
 | pub_repsets            | text\[] | Deprecated column, always NULL, will be removed in 4.0                      |
 | sub_repsets            | text\[] | Deprecated column, always NULL, will be removed in 4.0                      |
-| set_repl_ops           | text    | Which operations does the default replication set replicate                 |
 | node_id                | oid     | The OID of the node                                                         |
 | node_group_id          | oid     | The OID of the BDR node group                                               |
 | if_id                  | oid     | The OID of the connection interface used by the node                        |

product_docs/docs/pgd/4/bdr/catalogs.mdx

@@ -616,7 +616,6 @@ node.
 | peer_target_state_name | text | State that the node is trying to reach (during join or promotion)           |
 | node_seq_id            | int4 | Sequence identifier of the node used for generating unique sequence numbers |
 | node_local_dbname      | name | Database name of the node                                                   |
-| set_repl_ops           | text | Which operations does the default replication set replicate                 |
 | node_id                | oid  | The OID of the node                                                         |
 | node_group_id          | oid  | The OID of the BDR node group                                               |
 

product_docs/docs/pgd/5/cli/installing_cli.mdx

@@ -11,9 +11,9 @@ By default, Trusted Postgres Architect installs and configures PGD CLI on each P
 
 ## Installing manually on Linux
 
-PGD CLI is installable from the EDB repositories, which you can access with your EDB account. Both PGD users and BigAnimal users, including those on a free trial, will have an EDB account and access to PGD CLI.
+PGD CLI is installable from the EDB repositories, which you can access with your EDB account. PGD users and BigAnimal users, including those on a free trial, have an EDB account and access to PGD CLI.
 
- These repositories require a token to enable downloads from them. To obtain your token, log in to [EDB Repos 2.0](https://www.enterprisedb.com/repos-downloads). If this is your first time visiting the EDB Repos 2.0 page, you must click 'Request Access' to generate your token. Once a generated token is available, click on the copy icon to copy it directly to your clipboard or click on the eye icon to view it.
+ These repositories require a token to enable downloads from them. To obtain your token, log in to [EDB Repos 2.0](https://www.enterprisedb.com/repos-downloads). If this is your first time visiting the EDB Repos 2.0 page, you must select **Request Access** to generate your token. Once a generated token is available, select the **Copy** icon to copy it to your clipboard, or select the eye icon to view it.
 
 Once you have the token, execute the command shown for your operating system, substituting
 your token for `<your-token>`. 

product_docs/docs/pgd/5/durability/commit-scopes.mdx

@@ -89,12 +89,28 @@ SELECT bdr.alter_node_group_option(
 );
 ```
 
+To completely clear the default for a group of sub-group, set the `default_commit_scope` value to `local`.
+
+```sql
+SELECT bdr.alter_node_group_option(
+  node_group_name := 'example_bdr_group',
+  config_key := 'default_commit_scope',
+  config_value := 'local'
+);
+```
+
 You can also do make this change using PGD cli:
 
 ```
 pgd set-group-options example-bdr-group --option default_commit_scope=example_scope
 ```
 
+And you can clear the default using PGD cli by setting the value to local:
+
+```
+pgd set-group-options example-bdr-group --option default_commit_scope=local
+```
+
 Finally, you can set the default commit_scope for a node using:
 
 ```sql

product_docs/docs/pgd/5/reference/catalogs-visible.mdx

@@ -514,6 +514,7 @@ user-readable details.
 | node_group_num_writers          | int      | Number of writers to use for subscriptions backing this node group                            |
 | node_group_enable_wal_decoder   | bool     | Whether the group has enable_wal_decoder set                                                  |
 | node_group_streaming_mode       | char     | Transaction streaming setting: 'O' - off, 'F' - file, 'W' - writer, 'A' - auto, 'D' - default |
+| node_group_default_commit_scope | oid      | ID of the node group's default commit scope                                                   |
 | node_group_location             | char     | Name of the location associated with the node group                                           |
 | node_group_enable_proxy_routing | char     | Whether the node group allows routing from `pgd-proxy`                                        |
 | node_group_enable_raft          | bool     | Whether the node group allows Raft Consensus                                                  |

product_docs/docs/pgd/5/reference/pgd-settings.mdx

@@ -601,11 +601,11 @@ is disabled. It defaults to -1.
 
 ## Internal settings - Other Raft values
 
-###   `bdr.raft_keep_min_entries`
+### `bdr.raft_keep_min_entries`
 
-The minimum number of entries to keep in the Raft log when doing log compaction 
-(default 100). The value of 0 disables log compaction. You can set this only at 
-Postgres server start.
+The minimum number of entries to keep in the Raft log when doing log compaction
+(default `1000`; PGD 5.3 and earlier: `100`). The value of `0` disables log
+compaction. You can set this only at Postgres server start.
 
 !!! Warning
 If log compaction is disabled, the log grows in size forever.

product_docs/docs/tde/15/enabling_tde.mdx

@@ -86,7 +86,7 @@ This example uses EDB Postgres Advanced Server 15 running on a Linux platform. I
    !!!note
       If you are on Windows you don't need the single quotes around the variable value.
 
-1. Initialize the cluster using `initdb` with encyrption enabled. This command sets the `data_encryption_key_unwrap_command` parameter in the postgresql.conf file.
+1. Initialize the cluster using `initdb` with encryption enabled. This command sets the `data_encryption_key_unwrap_command` parameter in the postgresql.conf file.
 
    ```shell
    /usr/edb/as15/bin/initdb --data-encryption -D /var/lib/edb/as15/data