diff --git a/advocacy_docs/security/advisories/cve.mdx.template b/advocacy_docs/security/advisories/cve.mdx.template index bea078ec99c..737e13f1c70 100644 --- a/advocacy_docs/security/advisories/cve.mdx.template +++ b/advocacy_docs/security/advisories/cve.mdx.template @@ -1,6 +1,7 @@ --- title: CVE Title navTitle: CVE ID as CVE-Year-Number +affectedProducts: one liner covering which products affected --- First Published: YYYY/MM/DD (ISO8601) diff --git a/advocacy_docs/security/advisories/cve20074639.mdx b/advocacy_docs/security/advisories/cve20074639.mdx index 87c6c3bb631..1c57efdc3c2 100644 --- a/advocacy_docs/security/advisories/cve20074639.mdx +++ b/advocacy_docs/security/advisories/cve20074639.mdx @@ -1,6 +1,7 @@ --- title: CVE-2007-4639 - EDB Advanced Server 8.2 improperly handles debugging function calls navTitle: CVE-2007-4639 +affectedProducts: EDB Advanced Server 8.2 --- First Published: 2007/08/31 @@ -13,10 +14,14 @@ EDB Postgres Advanced Server 8.2 (EPAS) does not properly handle certain debuggi ## Vulnerability details -CVE-ID: [CVE-2007-4639](https://nvd.nist.gov/vuln/detail/CVE-2007-4639) -CVSS Base Score: Undefined -CVSS Temporal Score: Undefined -CVSS Environmental Score: Undefined +CVE-ID: [CVE-2007-4639](https://nvd.nist.gov/vuln/detail/CVE-2007-4639) + +CVSS Base Score: Undefined + +CVSS Temporal Score: Undefined + +CVSS Environmental Score: Undefined + CVSS Vector: Undefined ## Affected products and versions diff --git a/advocacy_docs/security/advisories/cve201910128.mdx b/advocacy_docs/security/advisories/cve201910128.mdx index 1625190c580..d87a9c9da71 100644 --- a/advocacy_docs/security/advisories/cve201910128.mdx +++ b/advocacy_docs/security/advisories/cve201910128.mdx @@ -1,6 +1,7 @@ --- title: CVE-2019-10128 - EDB supplied PostgreSQL inherits ACL for installation directory navTitle: CVE-2019-10128 +affectedProducts: PostgreSQL --- First Published: 2021/03/19 @@ -13,10 +14,14 @@ A vulnerability was found in PostgreSQL versions 11.x prior to 11.3. The Windows ## Vulnerability details -CVE-ID: [CVE-2019-10128](https://nvd.nist.gov/vuln/detail/CVE-2019-10128) -CVSS Base Score: 7.8 -CVSS Temporal Score: Undefined -CVSS Environmental Score: Undefined +CVE-ID: [CVE-2019-10128](https://nvd.nist.gov/vuln/detail/CVE-2019-10128) + +CVSS Base Score: 7.8 + +CVSS Temporal Score: Undefined + +CVSS Environmental Score: Undefined + CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ## Affected products and versions diff --git a/advocacy_docs/security/advisories/cve202331043.mdx b/advocacy_docs/security/advisories/cve202331043.mdx index bbdace27441..1edaf3fd5c5 100644 --- a/advocacy_docs/security/advisories/cve202331043.mdx +++ b/advocacy_docs/security/advisories/cve202331043.mdx @@ -1,6 +1,7 @@ --- title: CVE-2023-31043 - EDB Postgres Advanced Server (EPAS) logs unredacted passwords prior to 14.6.0 navTitle: CVE-2023-31043 +affectedProducts: EDB Postgres Advanced Server 10.23.32 to 14.5.0 --- First Published: 2023/04/23 @@ -13,10 +14,14 @@ EDB Postgres Advanced Server (EPAS) versions before 14.6.0 log unredacted passwo ## Vulnerability details -CVE-ID: [CVE-2023-31043](https://nvd.nist.gov/vuln/detail/CVE-2023-31043) -CVSS Base Score: 7.5 -CVSS Temporal Score: Undefined -CVSS Environmental Score: Undefined +CVE-ID: [CVE-2023-31043](https://nvd.nist.gov/vuln/detail/CVE-2023-31043) + +CVSS Base Score: 7.5 + +CVSS Temporal Score: Undefined + +CVSS Environmental Score: Undefined + CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ## Affected products and versions diff --git a/advocacy_docs/security/advisories/cve202341113.mdx b/advocacy_docs/security/advisories/cve202341113.mdx index b81a774e300..085470c016b 100644 --- a/advocacy_docs/security/advisories/cve202341113.mdx +++ b/advocacy_docs/security/advisories/cve202341113.mdx @@ -1,6 +1,7 @@ --- title: CVE-2023-41113 - EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory() navTitle: CVE-2023-41113 +affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0 --- First Published: 2023/08/21 diff --git a/advocacy_docs/security/advisories/cve202341114.mdx b/advocacy_docs/security/advisories/cve202341114.mdx index c4dcb6de550..b4203893917 100644 --- a/advocacy_docs/security/advisories/cve202341114.mdx +++ b/advocacy_docs/security/advisories/cve202341114.mdx @@ -1,6 +1,7 @@ --- title: CVE-2023-41114 - EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL navTitle: CVE-2023-41114 +affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0 --- First Published: 2023/08/21 diff --git a/advocacy_docs/security/advisories/cve202341115.mdx b/advocacy_docs/security/advisories/cve202341115.mdx index 83c847237dd..e49f4cc7a0d 100644 --- a/advocacy_docs/security/advisories/cve202341115.mdx +++ b/advocacy_docs/security/advisories/cve202341115.mdx @@ -1,6 +1,7 @@ --- title: CVE-2023-41115 - EDB Postgres Advanced Server (EPAS) permission bypass for large objects navTitle: CVE-2023-41115 +affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0 --- First Published: 2023/08/21 diff --git a/advocacy_docs/security/advisories/cve202341116.mdx b/advocacy_docs/security/advisories/cve202341116.mdx index 13a342a4114..db07c04c79d 100644 --- a/advocacy_docs/security/advisories/cve202341116.mdx +++ b/advocacy_docs/security/advisories/cve202341116.mdx @@ -1,6 +1,7 @@ --- title: CVE-2023-41116 - EDB Postgres Advanced Server (EPAS) permission bypass for materialized views navTitle: CVE-2023-41116 +affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0 --- First Published: 2023/08/21 @@ -9,10 +10,7 @@ Last Updated: 2023/08/30 ## Summary -An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before -11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and -15.x before 15.4.0. It allows an authenticated user to refresh any materialized -view, regardless of that user's permissions. +An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions. ## Vulnerability details diff --git a/advocacy_docs/security/advisories/cve202341117.mdx b/advocacy_docs/security/advisories/cve202341117.mdx index 8fcbaacd774..288d7d8ca66 100644 --- a/advocacy_docs/security/advisories/cve202341117.mdx +++ b/advocacy_docs/security/advisories/cve202341117.mdx @@ -1,6 +1,7 @@ --- title: CVE-2023-41117 - EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path navTitle: CVE-2023-41117 +affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0 --- First Published: 2023/08/21 diff --git a/advocacy_docs/security/advisories/cve202341118.mdx b/advocacy_docs/security/advisories/cve202341118.mdx index 5953cc41dde..b9ce6888252 100644 --- a/advocacy_docs/security/advisories/cve202341118.mdx +++ b/advocacy_docs/security/advisories/cve202341118.mdx @@ -1,6 +1,7 @@ --- title: CVE-2023-41118 - EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass navTitle: CVE-2023-41118 +affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0 --- First Published: 2023/08/21 diff --git a/advocacy_docs/security/advisories/cve202341119.mdx b/advocacy_docs/security/advisories/cve202341119.mdx index ca40495a3ec..6c1052adba8 100644 --- a/advocacy_docs/security/advisories/cve202341119.mdx +++ b/advocacy_docs/security/advisories/cve202341119.mdx @@ -1,6 +1,7 @@ --- title: CVE-2023-41119 - EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser navTitle: CVE-2023-41119 +affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0 --- First Published: 2023/08/21 diff --git a/advocacy_docs/security/advisories/cve202341120.mdx b/advocacy_docs/security/advisories/cve202341120.mdx index fb9c0411444..a1f82346248 100644 --- a/advocacy_docs/security/advisories/cve202341120.mdx +++ b/advocacy_docs/security/advisories/cve202341120.mdx @@ -1,6 +1,7 @@ --- title: CVE-2023-41120 - EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission navTitle: CVE-2023-41120 +affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0 --- First Published: 2023/08/21 diff --git a/advocacy_docs/security/advisories/index.mdx b/advocacy_docs/security/advisories/index.mdx index 9501d20e4ff..0b7733b715f 100644 --- a/advocacy_docs/security/advisories/index.mdx +++ b/advocacy_docs/security/advisories/index.mdx @@ -1,4 +1,5 @@ --- +WARNING: THIS IS AN AUTOMATICALLY GENERATED FILE - DO NOT MANUALLY EDIT - SEE tools/automation/generators/advisoryindex title: EDB Security Advisories navTitle: Advisories iconName: Security @@ -18,18 +19,25 @@ navigation: - cve20074639 --- -## Updated 2023 + + + + + + + +

Updated 2023

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -
-

CVE-2023-41120

+

CVE-2023-41120

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission -

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  @@ -38,31 +46,37 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1 Read More...
-

CVE-2023-41119

+

CVE-2023-41119

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser -

-
All EnterpriseDB Postgres Advanced Server (EPAS) versions prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands.
Read More... -
-
-

CVE-2023-41118

+

CVE-2023-41118

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass -

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

Summary:  An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete. @@ -70,30 +84,36 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1 Read More...
-

CVE-2023-41117

+

CVE-2023-41117

  Read Advisory   Updated: 2023/08/30

EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.
Read More... -
-
-

CVE-2023-41116

+

CVE-2023-41116

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) permission bypass for materialized views -

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) permission bypass for materialized views

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  @@ -102,14 +122,17 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1 Read More...
-

CVE-2023-41115

+

CVE-2023-41115

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) permission bypass for large objects -

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) permission bypass for large objects

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  @@ -119,14 +142,16 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1
-

CVE-2023-41114

+

CVE-2023-41114

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL -

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  @@ -135,32 +160,36 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1 Read More...
-

CVE-2023-41113

+

CVE-2023-41113

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory() -

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory()

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents (regardless of permissions). This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections. -
+
Read More... -
-
-

CVE-2023-31043

+

CVE-2023-31043

  Read Advisory   Updated: 2023/05/02 -

EDB Postgres Advanced Server (EPAS) logs unredacted passwords prior to 14.6.0 -

-
EDB Postgres Advanced Server 10.23.32 to 14.5.0
+

EDB Postgres Advanced Server (EPAS) logs unredacted passwords prior to 14.6.0

+
EDB Postgres Advanced Server 10.23.32 to 14.5.0

Summary:  @@ -168,43 +197,54 @@ EDB Postgres Advanced Server (EPAS) versions before 14.6.0 log unredacted passwo
Read More...
-## Updated 2022 - + + +
+

Updated 2022

+ + + + -
-

CVE-2019-10128

+

CVE-2019-10128

  Read Advisory   Updated: 2022/01/01 -

EDB supplied PostgreSQL inherits ACL for installation directory -

-
PostgreSQL
+

EDB supplied PostgreSQL inherits ACL for installation directory

+
PostgreSQL

Summary:  -A vulnerability was found in PostgreSQL versions 11.x prior to 11.3. The Windows installer for EDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. +A vulnerability was found in PostgreSQL versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.
Read More...
-## Updated 2018 - + + +
+

Updated 2018

+ + + +
-

CVE-2007-4639

+

CVE-2007-4639

  Read Advisory   Updated: 2018/10/15 -

EDB Advanced Server 8.2 improperly handles debugging function calls -

-
EDB Postgres Advanced Server version 8.2
+

EDB Advanced Server 8.2 improperly handles debugging function calls

+
EDB Advanced Server 8.2

Summary:  -EDB Postgres Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.
+EDB Postgres Advanced Server 8.2 (EPAS) does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer. +
Read More... -
+ + + diff --git a/advocacy_docs/security/index.mdx b/advocacy_docs/security/index.mdx index 4dccdc88fbc..10992ea9b62 100644 --- a/advocacy_docs/security/index.mdx +++ b/advocacy_docs/security/index.mdx @@ -1,4 +1,5 @@ --- +WARNING: THIS IS AN AUTOMATICALLY GENERATED FILE - DO NOT MANUALLY EDIT - SEE tools/automation/generators/advisoryindex title: EDB Security navTitle: EDB Security directoryDefaults: @@ -24,14 +25,15 @@ This policy outlines how EnterpriseDB handles disclosures related to suspected v ## Most Recent Advisories + + + + + + + + - - - - - - - + + +
-

CVE-2023-41120

+

CVE-2023-41120

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission -

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  @@ -40,31 +42,31 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1 Read More...
-

CVE-2023-41119

+

CVE-2023-41119

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser -

-
All EnterpriseDB Postgres Advanced Server (EPAS) versions prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands.
Read More... -
-
-

CVE-2023-41118

+

CVE-2023-41118

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass -

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

Summary:  An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete. @@ -72,31 +74,30 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1 Read More...
-

CVE-2023-41117

+

CVE-2023-41117

  Read Advisory   Updated: 2023/08/30

EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.
Read More... -
-
-

CVE-2023-41116

+

CVE-2023-41116

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) permission bypass for materialized views -

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) permission bypass for materialized views

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  @@ -105,14 +106,14 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1 Read More...
-

CVE-2023-41115

+

CVE-2023-41115

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) permission bypass for large objects -

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) permission bypass for large objects

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  @@ -122,21 +123,13 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1
-

CVE-2023-41114

+

CVE-2023-41114

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL -

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  @@ -147,30 +140,28 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1
-

CVE-2023-41113

+

CVE-2023-41113

  Read Advisory   Updated: 2023/08/30 -

EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory() -

-
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
+

EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory()

+
All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0

Summary:  An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents (regardless of permissions). This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections.
Read More... -
-
-

CVE-2023-31043

+

CVE-2023-31043

  Read Advisory   Updated: 2023/05/02 -

EDB Postgres Advanced Server (EPAS) logs unredacted passwords prior to 14.6.0 -

-
EDB Postgres Advanced Server 10.23.32 to 14.5.0
+

EDB Postgres Advanced Server (EPAS) logs unredacted passwords prior to 14.6.0

+
EDB Postgres Advanced Server 10.23.32 to 14.5.0

Summary:  @@ -178,4 +169,6 @@ EDB Postgres Advanced Server (EPAS) versions before 14.6.0 log unredacted passwo
Read More...
+ diff --git a/advocacy_docs/security/templates/advisoriesindex.njs b/advocacy_docs/security/templates/advisoriesindex.njs new file mode 100755 index 00000000000..07449f319a6 --- /dev/null +++ b/advocacy_docs/security/templates/advisoriesindex.njs @@ -0,0 +1,40 @@ +--- +WARNING: THIS IS AN AUTOMATICALLY GENERATED FILE - DO NOT MANUALLY EDIT - SEE tools/automation/generators/advisoryindex +title: EDB Security Advisories +navTitle: Advisories +iconName: Security +hideKBLink: true +hideToC: false +navigation:{% for cve in cvesorted %} +- {{ cve }}{% endfor %} +--- + +{% set updatedYear = -1 %} + +{% for cve in cvesorted %} +{% set thiscve = cves[cve] %} +{% set lastUpdatedYear = thiscve.open.last_updated.slice(0,4) %} +{% if lastUpdatedYear != updatedYear %} +{% if updatedYear != -1 %}{% endif %} +

Updated {{ lastUpdatedYear }}

+{% set updatedYear = lastUpdatedYear %} + +{% endif %} + + +{% endfor %} +
+

{{ thiscve.vulnerability_details.cve_id }}

+ +  Read Advisory +  Updated: {{ thiscve.open.last_updated }} +

{{ thiscve.frontmatter.title }}

+
{{ thiscve.frontmatter.affectedProducts }}
+
+
+Summary:  +{{ thiscve.summary[0].replaceAll(r/`([^`]*)`/g,"$1") }} +
+Read More... +
+ diff --git a/advocacy_docs/security/templates/securityindex.njs b/advocacy_docs/security/templates/securityindex.njs new file mode 100755 index 00000000000..adb91f287be --- /dev/null +++ b/advocacy_docs/security/templates/securityindex.njs @@ -0,0 +1,46 @@ +--- +WARNING: THIS IS AN AUTOMATICALLY GENERATED FILE - DO NOT MANUALLY EDIT - SEE tools/automation/generators/advisoryindex +title: EDB Security +navTitle: EDB Security +directoryDefaults: + iconName: Security + indexCards: none + hideKBLink: true +navigation: + - vulnerability-disclosure-policy + - advisories +--- + +EDB is committed to a security first approach, from the products we build and the platforms we operate, to the services we provide our customers. Transparency is a core principle for the program and part of this effort includes welcoming incoming reports so that we can address concerns surfaced by our customers or security researchers. You’ll also find it in our advisories, which detail issues found and the required fixes or mitigations needed to keep your data and databases safe. + +## Policies + +*

EDB Vulnerability Disclosure Policy

+This policy outlines how EnterpriseDB handles disclosures related to suspected vulnerabilities within our products, systems, or services. It also provides guidance for those who wish to perform security research, or may have discovered a potential security vulnerability impacting EDB. + +## Advisories + +*

Full list of advisories issued

+ +## Most Recent Advisories + + +{% for cve in shortcvelist %} +{% set thiscve = cves[cve] %} + +{% endfor %} +
+

{{ thiscve.vulnerability_details.cve_id }}

+ +  Read Advisory +  Updated: {{ thiscve.open.last_updated }} +

{{ thiscve.frontmatter.title }}

+
{{ thiscve.frontmatter.affectedProducts }}
+
+
+Summary:  +{{ thiscve.summary[0].replaceAll(r/`([^`]*)`/g,"$1") }} +
+Read More... +
+ diff --git a/install_template/templates/products/hadoop-foreign-data-wrapper/rhel-8-or-ol-8.njk b/install_template/templates/products/hadoop-foreign-data-wrapper/rhel-8-or-ol-8.njk index 638eb914d0a..e88a7769cfd 100644 --- a/install_template/templates/products/hadoop-foreign-data-wrapper/rhel-8-or-ol-8.njk +++ b/install_template/templates/products/hadoop-foreign-data-wrapper/rhel-8-or-ol-8.njk @@ -3,7 +3,7 @@ {% block prerequisites %} {{ super() }} - Enable additional repositories to resolve dependencies: - ```shell + ```shell sudo dnf config-manager --set-enabled PowerTools ``` {% endblock prerequisites %} \ No newline at end of file diff --git a/install_template/templates/products/hadoop-foreign-data-wrapper/rhel-9-or-ol-9.njk b/install_template/templates/products/hadoop-foreign-data-wrapper/rhel-9-or-ol-9.njk index 32cd6baa6e2..11d9017285f 100644 --- a/install_template/templates/products/hadoop-foreign-data-wrapper/rhel-9-or-ol-9.njk +++ b/install_template/templates/products/hadoop-foreign-data-wrapper/rhel-9-or-ol-9.njk @@ -3,7 +3,7 @@ {% block prerequisites %} {{ super() }} - Enable additional repositories to resolve dependencies: - ```shell + ```shell sudo dnf config-manager --set-enabled PowerTools ``` {% endblock prerequisites %} \ No newline at end of file diff --git a/install_template/templates/products/mysql-foreign-data-wrapper/debian-10.njk b/install_template/templates/products/mysql-foreign-data-wrapper/debian-10.njk index 17aef377faf..4462138a26d 100644 --- a/install_template/templates/products/mysql-foreign-data-wrapper/debian-10.njk +++ b/install_template/templates/products/mysql-foreign-data-wrapper/debian-10.njk @@ -2,8 +2,9 @@ {% set platformBaseTemplate = "debian-10" %} {% block prerequisites %} {{ super() }} -- Download the GPG key to your APT keyring directly using the apt-key utility: - ```shell + +- Download the GPG key to your APT keyring directly using the apt-key utility + ```shell sudo apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29 ``` - Install and configure the MySQL repo: diff --git a/product_docs/docs/biganimal/release/using_cluster/02_connecting_your_cluster/02_connecting_from_aws/02_vpc_peering.mdx b/product_docs/docs/biganimal/release/using_cluster/02_connecting_your_cluster/02_connecting_from_aws/02_vpc_peering.mdx index 34682bdda81..f80ffd39c6b 100644 --- a/product_docs/docs/biganimal/release/using_cluster/02_connecting_your_cluster/02_connecting_from_aws/02_vpc_peering.mdx +++ b/product_docs/docs/biganimal/release/using_cluster/02_connecting_your_cluster/02_connecting_from_aws/02_vpc_peering.mdx @@ -97,7 +97,7 @@ You can create a VPC peering connection with a VPC in the same region or a diffe 1. Access the cluster with its domain name from your cluster's connection string. It's accessible from `vpc-client` after peering. - ```shell + ```shell psql -h vpce-XXXXXXXXXXXXXXXXXXXX.eu-west-1.vpce.amazonaws.com -U edb_admin __OUTPUT__ Password for user edb_admin: @@ -139,7 +139,7 @@ You can create a VPC peering connection with a VPC in the same region or a diffe 1. Access the cluster with its domain name from your cluster's connection string. It's accessible from `vpc-client` after peering. - ```shell + ```shell psql -h vpce-XXXXXXXXXXXXXXXXXXXX.eu-west-1.vpce.amazonaws.com -U edb_admin __OUTPUT__ Password for user edb_admin: diff --git a/product_docs/docs/biganimal/release/using_cluster/06_analyze_with_superset.mdx b/product_docs/docs/biganimal/release/using_cluster/06_analyze_with_superset.mdx index a1d6a40403f..cecf5a2d7c9 100644 --- a/product_docs/docs/biganimal/release/using_cluster/06_analyze_with_superset.mdx +++ b/product_docs/docs/biganimal/release/using_cluster/06_analyze_with_superset.mdx @@ -30,7 +30,7 @@ To connect to a BigAnimal cluster: 2. Select **Analyze > Connections**. 3. Select **+ Database**. 4. In the Add Database dialog box, enter a value for **Database Name**. -5. To connect to the database, you need database user with a password.Enter the connection string for your cluster in the **SQLALCHEMY URI** field, using the following format: +5. To connect to the database, you need database user with a password. Enter the connection string for your cluster in the **SQLALCHEMY URI** field, using the following format: `postgresql://{}:{}@{}:{}/{}?sslmode=verify-full` !!!note diff --git a/product_docs/docs/efm/4/upgrading.mdx b/product_docs/docs/efm/4/upgrading.mdx index d8064ddd1db..939d8175781 100644 --- a/product_docs/docs/efm/4/upgrading.mdx +++ b/product_docs/docs/efm/4/upgrading.mdx @@ -26,9 +26,6 @@ Failover Manager provides a utility to assist you when upgrading a cluster manag 3. Modify the `.properties` and `.nodes` files for Failover Manager 4.7, specifying any new preferences. Use your choice of editor to modify any additional properties in the properties file (located in the `/etc/edb/efm-4.7` directory) before starting the service for that node. For detailed information about property settings, see [The cluster properties file](04_configuring_efm/01_cluster_properties/#cluster_properties). -!!! Note - `db.bin` is a required property. When modifying the properties file, ensure that the `db.bin` property specifies the location of the Postgres `bin` directory. - 4. If you're using Eager Failover, you must disable it before stopping the Failover Manager cluster. For more information, see [Disabling Eager Failover](04_configuring_efm/06_configuring_for_eager_failover/#disabling-eager-failover). 5. Use a version-specific command to stop the old Failover Manager cluster. For example, you can use the following command to stop a version 4.4 cluster: @@ -54,9 +51,6 @@ Upgrade of files is finished. The owner and group for properties and nodes files If you're [using a Failover Manager configuration without sudo](04_configuring_efm/04_extending_efm_permissions/#running_efm_without_sudo), include the `-source` flag and specify the name of the directory in which the configuration files reside when invoking `upgrade-conf`. If the directory isn't the configuration default directory, the upgraded files are created in the directory from which the `upgrade-conf` command was invoked. -!!! Note - If you're using a unit file, manually update the file to reflect the new Failover Manager service name when you perform an upgrade. - ## Uninstalling Failover Manager !!! Note diff --git a/product_docs/docs/eprs/7/07_common_operations/11_using_ssl_connections.mdx b/product_docs/docs/eprs/7/07_common_operations/11_using_ssl_connections.mdx index 54992a92987..d781b3ca390 100644 --- a/product_docs/docs/eprs/7/07_common_operations/11_using_ssl_connections.mdx +++ b/product_docs/docs/eprs/7/07_common_operations/11_using_ssl_connections.mdx @@ -274,7 +274,7 @@ Before you begin, configure the client for SSL with trigger mode. For this example, assume file `xdb.crt` is a copy of `server.crt` and `xdb.key` is a copy of `server.key`. If you generated the server certificate with `CN=hostname/ip-address`, create xdb.keystore/xdb_pkcs.p12 with the `postgresql.crt` and `postgresql.ke`y client files as created with `CN=username` using the following commands : - ```shell + ```shell $ cp postgresql.crt xdb.crt $ cp postgresql.key xdb.key ``` diff --git a/product_docs/docs/pgd/5/quickstart/connecting_applications.mdx b/product_docs/docs/pgd/5/quickstart/connecting_applications.mdx index e1c71bb63e4..af13cf1f1e1 100644 --- a/product_docs/docs/pgd/5/quickstart/connecting_applications.mdx +++ b/product_docs/docs/pgd/5/quickstart/connecting_applications.mdx @@ -158,7 +158,7 @@ bdrdb=# By listing all the addresses of proxies as the host, you can ensure that the client will always failover and connect to the first available proxy in the event of a proxy failing. -```shell +```shell psql -h ,, -U enterprisedb -p 6432 bdrdb __OUTPUT__ psql (15.2, server 15.2.0 (Debian 15.2.0-2.buster)) diff --git a/product_docs/docs/tpa/23/reference/INSTALL-repo.mdx b/product_docs/docs/tpa/23/INSTALL-repo.mdx similarity index 52% rename from product_docs/docs/tpa/23/reference/INSTALL-repo.mdx rename to product_docs/docs/tpa/23/INSTALL-repo.mdx index 63d1b3f5010..28f1ac0ce2a 100644 --- a/product_docs/docs/tpa/23/reference/INSTALL-repo.mdx +++ b/product_docs/docs/tpa/23/INSTALL-repo.mdx @@ -1,4 +1,5 @@ --- +navTitle: Install from Source title: Installing TPA from source originalFilePath: INSTALL-repo.md @@ -9,78 +10,62 @@ repository. !!! Note - EDB customers must [install TPA from packages](../INSTALL/) in + EDB customers must [install TPA from packages](INSTALL/) in order to receive EDB support for the software. To run TPA from source, you must install all of the dependencies (e.g., Python 3.6+) that the packages would handle for you, or download -the source and [run TPA in a Docker container](INSTALL-docker/). +the source and [run TPA in a Docker container](reference/INSTALL-docker/). (Either way will work fine on Linux and macOS.) ## Quickstart -First, you must install the various dependencies that would have been -installed automatically along with the TPA packages. (You can use -something other than `sudo` to run these commands as root, if you -prefer.) +First, you must install the various dependencies Python 3, Python +venv, git, openvpn and patch. Installing from EDB repositories would +would install these automatically along with the TPA +packages. -```bash -# Debian or Ubuntu -$ sudo apt-get install python3 python3-pip python3-venv \ - git openvpn patch +Before you install TPA, you must install the required packages: -# RedHat, Rocky or AlmaLinux (python3 for RHEL7, python36 for RHEL8) -$ sudo yum install python36 python3-pip \ - epel-release git openvpn patch +- **Debian/Ubuntu**
`sudo apt-get install python3 python3-pip python3-venv git openvpn patch` +- **Redhat, Rocky or AlmaLinux (RHEL7)**
`sudo yum install python3 python3-pip epel-release git openvpn patch` +- **Redhat, Rocky or AlmaLinux (RHEL8)**
`sudo yum install python36 python3-pip epel-release git openvpn patch` -# MacOS X -$ brew tap discoteq/discoteq -$ brew install python@3 openvpn flock coreutils gpatch git -``` +## Clone and setup -Next, install TPA itself: +With prerequisites installed, you can now clone the repository. -```bash -$ git clone ssh://git@github.com/EnterpriseDB/tpa.git -$ ./tpa/bin/tpaexec setup -$ ./tpa/bin/tpaexec selftest ``` +git clone https://github.com/enterprisedb/tpa.git ~/tpa +``` + +This creates a `tpa` directory in your home directory. + +If you prefer to checkout with ssh use:
-## Step-by-step +``` +git clone ssh://git@github.com/EnterpriseDB/tpa.git ~/tpa +``` -Install the various dependencies as described above. +Add the bin directory, found within in your newly created clone, to your path with: -If your system does not have Python 3.6+ packages, you can use `pyenv` -to install a more recent Python in your home directory (see below), or -you can [run TPA in a Docker container](INSTALL-docker/). +`export PATH=$PATH:$HOME/tpa/bin` -Next, clone the TPA repository into, say, `~/tpa`. (It doesn't -matter where you put it, but don't use `/opt/EDB/TPA` or -`/opt/2ndQuadrant/TPA`, to avoid conflicts if you install the TPA -packages in future.) +Add this line to your `.bashrc` file (or other profile file for your preferred shell). -```bash -$ git clone ssh://git@github.com/EnterpriseDB/tpa.git ~/tpa -``` +You can now create a working tpa environment by running: -(If you're installing from source, please clone the repository instead -of downloading an archive of the source.) +`tpaexec setup` -The remaining steps are the same as if you had installed the package. +This will create the Python virtual environment that TPA will use in future. All needed packages are installed in this environment. To test this configured correctly, run the following: -```bash -# Add tpaexec to your PATH for convenience -# (Put this in your ~/.bashrc too) -$ export PATH=$PATH:$HOME/tpa/bin +`tpaexec selftest` -$ tpaexec setup -$ tpaexec selftest -``` +You now have tpaexec installed. -If the self-test completes without any errors, your TPA installation -is ready for use. +## Dependencies -## Python 3.6+ +### Python 3.6+ TPA requires Python 3.6 or later, available on most modern distributions. If you don't have it, you can use @@ -112,7 +97,7 @@ If you were not already using pyenv, please remember to add `pyenv` to your PATH in .bashrc and call `eval "$(pyenv init -)"` as described in the [pyenv documentation](https://github.com/pyenv/pyenv#installation). -## Virtual environment options +### Virtual environment options By default, `tpaexec setup` will use the builtin Python 3 `-m venv` to create a venv under `$TPA_DIR/tpa-venv`, and activate it diff --git a/product_docs/docs/tpa/23/INSTALL.mdx b/product_docs/docs/tpa/23/INSTALL.mdx index 6398a34f496..f7967e3f294 100644 --- a/product_docs/docs/tpa/23/INSTALL.mdx +++ b/product_docs/docs/tpa/23/INSTALL.mdx @@ -10,7 +10,7 @@ To use TPA, you need to install from packages or source and run the packages. If you have an EDB subscription plan, and therefore have access to the EDB repositories, you should follow these instructions. To install TPA from source, please refer to -[Installing TPA from Source](reference/INSTALL-repo/). +[Installing TPA from Source](INSTALL-repo/). See [Distribution support](reference/distributions/) for information on what platforms are supported. diff --git a/product_docs/docs/tpa/23/firstclusterdeployment.mdx b/product_docs/docs/tpa/23/firstclusterdeployment.mdx new file mode 100644 index 00000000000..3656599e79a --- /dev/null +++ b/product_docs/docs/tpa/23/firstclusterdeployment.mdx @@ -0,0 +1,222 @@ +--- +navTitle: Tutorial +title: A First Cluster Deployment +originalFilePath: firstclusterdeployment.md + +--- + +In this short tutorial, we are going to work through deploying a simple [M1 architecture](architecture-M1/) deployment onto a local Docker installation. By the end you will have four containers, one primary database, two replicas and a backup node, configured and ready for you to explore. + +For this example, we will run TPA on an Ubuntu system, but the considerations are similar for most Linux systems. + +### Installing TPA + +If you're an EDB customer, you'll want to follow the [EDB Repo instructions](INSTALL/) which will install the TPA packages straight from EDB's repositories. + +If you are an open source user of TPA, there's [instructions on how to build from the source](INSTALL-repo/) which you can download from Github.com. + +Follow those guides and then return here. + +### Installing Docker + +As we said, We are going to deploy the example deployment onto Docker and unless you already have Docker installed we'll need to set that up. + +On Debian or Ubuntu, install Docker by running: + +``` +sudo apt update +sudo apt install docker.io +``` + +For other Linux distributions, consult the [Docker Engine Install page](https://docs.docker.com/engine/install/). + +You will want to add your user to the docker group with: + +``` +sudo usermod -aG docker +newgrp docker +``` + +### CgroupVersion + +Currently, TPA requires Cgroups Version 1 be configured on your system, + +Run: + +``` +mount | grep cgroup | head -1 +``` + +and if you do not see a reference to `tmpfs` in the output, you'll need to disable cgroups v2. + +Run: + +``` +echo 'GRUB_CMDLINE_LINUX=systemd.unified_cgroup_hierarchy=false' | sudo tee /etc/default/grub.d/cgroup.cfg +``` + +To make the appropriate changes, then update Grub and reboot your system with: + +``` +sudo update-grub +sudo reboot +``` + +!!! Warning + + Giving a user the ability to speak to the Docker daemon + lets them trivially gain root on the Docker host. Only trusted users + should have access to the Docker daemon. + +### Creating a configuration with TPA + +The next step in this process is to create a configuration. TPA does most of the work for you through its `configure` command. All you have to do is supply command line flags and options to select, in broad terms, what you want to deploy. Here's our `tpaexec configure` command: + +``` +tpaexec configure demo --architecture M1 --platform docker --postgresql 15 --enable-repmgr --no-git +``` + +This creates a configuration called `demo` which has the [M1 architecture](architecture-M1/). It will therefore have a primary, replica and backup node. + +The `--platform docker` tells TPA that this configuration should be created on a local Docker instance; it will provision all the containers and OS requirements. Other platforms include [AWS](platform-aws), which does the same with Amazon Web Services and [Bare](platform-bare), which skips to operating system provisioning and goes straight to installing software on already configured Linux hosts. + +With `--postgresql 15`, we instruct TPA to use Community Postgres, version 15. There are several options here in terms of selecting software, but this is the most straightforward default for open-source users. + +Adding `--enable-repmgr` tells TPA to use configure the deployment to use [Replication Manager](https://www.repmgr.org/) to hand replication and failover. + +Finally, `--no-git` turns off the feature in TPA which allows you to revision control your configuration through git. + +Run this command, and apparently, nothing will happen on the command line. But you will find a directory called `demo` has been created containing some files including a `config.yml` file which is a blueprint for our new deployment. + +## Provisioning the deployment + +Now we are ready to create the containers (or virtual machines) on which we will run our new deployment. This can be achieved with the `provision` command. Run: + +``` +tpaexec provision demo +``` + +You will see TPA work through the various operations needed to prepare for deployment of your configuration. + +## Deploying + +Once provisioned, you can move on to deployment. This installs, if needed, operating systems and system packages. It then installs the requested Postgres architecture and performs all the needed configuration. + +``` +tpaexec deploy demo +``` + +You will see TPA work through the various operations needed to deploy your configuration. + +## Testing + +You can quickly test your newly deployed configuration using the tpaexec `test` command which will run pgbench on your new database. + +``` +tpaexec test demo +``` + +## Connecting + +To get to a psql prompt, the simplest route is to log into one of the containers (or VMs or host depending on configuration) using docker or SSH. Run + +``` +tpaexec ping demo +``` + +to ping all the connectable hosts in the deployment: You will get output that looks something like: + +``` +$ tpaexec ping demo +unfair | SUCCESS => { + "changed": false, + "ping": "pong" +} +uptake | SUCCESS => { + "changed": false, + "ping": "pong" +} +quondam | SUCCESS => { + "changed": false, + "ping": "pong" +} +uptight | SUCCESS => { + "changed": false, + "ping": "pong" +} +``` + +Select one of the nodes which responded with `SUCCESS`. We shall use `uptake` for this example. + +If you are only planning on using docker, use the command `docker exec -it uptake /bin/bash`, substituting in the appropriate hostname. + +Another option, that works with all types of TPA deployment is to use SSH. To do that, first change current directory to the created configuration directory. + +For example, our configuration is called demo, so we go to that directory. In there, we run `ssh -F ssh_config ourhostname` to connect. + +``` +cd demo +ssh -F ssh_config uptake +Last login: Wed Sep 6 10:08:01 2023 from 172.17.0.1 +[root@uptake ~]# +``` + +In both cases, you will be logged in as a root user on the container. + +We can now change user to the `postgres` user using `sudo -iu postgres`. As `postgres` we can run `psql`. TPA has already configured that user with a `.pgpass` file so there's no need to present a password. + +``` +[root@uptake ~]# +postgres@uptake:~ $ psql +psql (15.4) +Type "help" for help. + +postgres=# +``` + +And we are connected to our database. + +You can connect from the host system without SSHing into one of the containers. Obtain the IP address of the host you want to connect to from the `ssh_config` file. + +``` +$ grep "^ *Host" demo/ssh_config +Host * +Host uptight + HostName 172.17.0.9 +Host unfair + HostName 172.17.0.4 +Host quondam + HostName 172.17.0.10 +Host uptake + HostName 172.17.0.11 +``` + +We are going to connect to uptake, so the IP address is 172.17.0.11. + +You will also need to retrieve the password for the postgres user too. Run `tpaexec show-password demo postgres` to get the stored password from the system. + +``` +tpaexec show-password demo postgres +a9LmI1X^uMOpPoEnLuRdL%L$oRQak3om +``` + +Assuming you have a Postgresql client installed, you can then run: + +``` +psql --host 172.17.0.11 -U postgres +Password for user postgres: +``` + +Enter the password you previously retrieved. + +``` +psql (14.9 (Ubuntu 14.9-0ubuntu0.22.04.1), server 15.4) +WARNING: psql major version 14, server major version 15. + Some psql features might not work. +SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off) +Type "help" for help. + +postgres=# +``` + +You are now connected from the Docker host to Postgres running in one of the TPA deployed Docker containers. diff --git a/product_docs/docs/tpa/23/index.mdx b/product_docs/docs/tpa/23/index.mdx index f7dfb75ecfb..06019dc8b2b 100644 --- a/product_docs/docs/tpa/23/index.mdx +++ b/product_docs/docs/tpa/23/index.mdx @@ -3,7 +3,10 @@ navigation: - index - rel_notes - INSTALL + - opensourcetpa + - INSTALL-repo - '#Creating a cluster' + - firstclusterdeployment - tpaexec-configure - tpaexec-provision - tpaexec-deploy diff --git a/product_docs/docs/tpa/23/opensourcetpa.mdx b/product_docs/docs/tpa/23/opensourcetpa.mdx new file mode 100644 index 00000000000..831ed557ee5 --- /dev/null +++ b/product_docs/docs/tpa/23/opensourcetpa.mdx @@ -0,0 +1,32 @@ +--- +navTitle: Open Source +title: Open source TPA +originalFilePath: opensourcetpa.md + +--- + +## What is Trusted Postgres Architect (TPA)? + +TPA is an orchestration tool developed by [EnterpriseDB (EDB)](https://www.enterprisedb.com/) that uses Ansible to deploy Postgres clusters according to EDB's recommendations. + +TPA embodies the best practices followed by EDB, informed by many years of hard-earned experience with deploying and supporting Postgres. These recommendations are as applicable to quick testbed setups as to production environments. + +## Next Steps + +- [Installing TPA from Source](INSTALL-repo/) +- [Deploying your first cluster](firstclusterdeployment/) +- [TPA's full documentation online](https://www.enterprisedb.com/docs/tpa/latest/) + +## TPA Open Source FAQs + +### Can I use this if I'm not an EDB customer? + +Yes, TPA is an open source project under the GPLv3 license. It supports deploying clusters comprised of open source software, or EDB's proprietary products, or combinations. + +### Can I report an issue? + +Yes, if you're an EDB customer then please contact support. Otherwise please open a GitHub Issue. + +### Can I contribute? + +Sure, we'd love to hear from you but please open an issue before you start coding. We are quite selective with what TPA can/should do so bug fixes are more likely to get accepted than new features. diff --git a/product_docs/docs/tpa/23/reference/INSTALL-docker.mdx b/product_docs/docs/tpa/23/reference/INSTALL-docker.mdx index 34b1b2be4cd..c96498b79ba 100644 --- a/product_docs/docs/tpa/23/reference/INSTALL-docker.mdx +++ b/product_docs/docs/tpa/23/reference/INSTALL-docker.mdx @@ -6,7 +6,7 @@ originalFilePath: INSTALL-docker.md If you are using a system for which there are no [TPA packages](../INSTALL/) available, and it's difficult to run TPA after -[installing from source](INSTALL-repo/) (for example, because it's not +[installing from source](../INSTALL-repo/) (for example, because it's not easy to obtain a working Python 3.6+ interpreter), your last resort may be to build a Docker image and run TPA inside a Docker container. diff --git a/product_docs/docs/tpa/23/reference/tpaexec-support.mdx b/product_docs/docs/tpa/23/reference/tpaexec-support.mdx index 383ead3df73..196c050140f 100644 --- a/product_docs/docs/tpa/23/reference/tpaexec-support.mdx +++ b/product_docs/docs/tpa/23/reference/tpaexec-support.mdx @@ -11,9 +11,9 @@ originalFilePath: tpaexec-support.md TPA can install and configure the following major components. -- Postgres 15, 14, 13, 12, 11 +- Postgres 16, 15, 14, 13, 12, 11 -- EPAS (EDB Postgres Advanced Server) 15, 14, 13, 12 +- EPAS (EDB Postgres Advanced Server) 16, 15, 14, 13, 12 - PGD 5, 4, 3.7 diff --git a/product_docs/docs/tpa/23/rel_notes/index.mdx b/product_docs/docs/tpa/23/rel_notes/index.mdx index a0aad80b43e..c35d67d7f63 100644 --- a/product_docs/docs/tpa/23/rel_notes/index.mdx +++ b/product_docs/docs/tpa/23/rel_notes/index.mdx @@ -2,6 +2,7 @@ title: Trusted Postgres Architect release notes navTitle: "Release notes" navigation: + - tpa_23.23_rel_notes - tpa_23.22_rel_notes - tpa_23.21_rel_notes - tpa_23.20_rel_notes @@ -20,6 +21,7 @@ The Trusted Postgres Architect documentation describes the latest version of Tru | Version | Release date | | ---------------------------- | ------------ | +| [23.23](tpa_23.23_rel_notes) | 21 Sep 2023 | | [23.22](tpa_23.22_rel_notes) | 06 Sep 2023 | | [23.21](tpa_23.21_rel_notes) | 05 Sep 2023 | | [23.20](tpa_23.20_rel_notes) | 01 Aug 2023 | diff --git a/product_docs/docs/tpa/23/rel_notes/tpa_23.23_rel_notes.mdx b/product_docs/docs/tpa/23/rel_notes/tpa_23.23_rel_notes.mdx new file mode 100644 index 00000000000..14ea25356b6 --- /dev/null +++ b/product_docs/docs/tpa/23/rel_notes/tpa_23.23_rel_notes.mdx @@ -0,0 +1,23 @@ +--- +title: Trusted Postgres Architect 23.23 release notes +navTitle: "Version 23.23" +--- + +Released: 21 Sep 2023 + + +New features, enhancements, bug fixes, and other changes in Trusted Postgres Architect 23.23 include the following: + +| Type | Description | +| ---- |------------ | +| Enhancement | TPA now supports PostgreSQL 16. Please note, PostgreSQL 16 packages are not yet available in all supported repos, so not all configurations will work until this is the case. | +| Change | When Postgres 16 or above is selected, TPA will not add any 2ndQuadrant repos by default. TPA will explicitly set `tpa_2q_repositories: []` in this case. | +| Change | EFM is now configured to use JDK 11 by default on platforms where it is available. | +| Change | Where no EDB Repositories are use, TPA will not exclude any packages from PGDG (previously Barman and psycopg2 were excluded). | +| Change | Added package names for etcd and Patroni to support installation on SLES. | +| Bug Fix | Fixed an issue whereby Apache HTTPD service for PEM Server would not start on boot. | +| Bug Fix | Fixed an issue whereby pg_backup_api tests were run with incorrect permissions causing them to fail. | +| Bug Fix | Fixed an issue whereby Apache HTTPD service for pg_backup_api would not start on boot. | +| Bug Fix | Fixed an issue whereby `bdr.standby_slot_names` and `bdr.standby_slots_min_confirmed` checks used the incorrect schema on bdr3 clusters. | +| Bug Fix | Fixed an issue whereby configuration keys for extensions were passed to Patroni in the incorrect format, resulting in 'WARNING: Removing unexpected parameter'. | +| Bug Fix | Fixed an issue when using the intermediate base image option for `docker_images` whereby the resulting image name was incorrect. | \ No newline at end of file diff --git a/product_docs/docs/tpa/23/tpaexec-configure.mdx b/product_docs/docs/tpa/23/tpaexec-configure.mdx index d1e72dd042d..df8b0027ba5 100644 --- a/product_docs/docs/tpa/23/tpaexec-configure.mdx +++ b/product_docs/docs/tpa/23/tpaexec-configure.mdx @@ -251,7 +251,7 @@ details. #### Postgres flavour and version TPA supports PostgreSQL, EDB Postgres Extended, and EDB Postgres -Advanced Server (EPAS) versions 11 through 15. +Advanced Server (EPAS) versions 11 through 16. You must specify both the flavour (or distribution) and major version of Postgres to install, for example: diff --git a/tools/automation/generators/advisoryindex/advisoryindex.js b/tools/automation/generators/advisoryindex/advisoryindex.js new file mode 100755 index 00000000000..19ac1ff61b2 --- /dev/null +++ b/tools/automation/generators/advisoryindex/advisoryindex.js @@ -0,0 +1,161 @@ +import fs from "fs"; +import matter from "gray-matter"; +import MarkdownIt from "markdown-it"; +import njk from "nunjucks"; +import path from 'path'; +import parseArgs from 'minimist'; +import { fileURLToPath } from 'url'; + +// Modules hack for dirname via https://flaviocopes.com/fix-dirname-not-defined-es-module-scope/ +const __filename = fileURLToPath(import.meta.url); +const __dirname = path.dirname(__filename); + +var argv = parseArgs(process.argv.slice(2)); + +let securityRoot = argv.root; + +if (securityRoot == undefined) { + securityRoot=path.normalize(path.join(__dirname,"..","..","..","..","advocacy_docs","security")); + console.log(`Using ${securityRoot} as working directory`); +} + +let seccount = 10; + +if (argv.count != undefined) { + seccount = parseInt(argv.count); +} + +const md = new MarkdownIt(); +// We are going to process the advisories in +const advisoriesDir = path.join(securityRoot, "advisories"); +// To produce an index file named +const advisoriesIndex = path.join(advisoriesDir, "index.mdx"); +// And another similar but shorted one named +const securityIndex = path.join(securityRoot, "index.mdx"); + +// Using templates in a directory called +const templatesDir = path.join(securityRoot, "templates"); + +function parseMarkdownFile(filePath) { + const fileContent = fs.readFileSync(filePath, 'utf8'); + const parsedMatter = matter(fileContent); + const parsed = md.parse(parsedMatter.content, {}); + + let heading_capture = false; + let currentHeading = "open"; + let currentSectionMap = {} + let currentSectionArray = []; + + let docMap=parsed.reduce((currentValue, block) => { + if (block.type == "inline") { + if (heading_capture) { + currentHeading = slugify(block.content); + heading_capture=false; + } else { + let match = block.content.match("^([A-Za-z0-9- ]*): *(.*)$"); + if (match) { + let key = slugify(match[1]); + let value = match[2]; + currentSectionMap[key] = value; + } else { + currentSectionArray.push(block.content); + } + } + } else if (block.type == "heading_open") { + let value=""; + if (currentSectionArray.length!=0) { + value=currentSectionArray; + currentSectionArray = []; + } else { + value=currentSectionMap; + currentSectionMap = {}; + } + heading_capture = true; + currentValue[currentHeading]=value; + } else if (block.type == "heading_close") { + } + return currentValue; + }, {}) + + // add the parsedMatter data to the docmap + docMap["frontmatter"]=parsedMatter.data; + + const cvepath = path.basename(filePath, ".mdx"); + + docMap["filename"] = cvepath; + + return docMap; +} + +// function that takes a string and returns it in lower case, with no spaces +function slugify(string) { + return string + .toLowerCase() + .replace(/[-]+/g, '_') + .replace(/\s+/g, '_') + .replace(/[^\w-]+/g, '') + ; +} + +function cleanCVE(cvestring) { + if (cvestring[0] == "[") { + return cvestring.slice(1, cvestring.indexOf("]", 1)); + } + return cvestring; +} + +// Iterate over all the files that start cve and end with mdx in the source directory, and parse them + +njk.configure(templatesDir, { autoescape: false }); + + + +const files = fs.readdirSync(advisoriesDir).filter(fn => fn.startsWith('cve') && fn.endsWith('mdx')); +files.sort().reverse(); +const cvelist = files.map(file => { return file.replace(/\.[^/.]+$/, "") }); + +let namespace = {}; +let allDocMap = {}; + +cvelist.forEach(cve => { + const docMap = parseMarkdownFile(path.join(advisoriesDir, cve + '.mdx')); + // make sure the cve id isn't a link + docMap['vulnerability_details']['cve_id'] = cleanCVE(docMap['vulnerability_details']['cve_id']); + // trim the cve id off the front of the title + docMap['frontmatter']['title'] = docMap['frontmatter']['title'].slice(docMap['frontmatter']['title'].indexOf(" - ") + 3); + allDocMap[cve] = docMap; +}); + + +let shortcvelist = []; +let lastyear = ""; +let count = 0; +cvelist.forEach(cve => { + const year = cve.substring(3, 7); + if (lastyear == "") { + count = 0; + lastyear = year; + } else if (lastyear != year) { + return; + } + if (count < seccount) { + shortcvelist.push(cve); + count++; + } +}); + +namespace["shortcvelist"] = shortcvelist; +namespace["cvesorted"] = cvelist; +namespace["cves"] = allDocMap; + +//console.log(JSON.stringify(namespace, null, 2)); + + +const res = njk.render("advisoriesindex.njs", namespace); + +fs.writeFileSync(advisoriesIndex, res); + +const res2 = njk.render("securityindex.njs", namespace); + +fs.writeFileSync(securityIndex, res2); + diff --git a/tools/automation/generators/advisoryindex/package-lock.json b/tools/automation/generators/advisoryindex/package-lock.json new file mode 100644 index 00000000000..84e0b3a6ad6 --- /dev/null +++ b/tools/automation/generators/advisoryindex/package-lock.json @@ -0,0 +1,216 @@ +{ + "name": "jssecindexes", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "jssecindexes", + "version": "1.0.0", + "license": "ISC", + "dependencies": { + "gray-matter": "^4.0.3", + "markdown-it": "^13.0.1", + "minimist": "^1.2.8", + "nunjucks": "^3.2.4" + } + }, + "node_modules/a-sync-waterfall": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/a-sync-waterfall/-/a-sync-waterfall-1.0.1.tgz", + "integrity": "sha512-RYTOHHdWipFUliRFMCS4X2Yn2X8M87V/OpSqWzKKOGhzqyUxzyVmhHDH9sAvG+ZuQf/TAOFsLCpMw09I1ufUnA==" + }, + "node_modules/argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, + "node_modules/asap": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz", + "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==" + }, + "node_modules/commander": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz", + "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==", + "engines": { + "node": ">= 6" + } + }, + "node_modules/entities": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "integrity": "sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q==", + "engines": { + "node": ">=0.12" + }, + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, + "node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/extend-shallow": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", + "dependencies": { + "is-extendable": "^0.1.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/gray-matter": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/gray-matter/-/gray-matter-4.0.3.tgz", + "integrity": "sha512-5v6yZd4JK3eMI3FqqCouswVqwugaA9r4dNZB1wwcmrD02QkV5H0y7XBQW8QwQqEaZY1pM9aqORSORhJRdNK44Q==", + "dependencies": { + "js-yaml": "^3.13.1", + "kind-of": "^6.0.2", + "section-matter": "^1.0.0", + "strip-bom-string": "^1.0.0" + }, + "engines": { + "node": ">=6.0" + } + }, + "node_modules/is-extendable": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/js-yaml": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "dependencies": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/linkify-it": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-4.0.1.tgz", + "integrity": "sha512-C7bfi1UZmoj8+PQx22XyeXCuBlokoyWQL5pWSP+EI6nzRylyThouddufc2c1NDIcP9k5agmN9fLpA7VNJfIiqw==", + "dependencies": { + "uc.micro": "^1.0.1" + } + }, + "node_modules/markdown-it": { + "version": "13.0.1", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-13.0.1.tgz", + "integrity": "sha512-lTlxriVoy2criHP0JKRhO2VDG9c2ypWCsT237eDiLqi09rmbKoUetyGHq2uOIRoRS//kfoJckS0eUzzkDR+k2Q==", + "dependencies": { + "argparse": "^2.0.1", + "entities": "~3.0.1", + "linkify-it": "^4.0.1", + "mdurl": "^1.0.1", + "uc.micro": "^1.0.5" + }, + "bin": { + "markdown-it": "bin/markdown-it.js" + } + }, + "node_modules/markdown-it/node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" + }, + "node_modules/mdurl": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz", + "integrity": "sha512-/sKlQJCBYVY9Ers9hqzKou4H6V5UWc/M59TH2dvkt+84itfnq7uFOMLpOiOS4ujvHP4etln18fmIxA5R5fll0g==" + }, + "node_modules/minimist": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/nunjucks": { + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/nunjucks/-/nunjucks-3.2.4.tgz", + "integrity": "sha512-26XRV6BhkgK0VOxfbU5cQI+ICFUtMLixv1noZn1tGU38kQH5A5nmmbk/O45xdyBhD1esk47nKrY0mvQpZIhRjQ==", + "dependencies": { + "a-sync-waterfall": "^1.0.0", + "asap": "^2.0.3", + "commander": "^5.1.0" + }, + "bin": { + "nunjucks-precompile": "bin/precompile" + }, + "engines": { + "node": ">= 6.9.0" + }, + "peerDependencies": { + "chokidar": "^3.3.0" + }, + "peerDependenciesMeta": { + "chokidar": { + "optional": true + } + } + }, + "node_modules/section-matter": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/section-matter/-/section-matter-1.0.0.tgz", + "integrity": "sha512-vfD3pmTzGpufjScBh50YHKzEu2lxBWhVEHsNGoEXmCmn2hKGfeNLYMzCJpe8cD7gqX7TJluOVpBkAequ6dgMmA==", + "dependencies": { + "extend-shallow": "^2.0.1", + "kind-of": "^6.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/sprintf-js": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==" + }, + "node_modules/strip-bom-string": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/strip-bom-string/-/strip-bom-string-1.0.0.tgz", + "integrity": "sha512-uCC2VHvQRYu+lMh4My/sFNmF2klFymLX1wHJeXnbEJERpV/ZsVuonzerjfrGpIGF7LBVa1O7i9kjiWvJiFck8g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/uc.micro": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz", + "integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==" + } + } +} diff --git a/tools/automation/generators/advisoryindex/package.json b/tools/automation/generators/advisoryindex/package.json new file mode 100755 index 00000000000..44055582bd7 --- /dev/null +++ b/tools/automation/generators/advisoryindex/package.json @@ -0,0 +1,18 @@ +{ + "name": "jssecindexes", + "version": "1.0.0", + "description": "", + "main": "advisoryindex.js", + "type": "module", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "dependencies": { + "gray-matter": "^4.0.3", + "markdown-it": "^13.0.1", + "minimist": "^1.2.8", + "nunjucks": "^3.2.4" + } +}