Merge pull request #4630 from EnterpriseDB/release/2023-08-14

Release: 2023-08-14

advocacy_docs/migrating/oracle/migration_journey.mdx

@@ -1,5 +1,7 @@
 ---
 title: The database migration “journey”
+redirects:
+  - /migration_toolkit/latest/03_migration_methodology/
 ---
 
 Migrating your database consists of a nine-step “journey.”

advocacy_docs/partner_docs/CommvaultBackupandRecovery/04-ConfiguringCommvaultBackupandRecovery.mdx

@@ -1,6 +1,8 @@
 ---
 title: 'Configuring Commvault Backup & Recovery'
 description: 'Walkthrough on configuring Commvault Backup & Recovery'
+redirects:
+  - /partner_docs/CommVaultGuide/04-ConfiguringCommvaultBackupandRecovery/
 ---
 
 Implementing Commvault Backup & Recovery with an EDB database requires the following components:

advocacy_docs/partner_docs/CommvaultBackupandRecovery/05-UsingCommvaultBackupandRecovery.mdx

@@ -1,6 +1,8 @@
 ---
 title: 'Using Commvault Backup & Recovery'
 description: 'Walkthroughs of multiple Commvault Backup & Recovery usage scenarios'
+redirects:
+  - /partner_docs/CommVaultGuide/05-UsingCommvaultBackupandRecovery/
 ---
 
 How to backup and restore an EDB Database using Commvault Backup & Recovery.

advocacy_docs/partner_docs/CommvaultBackupandRecovery/index.mdx

@@ -2,7 +2,7 @@
 title: 'Commvault Backup & Recovery Implementation Guide'
 indexCards: simple
 directoryDefaults:
-    iconName: handshake
+  iconName: handshake
 ---
 
 <p align="center">

advocacy_docs/partner_docs/DBeaverPRO/03-SolutionSummary.mdx

@@ -1,6 +1,8 @@
 ---
 title: 'Solution Summary'
 description: 'Explanation of the solution and its purpose'
+redirects:
+  - /partner_docs/DBeaverGuide/03-SolutionSummary/
 ---
 
 DBeaver PRO is a SQL client software application and universal database management tool for EDB Postgres Advanced Server, EDB Postgres Extended Server and PostgreSQL. With DBeaver PRO you can manipulate your data like you would in a regular spreadsheet. You have the ability to view, create, modify, save, and delete all Postgres data types. The features resemble those of a regular spreadsheet, as you can create analytical reports based on records from different data storages and export information in an appropriate format. DBeaver PRO also provides you with a powerful editor for SQL, data and schema migration, monitoring of database connection sessions, and other administration features.

advocacy_docs/partner_docs/LiquibasePro/03-SolutionSummary.mdx

@@ -1,6 +1,8 @@
 ---
 title: 'Solution Summary'
 description: 'Brief explanation of the solution and its purpose'
+redirects:
+  - /partner_docs/LiquibaseGuide/03-SolutionSummary/
 ---
 Easily track, version, and deploy EDB Postgres Advanced Server schema changes with Liquibase. Liquibase enables your team to deploy safer, faster, automated database releases across all your environments. Liquibase integrates with most application build and deployment tools to help track, version, and deploy EDB Postgres Advanced Server database changes.
 

advocacy_docs/partner_docs/QuestToadEdge/03-SolutionSummary.mdx

@@ -1,6 +1,8 @@
 ---
 title: 'Solution Summary'
 description: 'Brief explanation of the solution and its purpose'
+redirects: 
+  - /partner_docs/ToadEdgeGuide/03-SolutionSummary/
 ---
 
 Quest Toad Edge is a lightweight and reliable desktop database toolset that streamlines development and management tasks for EDB Postgres Advanced Server and EDB Postgres Extended Server. Its flexibility lies in it being built on Java and its ability to work with both Windows and Mac operating systems. Toad Edge supports coding, editing, schema compare and sync and DevOps CI processes, so you can manage EDB Postgres Advanced Server and EDB Postgres Extended Server.         

advocacy_docs/partner_docs/QuestToadEdge/06-CertificationEnvironment.mdx

@@ -1,6 +1,8 @@
 ---
 title: 'Certification Environment'
 description: 'Overview of the certification environment used in the certification of Quest Toad Edge'
+redirects: 
+  - /partner_docs/ToadEdgeGuide/06-CertificationEnvironment/
 ---
 
 |       |   |

advocacy_docs/partner_docs/RepostorDataProtectorforPostgreSQL/02-PartnerInformation.mdx

@@ -1,7 +1,8 @@
 ---
 title: 'Partner Information'
 description: 'Details for Repostor Data Protector for PostgreSQL'
-
+redirects:
+  - /partner_docs/RepostorGuide/02-PartnerInformation/
 ---
 
 |       |   |

advocacy_docs/partner_docs/RepostorDataProtectorforPostgreSQL/06-CertificationEnvironment.mdx

@@ -1,6 +1,8 @@
 ---
 title: 'Certification Environment'
 description: 'Overview of the certification environment used in the certification of Repostor Data Protector for PostgreSQL'
+redirects:
+  - /partner_docs/RepostorGuide/06-CertificationEnvironment/
 ---
 
 |       |   |

advocacy_docs/partner_docs/RepostorDataProtectorforPostgreSQL/index.mdx

@@ -3,6 +3,8 @@ title: 'Repostor Data Protector for PostgresSQL Implementation Guide'
 indexCards: simple
 directoryDefaults:
   iconName: handshake
+redirects:
+  - /partner_docs/RepostorGuide/
 ---
 
 <p align="center">

advocacy_docs/partner_docs/SIBVisionsVisionX/03-SolutionSummary.mdx

@@ -1,6 +1,8 @@
 ---
 title: 'Solution Summary'
 description: 'Brief explanation of the solution and its purpose'
+redirects:
+  - /partner_docs/SIBVisionsVisionXGuide/03-SolutionSummary/
 ---
 SIB Visions VisionX is a flexible and independent low-code platform, enabling both business users and professional developers to visually develop web, desktop and native mobile applications quickly. These can be very simple applications that replace paper processes or Excel sheets, easy-to-use forms on ERP systems, dashboards, mobile apps, and even highly complex billing applications, customer portals or trading systems.
 

advocacy_docs/partner_docs/VeritasNetBackupforPostgreSQL/02-PartnerInformation.mdx

@@ -1,7 +1,8 @@
 ---
 title: 'Partner Information'
 description: 'Details for Veritas NetBackup for PostgreSQL'
-
+redirects:
+  - /partner_docs/VeritasGuide/02-PartnerInformation/
 ---
 |       |   |
 | ----------- | ----------- |

advocacy_docs/partner_docs/VeritasNetBackupforPostgreSQL/03-SolutionSummary.mdx

@@ -1,6 +1,8 @@
 ---
 title: 'Solution Summary'
 description: 'Brief explanation of the solution and its purpose'
+redirects: 
+  - /partner_docs/VeritasGuide/03-SolutionSummary/
 ---
 NetBackup provides a non-distruptive way of validating your resiliency plan for assurance and compliance through automated recovery and rehearsal of business-critical applications. Moving data and spinning up applications when and where you need to without risking data loss requires business-level resiliency. Veritas NetBackup for PostgreSQL Agent extends the capabilities of NetBackup to include backup and restore of PostgreSQL databases. If a NetBackup environment is operational within an organization, then users can backup and restore EDB Postgres Advanced Server and EDB Postgres Extended Server with the help of Veritas NetBackup for PostgreSQL Agent. 
 

advocacy_docs/security/advisories/cve.mdx.template

@@ -0,0 +1,63 @@
+---
+title: CVE Title
+navTitle: CVE ID as CVE-Year-Number
+---
+
+First Published: YYYY/MM/DD (ISO8601)
+
+Last Updated: YYYY/MM/DD
+
+## Summary 
+
+SUMMARY
+
+## Vulnerability details
+
+CVE-ID:  LINK TO ID
+
+CVSS Base Score: SCORE
+
+CVSS Temporal Score: TEMPORAL SCORE
+
+CVSS Environmental Score: ENVIRONMENTAL SCORE
+
+CVSS Vector: VECTOR
+
+## Affected products and versions
+
+* LIST OF AFFECTED PRODUCTS
+
+## Remediation/fixes
+
+| Product | VRMF | Remediation/First Fix |
+|---------|------|-----------------------|
+| PRODUCT | VERSION | REMEDIATION |
+
+!!! Note Update
+OPTIONAL UPDATE NOTE
+!!!
+
+## References
+
+* [https://www.first.org/cvss/calculator/3.1](https://www.first.org/cvss/calculator/3.1)
+* LINKS TO REFERENCES
+
+
+## Related Information
+
+* [EnterpriseDB](https://www.enterprisedb.com/)
+* LINKS TO OTHER RELATED INFORMATION
+* [EDB Blogs Link]()
+
+## Acknowledgement
+
+Source: SOURCE
+
+## Change history
+
+DD mmmm YYYY: ACTION
+
+## Disclaimer
+
+
+This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. EDB reserves the right to change or update this document at any time. Customers are therefore recommended to always view the latest version of this document.

advocacy_docs/security/advisories/cve20074639.mdx

@@ -0,0 +1,57 @@
+---
+title: EDB Advanced Server 8.2 improperly handles debugging function calls
+navTitle: CVE-2007-4639
+---
+
+First Published: 2007/08/31
+
+Last Updated: 2018/10/15
+
+## Summary
+
+EDB Postgres Advanced Server 8.2 (EPAS) does not properly handle certain debugging function calls that occur before a call to `pldbg_create_listener`, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a `pldbg_` function, as demonstrated by (1) `pldbg_get_stack` and (2) `pldbg_abort_target`, which triggers use of an uninitialized pointer.
+
+## Vulnerability details
+
+CVE-ID:  [CVE-2007-4639](https://nvd.nist.gov/vuln/detail/CVE-2007-4639)  
+CVSS Base Score: Undefined  
+CVSS Temporal Score: Undefined  
+CVSS Environmental Score: Undefined  
+CVSS Vector: Undefined
+
+## Affected products and versions
+
+EDB Postgres Advanced Server (EPAS)
+* 8.2
+
+## Remediation/fixes 
+
+| Product | VRMF | Remediation/First Fix |
+|---------|------|-----------------------|
+| EPAS | 8.2 | Upgrade to a supported version of EPAS |
+
+!!! Note Update
+This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
+!!!
+
+## References
+
+* [https://www.first.org/cvss/calculator/3.1](https://www.first.org/cvss/calculator/3.1)
+* [CWE-284 Improper Access Control](http://cwe.mitre.org/data/definitions/284.html)
+
+## Related information
+
+* [EnterpriseDB](https://www.enterprisedb.com/)
+* [EDB Postgres Advanced Server (EPAS)](https://www.enterprisedb.com/products/edb-postgres-advanced-server)
+* [EDB Blogs Link]()
+
+## Acknowledgement
+Source: MITRE
+
+## Change history
+
+26 July 2023: Original Copy Published
+
+## Disclaimer
+
+This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. EDB reserves the right to change or update this document at any time. Customers are therefore recommended to always view the latest version of this document.

advocacy_docs/security/advisories/cve201910128.mdx

@@ -0,0 +1,66 @@
+---
+title: EDB supplied PostgreSQL inherits ACL for installation directory
+navTitle: CVE-2019-10128
+---
+
+First Published: 2021/03/19
+
+Last Updated: 2022/01/01
+
+## Summary
+
+A vulnerability was found in PostgreSQL versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.
+
+## Vulnerability details
+
+CVE-ID:   [CVE-2019-10128](https://nvd.nist.gov/vuln/detail/CVE-2019-10128)  
+CVSS Base Score: 7.8  
+CVSS Temporal Score: Undefined  
+CVSS Environmental Score: Undefined  
+CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+
+## Affected products and versions
+
+PostgreSQL
+
+* All versions up to 9.4.21
+* 9.5.0 to 9.5.16
+* 9.6.0 to 9.6.12
+* 10.0 to 10.7
+* 11.0 to 11.2
+
+## Remediation/fixes
+
+| Product | VRMF | Remediation/First Fix |
+|---------|------|-----------------------|
+| Postgresql | Up to 9.4.21 | Update to latest version (at least 9.4.22) |
+| Postgresql | 9.5.0 to 9.5.16 | Update to latest version (at least 9.5.17) |
+| Postgresql | 9.6.0 to 9.6.12 | Update to latest version (at least 9.6.13) |
+| Postgresql | 10.0 to 10.7 | Update to latest version (at least 10.8) |
+| Postgresql | 11.0 to 11.2 | Update to latest version (at least 11.3) |
+
+!!! Note Update
+No updates at this time
+!!!
+
+## References
+
+* [https://www.first.org/cvss/calculator/3.1](https://www.first.org/cvss/calculator/3.1)
+* [CWE-284 Improper Access Control](http://cwe.mitre.org/data/definitions/284.html)
+
+## Related Information
+
+* [EnterpriseDB](https://www.enterprisedb.com/)
+* [Postgresql](https://www.postgresql.org)
+* [EDB Blogs Link]()
+
+## Acknowledgement
+Source: Red Hat Inc
+
+## Change history
+
+26 July 2023: Original Copy Published
+
+## Disclaimer
+
+This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. EDB reserves the right to change or update this document at any time. Customers are therefore recommended to always view the latest version of this document.

advocacy_docs/security/advisories/cve202331043.mdx

@@ -0,0 +1,68 @@
+---
+title: EDB Postgres Advanced Server (EPAS) logs unredacted passwords prior to 14.6.0
+navTitle: CVE-2023-31043
+---
+
+First Published: 2023/04/23
+
+Last Updated: 2023/05/02
+
+## Summary
+
+EDB Postgres Advanced Server (EPAS) versions before 14.6.0 log unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0.
+
+## Vulnerability details
+
+CVE-ID:  [CVE-2023-31043](https://nvd.nist.gov/vuln/detail/CVE-2023-31043)  
+CVSS Base Score: 7.5  
+CVSS Temporal Score: Undefined  
+CVSS Environmental Score: Undefined  
+CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+
+## Affected products and versions
+
+EDB Postgres Advanced Server (EPAS)
+
+* All versions up to 10.23.32
+* 11.1.7 to 11.18.28
+* 12.1.2 to 12.13.16
+* 13.1.4 to 13.9.12
+* 14.1.0 to 14.5.0
+* 14.1.0 to 14.5.0
+
+## Remediation/fixes
+
+| Product | VRMF | Remediation/First Fix |
+|---------|------|-----------------------|
+| EPAS | All versions <br/>up to 10.23.32 | Update to latest supported version <br/> (at least [10.23.33](https://www.enterprisedb.com/docs/epas/10/epas_rel_notes/epas10_23_33_rel_notes/)) |
+| EPAS | 11.1.7 to <br/>11.18.28 | Update to latest supported version <br/> (at least [11.18.29](https://www.enterprisedb.com/docs/epas/11/epas_rel_notes/epas11_18_29_rel_notes/)) |
+| EPAS | 12.1.2 to <br/>12.13.16 | Update to latest supported version <br/> (at least [12.13.17](https://www.enterprisedb.com/docs/epas/12/epas_rel_notes/epas12_13_17_rel_notes/)) |
+| EPAS | 13.1.4 to <br/>13.9.12 | Update to latest supported version <br/> (at least [13.9.13](https://www.enterprisedb.com/docs/epas/13/epas_rel_notes/epas13_9_13_rel_notes/)) |
+| EPAS | 14.1.0 to <br/>14.5.0 | Update to latest supported version <br/> (at least [14.6.0](https://www.enterprisedb.com/docs/epas/14/epas_rel_notes/epas14_6_0_notes/))|
+
+!!! Note Update
+No Updates at this time
+!!!
+
+## References
+
+* [https://www.first.org/cvss/calculator/3.1](https://www.first.org/cvss/calculator/3.1)
+* [CWE-312 Cleartext Storage of Sensitive Information](http://cwe.mitre.org/data/definitions/312.html)
+
+
+## Related information
+
+* [EnterpriseDB](https://www.enterprisedb.com/)
+* [EDB Postgres Advanced Server (EPAS)](https://www.enterprisedb.com/products/edb-postgres-advanced-server)
+* [EDB Blogs Link]()
+
+## Acknowledgement
+Source: Mitre
+
+## Change history
+
+26 July 2023: Original Copy Published
+
+## Disclaimer
+
+This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. EDB reserves the right to change or update this document at any time. Customers are therefore recommended to always view the latest version of this document.