Skip to content

Commit

Permalink
Merge pull request #5600 from EnterpriseDB/release-2024-05-09c
Browse files Browse the repository at this point in the history
Release 2024-05-09c
  • Loading branch information
djw-m authored May 9, 2024
2 parents 3d6d936 + f9a6b18 commit e768465
Show file tree
Hide file tree
Showing 5 changed files with 6 additions and 6 deletions.
4 changes: 2 additions & 2 deletions advocacy_docs/security/assessments/cve-2024-4317.mdx
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: CVE-2024-4317 - Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs" entries to the table owner
navTitle: CVE-2024-4317
affectedProducts: TBD
affectedProducts: All versions of PostgreSQL, EPAS and PGE prior to 16.3, 15.7, and 14.12
---

First Published: 2024/05/09
Expand All @@ -25,7 +25,7 @@ CVSS Temporal Score: Undefined

CVSS Environmental Score: Undefined

CVSS Vector: TBC
CVSS Vector: [AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N&version=3.0)

## Affected products and versions

Expand Down
2 changes: 1 addition & 1 deletion advocacy_docs/security/assessments/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ The CVEs listed in this section are from PostgreSQL and other parties who have r
&nbsp;&nbsp;<a href="cve-2024-4317">Read Assessment</a>
&nbsp;&nbsp;Updated: </span><span>2024/05/09</span>
<h4>Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs" entries to the table owner</h4>
<h5> TBD</h5>
<h5> All versions of PostgreSQL, EPAS and PGE prior to 16.3, 15.7, and 14.12</h5>
</summary>
<hr/>
<em>Summary:</em>&nbsp;
Expand Down
2 changes: 1 addition & 1 deletion advocacy_docs/security/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 and prior
&nbsp;&nbsp;<a href="assessments/cve-2024-4317">Read Assessment</a>
&nbsp;&nbsp;Updated: </span><span>2024/05/09</span>
<h4>Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs" entries to the table owner</h4>
<h5> TBD</h5>
<h5> All versions of PostgreSQL, EPAS and PGE prior to 16.3, 15.7, and 14.12</h5>
</summary>
<hr/>
<em>Summary:</em>&nbsp;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ EDB Postgres Advanced Server 15.7.0 includes the following enhancements and bug
| Type | Description | Addresses&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |
|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
| Upstream merge | Merged with community PostgreSQL 15.7. This release includes a fix for [CVE-2024-4317](/security/assessments/cve-2024-4317). See the [PostgreSQL 15.7 Release Notes](https://www.postgresql.org/docs/release/15.7/) for more information. | [CVE-2024-4317](/security/assessments/cve-2024-4317)|
| Security&nbsp;fix | Fixed an issue for `edbldr`. Now `edbldr` checks the `pg_read_server_files` privilege before accessing the data files. | #35906, [CVE-2024-4545](/security/advisories/cve2024545/) |
| Security&nbsp;fix | Fixed an issue for `edbldr`. Now `edbldr` checks the `pg_read_server_files` privilege before accessing the data files. | #35906, [CVE-2024-4545](/security/advisories/cve20244545/) |
| Bug&nbsp;fix | Fixed an issue for `edb_filter_log`. Now it correctly redacts the password when the tab is used before the keyword. | #36220 |
| Bug&nbsp;fix | Fixed an issue for `edb_audit` on Windows. Now it correctly rotates the log files based on days configured in `edb_audit_rotation_day`. | #99282 |
| Bug&nbsp;fix | Fixed an issue to fetch all the attributes correctly from the sublink in `CONNECT BY` processing to avoid the server crash. | #102746 |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ EDB Postgres Advanced Server 16.3.0 includes the following enhancements and bug
| Type | Description | Addresses&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |
|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
| Upstream merge | Merged with community PostgreSQL 16.3. This release includes a fix for [CVE-2024-4317](/security/assessments/cve-2024-4317). See the [PostgreSQL 16.3 Release Notes](https://www.postgresql.org/docs/release/16.3/) for more information. | [CVE-2024-4317](/security/assessments/cve-2024-4317) |
| Security&nbsp;fix | Fixed an issue for `edbldr`. Now `edbldr` checks the `pg_read_server_files` privilege before accessing the data files. | #35906, [CVE-2024-4545](/security/advisories/cve2024545/) |
| Security&nbsp;fix | Fixed an issue for `edbldr`. Now `edbldr` checks the `pg_read_server_files` privilege before accessing the data files. | #35906, [CVE-2024-4545](/security/advisories/cve20244545/) |
| Bug&nbsp;fix | Fixed an issue for `edb_filter_log`. Now it correctly redacts the password when the tab is used before the keyword. | #36220 |
| Bug&nbsp;fix | Fixed an issue for `edb_audit` on Windows. Now it correctly rotates the log files based on days configured in `edb_audit_rotation_day`. | #99282 |
| Bug&nbsp;fix | Fixed an issue to fetch all the attributes correctly from the sublink in `CONNECT BY` processing to avoid the server crash. | #102746 |
Expand Down

2 comments on commit e768465

@github-actions
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

πŸŽ‰ Published on https://edb-docs.netlify.app as production
πŸš€ Deployed on https://663d0cf1c3acc12ae60a902d--edb-docs.netlify.app

@github-actions
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.