Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release: 2023-09-21 #4837

Merged
merged 14 commits into from
Sep 21, 2023
Merged

Release: 2023-09-21 #4837

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
5492501
Fixes shell space
djw-m Aug 24, 2023
29168d5
Removed non-breaking-space
djw-m Aug 24, 2023
d951627
removed text that was not needed
EFM-Bobby Sep 14, 2023
c37a0c1
Merge pull request #4828 from EnterpriseDB/efm/upgrade-text-removed
nidhibhammar Sep 18, 2023
faf7ff2
fix(UPM-24162): Fix typo, space
vishalsawale9 Sep 18, 2023
66efad8
Merge pull request #4831 from EnterpriseDB/upm-24162
nidhibhammar Sep 18, 2023
259582e
Now with fully automatic index page generation
djw-m Sep 11, 2023
f3d7f29
Fixes to title rendering
djw-m Sep 11, 2023
cc4ba15
Fixes as per comments
djw-m Sep 13, 2023
5cb7557
Switch to ESM, added default dir handling
djw-m Sep 13, 2023
d787ebc
Merge branch 'develop' into doc/fix/stopthemissinglanguageshellerror
djw-m Sep 19, 2023
7d690ee
Imported and rearranged sidebar
djw-m Sep 21, 2023
a72c3ba
TPA 23.23 rel notes
sonotley Sep 21, 2023
aaa60ff
Update product_docs/docs/tpa/23/rel_notes/index.mdx
djw-m Sep 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve.mdx.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE Title
navTitle: CVE ID as CVE-Year-Number
affectedProducts: one liner covering which products affected
---

First Published: YYYY/MM/DD (ISO8601)
Expand Down
13 changes: 9 additions & 4 deletions advocacy_docs/security/advisories/cve20074639.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2007-4639 - EDB Advanced Server 8.2 improperly handles debugging function calls
navTitle: CVE-2007-4639
affectedProducts: EDB Advanced Server 8.2
---

First Published: 2007/08/31
Expand All @@ -13,10 +14,14 @@ EDB Postgres Advanced Server 8.2 (EPAS) does not properly handle certain debuggi

## Vulnerability details

CVE-ID: [CVE-2007-4639](https://nvd.nist.gov/vuln/detail/CVE-2007-4639)
CVSS Base Score: Undefined
CVSS Temporal Score: Undefined
CVSS Environmental Score: Undefined
CVE-ID: [CVE-2007-4639](https://nvd.nist.gov/vuln/detail/CVE-2007-4639)

CVSS Base Score: Undefined

CVSS Temporal Score: Undefined

CVSS Environmental Score: Undefined

CVSS Vector: Undefined

## Affected products and versions
Expand Down
13 changes: 9 additions & 4 deletions advocacy_docs/security/advisories/cve201910128.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2019-10128 - EDB supplied PostgreSQL inherits ACL for installation directory
navTitle: CVE-2019-10128
affectedProducts: PostgreSQL
---

First Published: 2021/03/19
Expand All @@ -13,10 +14,14 @@ A vulnerability was found in PostgreSQL versions 11.x prior to 11.3. The Windows

## Vulnerability details

CVE-ID: [CVE-2019-10128](https://nvd.nist.gov/vuln/detail/CVE-2019-10128)
CVSS Base Score: 7.8
CVSS Temporal Score: Undefined
CVSS Environmental Score: Undefined
CVE-ID: [CVE-2019-10128](https://nvd.nist.gov/vuln/detail/CVE-2019-10128)

CVSS Base Score: 7.8

CVSS Temporal Score: Undefined

CVSS Environmental Score: Undefined

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

## Affected products and versions
Expand Down
13 changes: 9 additions & 4 deletions advocacy_docs/security/advisories/cve202331043.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-31043 - EDB Postgres Advanced Server (EPAS) logs unredacted passwords prior to 14.6.0
navTitle: CVE-2023-31043
affectedProducts: EDB Postgres Advanced Server 10.23.32 to 14.5.0
---

First Published: 2023/04/23
Expand All @@ -13,10 +14,14 @@ EDB Postgres Advanced Server (EPAS) versions before 14.6.0 log unredacted passwo

## Vulnerability details

CVE-ID: [CVE-2023-31043](https://nvd.nist.gov/vuln/detail/CVE-2023-31043)
CVSS Base Score: 7.5
CVSS Temporal Score: Undefined
CVSS Environmental Score: Undefined
CVE-ID: [CVE-2023-31043](https://nvd.nist.gov/vuln/detail/CVE-2023-31043)

CVSS Base Score: 7.5

CVSS Temporal Score: Undefined

CVSS Environmental Score: Undefined

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

## Affected products and versions
Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341113.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41113 - EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory()
navTitle: CVE-2023-41113
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341114.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41114 - EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL
navTitle: CVE-2023-41114
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341115.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41115 - EDB Postgres Advanced Server (EPAS) permission bypass for large objects
navTitle: CVE-2023-41115
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
6 changes: 2 additions & 4 deletions advocacy_docs/security/advisories/cve202341116.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41116 - EDB Postgres Advanced Server (EPAS) permission bypass for materialized views
navTitle: CVE-2023-41116
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand All @@ -9,10 +10,7 @@ Last Updated: 2023/08/30

## Summary

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before
11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and
15.x before 15.4.0. It allows an authenticated user to refresh any materialized
view, regardless of that user's permissions.
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions.

## Vulnerability details

Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341117.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41117 - EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path
navTitle: CVE-2023-41117
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341118.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41118 - EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass
navTitle: CVE-2023-41118
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341119.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41119 - EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser
navTitle: CVE-2023-41119
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
1 change: 1 addition & 0 deletions advocacy_docs/security/advisories/cve202341120.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: CVE-2023-41120 - EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission
navTitle: CVE-2023-41120
affectedProducts: All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
---

First Published: 2023/08/21
Expand Down
Loading