Changes coming in PostgreSQL 17
The PostgreSQL project has released beta versions of PostgreSQL 17 containing several interesting security and usability improvements, alongside the usual performance improvements and bug fixes. If the release proceeds according to the usual timeline, the full release of version 17 is expected in September or October. The most important changes are in what PostgreSQL does when a database supervisor has their credentials revoked, and added support for incremental database backups.
[...]
That isn't the only change that makes running maintenance operations safer, however. Nathan Bossart added a new permission, MAINTAIN, that can be granted per-table or per-role. This means that now maintenance operations don't need general administration privileges, and the permissions can be more narrowly scoped. Unlike the search-path change, this change is backward compatible — although it may prompt some administrators to restructure their permission systems.
Another security-related change is a tweak to how PostgreSQL handles the SET SESSION AUTHORIZATION command that allows superusers to temporarily act as other users — the database equivalent of su. In previous versions, anyone who was a superuser at the time their database connection opened could issue the command. This led to the theoretical problem of someone opening a privileged connection, losing their superuser status, and then using their open connection to get it back. Of course, the far more common case is that of a new administrator having to close and reopen their connection to be able to use it. In PostgreSQL 17, Joseph Koshakow fixed this behavior and the command only cares about a user's superuser status at the time it is issued.