PostgreSQL: Refreshing the Code of Censorship Committee, Pgpool-II 4.5.4, 4.4.9, 4.3.12, 4.2.19 and 4.1.22
-
PostgreSQL ☛ Code of Conduct Committee Seeking New Volunteers [Ed: Become a cop for free and publish productive coders whom you envy]
This message is being sent from the Community Code of Conduct Committee, with the approval of the Core Team. As part of the Community CoC policy, the Committee membership is to be refreshed on an annual basis. We are seeking up to 4 volunteers to serve on the Committee for the coming year, October 1, 2024 - September 30, 2024.
We are seeking people who reflect the diversity of the PostgreSQL community, with the goal to have members from multiple countries and varied demographics. The time commitment for Committee involvement varies, based on internal administrative work and the number of active investigations. We estimate an average of 5 to 10 hours per month, but that could increase if there is an increase in the number of incident reports.
-
PostgreSQL ☛ Pgpool-II 4.5.4, 4.4.9, 4.3.12, 4.2.19 and 4.1.22 released.
When the query cache feature is enabled, it was possible that a database user can read rows from tables that should not be visible for the user through query cache (CVE-2024-45624).
All versions of Pgpool-II older than 4.5.4, 4.4.9, 4.3.12, 4.2.19, 4.1.22, and all older versions that has the query cache feature (the query cache feature was implemented in 3.2) are affected by the vulnerability.
It is strongly recommend to upgrade to Pgpool-II 4.5.4, 4.4.9, 4.3.12, 4.2.19 and 4.1.22 or later. Or you should better turn off the query cache feature.