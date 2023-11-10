PostgreSQL 16.1, 15.5, 14.10, 13.13, 12.17, and 11.22 Released!
The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 16.1, 15.5, 14.10, 13.13, 12.17, and 11.22 This release fixes three security vulnerabilities and over 55 bugs reported over the last several months.
This release includes fixes for indexes where in certain cases, we advise reindexing. Please see the "Updating" section for more details.
This is the final release of PostgreSQL 11. PostgreSQL 11 is now end-of-life and will no longer receive security and bug fixes. If you are
CVE-2023-5868: Memory disclosure in aggregate function calls
CVSS v3 Base Score: 4.3
Supported, Vulnerable Versions: 11 - 16. The security team typically does not
Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirmed or ruled out viability of attacks that arrange for presence of notable, confidential information in disclosed bytes.