Pgpool-II is a tool to add useful features to PostgreSQL, including:
Pgpool Global Development Group is pleased to announce the availability of following versions of Pgpool-II:
This release contains a security fix.
When the query cache feature is enabled, it was possible that a database user can read rows from tables that should not be visible for the user through query cache (CVE-2024-45624).
All versions of Pgpool-II older than 4.5.4, 4.4.9, 4.3.12, 4.2.19, 4.1.22, and all older versions that has the query cache feature (the query cache feature was implemented in 3.2) are affected by the vulnerability.
It is strongly recommend to upgrade to Pgpool-II 4.5.4, 4.4.9, 4.3.12, 4.2.19 and 4.1.22 or later. Or you should better turn off the query cache feature.
Please take a look at release notes.
You can download the source code and RPMs.