November 21, 2024: PostgreSQL 17.2, 16.6, 15.10, 14.15, 13.18, and 12.22 Released!

Quick Links

set_user 2.0.1 released

Posted on 2021-08-28 by Crunchy Data

Related Open Source Security

Crunchy Data is pleased to announce the release of the PostgreSQL set_user Extension module version 2.0.1.

This release contains one security fix and one other bug fix. It is highly recommended to update to this version of set_user as soon as possible.

Security Issues

CVE-2021-38140: Fixed potential privilege escalation using RESET SESSION AUTHORIZATION after calling set_user(). This is now blocked along with RESET ROLE.

Fixes

Fix GUC deprecation logic to stop printing noisy NOTICEs every time GUCs are referenced.

Links

Crunchy Data is proud to support the development and maintenance of set_user).