Re: pgAdmin 4 v4.28 released

On Thu, Nov 12, 2020 at 4:13 PM richard coleman <rcoleman(dot)ascentgl(at)gmail(dot)com>
wrote:

> Dave,
>
> Thanks, but I expected that once an issue makes it into a release, and a
> release announcement, that the veil is pulled back.
>

It has been - we just forgot with this one. There are a lot of moving parts
in a release, and that's one that can't easily be automated.

>
> rik.
>
> On Thu, Nov 12, 2020 at 11:05 AM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>> Richard,
>>
>> On Thu, Nov 12, 2020 at 3:59 PM richard coleman <
>> rcoleman(dot)ascentgl(at)gmail(dot)com> wrote:
>>
>>> Hi All,
>>>
>>> The release notes list:
>>>
>>> Issue #5919 <https://redmine.postgresql.org/issues/5919> - Added
>>> security related enhancements.
>>>
>>>
>>> But this issue does not show up on the list of issues and following the
>>> link returns a 403 error. What exactly was included in this change?
>>>
>>
>> The issue (like all security issues) was marked as private. We make the
>> public following the release, which has now been done. The commit lists the
>> following changes:
>>
>> Added following security enhancements:
>> 1) Added ALLOWED_HOSTS list to limit the host address.
>> 2) Added CSP and HSTS security header.
>> 3) Hide the webserver/ development framework version.
>>
>>
>>>
>>> It doesn't seem exactly *transparent* that *secret* changes are being
>>> made to this program.
>>>
>>
>> We almost always make security changes in secret, in much the same way as
>> other Open Source projects (e.g. PostgreSQL) do. That is to help protect
>> users by not advertising potential vulnerabilities before fixes are
>> available.
>>
>>
>>
>>>
>>> Thanks,
>>>
>>> rik.
>>>
>>> On Thu, Nov 12, 2020 at 6:34 AM Akshay Joshi <
>>> akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>>>
>>>> The pgAdmin Development Team is pleased to announce pgAdmin 4 version
>>>> 4.28.
>>>> This release of pgAdmin 4 includes 19 bug fixes and new features. For
>>>> more details please see the release notes at:
>>>>
>>>> https://www.pgadmin.org/docs/pgadmin4/4.28/release_notes_4_28.html.
>>>>
>>>> pgAdmin is the leading Open Source graphical management tool for
>>>> PostgreSQL. For more information, please see:
>>>>
>>>> https://www.pgadmin.org/
>>>>
>>>> Notable changes in this release include:
>>>>
>>>> - Added support to download utility files at the client-side.
>>>> - Added support to rename query tool and debugger tabs title.
>>>> - Added support for dynamic tab size.
>>>> - Added tab title placeholder for Query Tool, View/Edit Data, and
>>>> Debugger.
>>>> - Added support to compare schemas and databases in schema diff.
>>>> - Ensure that non-superuser should be able to debug the function.
>>>> - Ensure that query history should be listed by date/time in
>>>> descending order.
>>>> - Ensure that Grant Wizard should include foreign tables.
>>>> - Ensure that search object functionality works with case
>>>> insensitive string.
>>>>
>>>>
>>>> Builds for Windows and macOS are available now, along with a Python
>>>> Wheel,
>>>> Docker Container, RPM, DEB Package, and source code tarball from:
>>>>
>>>> https://www.pgadmin.org/download/
>>>>
>>>> --
>>>> Akshay Joshi
>>>> pgAdmin Project
>>>>
>>>>
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EDB: http://www.enterprisedb.com
>>
>>

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: http://www.enterprisedb.com