| From: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
|---|---|
| To: | Psycopg <psycopg(at)postgresql(dot)org> |
| Subject: | Psycopg 2.9.2, 3.0.4 released |
| Date: | 2021-11-15 15:56:10 |
| Message-ID: | CA+mi_8bgSSnWHwzN=g_Hci2pfzMxyTVjJbXZdb4CyBO+KACz9Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | psycopg |
Hello,
We have released new versions of both psycopg 2 and 3 packages, addressing
the security issue CVE-2021-23222, affecting the libpq and which has been
resolved in PostgreSQL 14.1 and in the other versions provided in the same
release [1].
The new psycopg releases only solve the problem in the binary packages: if
you install psycopg from source you will need to upgrade the system libpq
library instead.
In order to verify what libpq version your system is using you can query
the functions 'psycopg2.extensions.libpq_version()' [2] and
'psycopg.pq.version()' [3].
Thank you very much!
-- Daniele
[1]:
https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
[2]:
https://www.psycopg.org/docs/extensions.html#psycopg2.extensions.libpq_version
[3]: https://www.psycopg.org/psycopg3/docs/api/pq.html#psycopg.pq.version
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniele Varrazzo | 2021-12-29 15:49:50 | Psycopg 2.9.3 released |
| Previous Message | Christophe Pettus | 2021-10-21 16:22:07 | Re: psycopg3 transactions |