Psycopg 2.9.2, 3.0.4 released

From: Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com>
To: Psycopg <psycopg(at)postgresql(dot)org>
Subject: Psycopg 2.9.2, 3.0.4 released
Date: 2021-11-15 15:56:10
Message-ID: CA+mi_8bgSSnWHwzN=g_Hci2pfzMxyTVjJbXZdb4CyBO+KACz9Q@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: psycopg

Hello,

We have released new versions of both psycopg 2 and 3 packages, addressing
the security issue CVE-2021-23222, affecting the libpq and which has been
resolved in PostgreSQL 14.1 and in the other versions provided in the same
release [1].

The new psycopg releases only solve the problem in the binary packages: if
you install psycopg from source you will need to upgrade the system libpq
library instead.

In order to verify what libpq version your system is using you can query
the functions 'psycopg2.extensions.libpq_version()' [2] and
'psycopg.pq.version()' [3].

Thank you very much!

-- Daniele

[1]:
https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
[2]:
https://www.psycopg.org/docs/extensions.html#psycopg2.extensions.libpq_version
[3]: https://www.psycopg.org/psycopg3/docs/api/pq.html#psycopg.pq.version

Browse psycopg by date

  From Date Subject
Next Message Daniele Varrazzo 2021-12-29 15:49:50 Psycopg 2.9.3 released
Previous Message Christophe Pettus 2021-10-21 16:22:07 Re: psycopg3 transactions