Re: pgAdmin 4 v4.28 released

👍

On Thu, Nov 12, 2020 at 11:22 AM Dave Page <dpage(at)pgadmin(dot)org> wrote:

>
>
> On Thu, Nov 12, 2020 at 4:13 PM richard coleman <
> rcoleman(dot)ascentgl(at)gmail(dot)com> wrote:
>
>> Dave,
>>
>> Thanks, but I expected that once an issue makes it into a release, and a
>> release announcement, that the veil is pulled back.
>>
>
> It has been - we just forgot with this one. There are a lot of moving
> parts in a release, and that's one that can't easily be automated.
>
>
>>
>> rik.
>>
>> On Thu, Nov 12, 2020 at 11:05 AM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>
>>> Richard,
>>>
>>> On Thu, Nov 12, 2020 at 3:59 PM richard coleman <
>>> rcoleman(dot)ascentgl(at)gmail(dot)com> wrote:
>>>
>>>> Hi All,
>>>>
>>>> The release notes list:
>>>>
>>>> Issue #5919 <https://redmine.postgresql.org/issues/5919> - Added
>>>> security related enhancements.
>>>>
>>>>
>>>> But this issue does not show up on the list of issues and following the
>>>> link returns a 403 error. What exactly was included in this change?
>>>>
>>>
>>> The issue (like all security issues) was marked as private. We make the
>>> public following the release, which has now been done. The commit lists the
>>> following changes:
>>>
>>> Added following security enhancements:
>>> 1) Added ALLOWED_HOSTS list to limit the host address.
>>> 2) Added CSP and HSTS security header.
>>> 3) Hide the webserver/ development framework version.
>>>
>>>
>>>>
>>>> It doesn't seem exactly *transparent* that *secret* changes are being
>>>> made to this program.
>>>>
>>>
>>> We almost always make security changes in secret, in much the same way
>>> as other Open Source projects (e.g. PostgreSQL) do. That is to help protect
>>> users by not advertising potential vulnerabilities before fixes are
>>> available.
>>>
>>>
>>>
>>>>
>>>> Thanks,
>>>>
>>>> rik.
>>>>
>>>> On Thu, Nov 12, 2020 at 6:34 AM Akshay Joshi <
>>>> akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>>>>
>>>>> The pgAdmin Development Team is pleased to announce pgAdmin 4 version
>>>>> 4.28.
>>>>> This release of pgAdmin 4 includes 19 bug fixes and new features. For
>>>>> more details please see the release notes at:
>>>>>
>>>>> https://www.pgadmin.org/docs/pgadmin4/4.28/release_notes_4_28.html
>>>>> .
>>>>>
>>>>> pgAdmin is the leading Open Source graphical management tool for
>>>>> PostgreSQL. For more information, please see:
>>>>>
>>>>> https://www.pgadmin.org/
>>>>>
>>>>> Notable changes in this release include:
>>>>>
>>>>> - Added support to download utility files at the client-side.
>>>>> - Added support to rename query tool and debugger tabs title.
>>>>> - Added support for dynamic tab size.
>>>>> - Added tab title placeholder for Query Tool, View/Edit Data, and
>>>>> Debugger.
>>>>> - Added support to compare schemas and databases in schema diff.
>>>>> - Ensure that non-superuser should be able to debug the function.
>>>>> - Ensure that query history should be listed by date/time in
>>>>> descending order.
>>>>> - Ensure that Grant Wizard should include foreign tables.
>>>>> - Ensure that search object functionality works with case
>>>>> insensitive string.
>>>>>
>>>>>
>>>>> Builds for Windows and macOS are available now, along with a Python
>>>>> Wheel,
>>>>> Docker Container, RPM, DEB Package, and source code tarball from:
>>>>>
>>>>> https://www.pgadmin.org/download/
>>>>>
>>>>> --
>>>>> Akshay Joshi
>>>>> pgAdmin Project
>>>>>
>>>>>
>>>
>>> --
>>> Dave Page
>>> Blog: http://pgsnake.blogspot.com
>>> Twitter: @pgsnake
>>>
>>> EDB: http://www.enterprisedb.com
>>>
>>>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EDB: http://www.enterprisedb.com
>
>