Corrective updates have been generated for all supported PostgreSQL branches: 13.4, 12.8, 11.13, 10.18 and 9.6.23. Updates for the 9.6 branch will be formed until November 2021, 10 - until November 2022, 11 - until November 2023, 12 - until November 2024, 13 - until November 2025.
The new versions offer 75 fixes and eliminate the vulnerability CVE-2021-3677, which allows reading the contents of the server process memory by executing a specially crafted request. The attack can be carried out by any user with access to execute SQL queries. Only PostgreSQL 11, 12, and 13 branches are affected by the problem. Known variants of attacks do not affect configurations with the max_worker_processes=0 setting, but it is possible that there are variants that do not depend on this setting.
Source: opennet.ru