Zosintha zowongolera zapangidwira nthambi zonse za PostgreSQL: 13.3, 12.7, 11.12, 10.17 ndi 9.6.22. Zosintha za nthambi 9.6 zidzapangidwa mpaka November 2021, 10 mpaka November 2022, 11 mpaka November 2023, 12 mpaka November 2024, 13 mpaka November 2025. Zotulutsa zatsopanozi zimachotsa zofooka zitatu ndikukonza zolakwika zomwe zasonkhanitsidwa.
Vuto la CVE-2021-32027 lingayambitse kulemba deta kosatha chifukwa cha kuchuluka kwa manambala a manambala. Mwa kusintha ma values mu mafunso a SQL, wowukira amene ali ndi mwayi wochita mafunso a SQL akhoza kulemba deta yosasinthika ku dera losasinthika la kukumbukira kwa njira ndikugwiritsa ntchito ma code awo ndi maufulu. Seva DBMS. Zofooka zina ziwiri (CVE-2021-32028, CVE-2021-32029) zimapangitsa kuti kukumbukira kwa njira kutuluke mukasintha mafunso akuti "INSERT … ON CONFLICT … DO UPDATE" ndi "UPDATE … RETURNING".
Zokonza zosakhala pachiwopsezo zikuphatikiza:
- Chotsani kuwerengera kolakwika pochita "UPDATE...RETURNING" kuti musinthe ma sharded tables.
- Konzani "ALTER TABLE ... ALTER CONSTRAINT" kulephera kwa lamulo pamene pali zoletsa zakunja kuphatikiza kugwiritsa ntchito matebulo ogawa.
- Ntchito ya "COMMIT AND CHAIN" yasinthidwa.
- Pakutulutsa kwatsopano kwa FreeBSD, fdatasync mode tsopano yakhazikitsidwa kukhala thatwal_sync_method mwachisawawa.
- Vacuum_cleanup_index_scale_factor parameter imayimitsidwa mwachisawawa.
- Kudontha kwa kukumbukira kokhazikika komwe kumachitika mukayambitsa kulumikizana kwa TLS.
- Macheke owonjezera awonjezedwa ku pg_upgrade chifukwa cha kupezeka kwa mitundu ya data pamatebulo ogwiritsa ntchito omwe sangathe kukwezedwa.
Source: opennet.ru
