I-ProHoster > Isibuyekezo se-PostgreSQL esinokulungiswa kokuba sengozini. Ukukhishwa kwesistimu yokuphindaphinda ye-pgcat

Isibuyekezo se-PostgreSQL esinokulungiswa kokuba sengozini. Ukukhishwa kwesistimu yokuphindaphinda ye-pgcat

Kwakhiwe izibuyekezo zokulungisa zawo wonke amagatsha e-PostgreSQL asekelwe: 12.2, 11.7, 10.12, 9.6.17, 9.5.21 ΠΈ 9.4.26. Ukukhishwa 9.4.26 okokugcina - kulungiselelwa izibuyekezo zegatsha 9.4 iyekisiwe. Izibuyekezo zegatsha 9.5 zizokwenziwa kuze kube nguFebhruwari 2021, 9.6 - kuze kube nguNovemba 2021, 10 - kuze kube nguNovemba 2022, 11 - kuze kube nguNovemba 2023, 12 - kuze kube nguNovemba 2024.

Izinguqulo ezintsha zilungisa iziphazamisi ezingu-75 futhi zisuse ubungozi
(CVE-2020-1720) okudalwe ukuhlola kokugunyazwa okungekho lapho kusetshenziswa umyalo othi "ALTER ... KUYA NGOKWANDISA". Ngaphansi kwezimo ezithile, ukuba sengozini kuvumela umsebenzisi ongenalo ilungelo ukuthi asuse noma yimuphi umsebenzi, inqubo, ukubuka okwenziwe ngokwenyama, inkomba, noma i-trigger. Ukuhlasela kungenzeka uma umlawuli efake noma yisiphi isandiso, futhi umsebenzisi angakwazi ukusebenzisa umyalo othi CREATE noma umnikazi wesandiso angakholiseka ukuthi asebenzise umyalo othi DROP EXTENSION.

Ukwengeza, ungakwazi ukuqaphela ukubukeka kwesicelo esisha pgcat, okukuvumela ukuthi uphindaphinde idatha phakathi kwamaseva amaningi e-PostgreSQL. Uhlelo lusekela ukuphindaphinda okunengqondo ngokusakaza nokudlala kwenye inqwaba yemiyalo ye-SQL ekhishwa kuseva eyinhloko, okuholela ekushintsheni kwedatha. Ikhodi ibhalwe ku-Go and isatshalaliswa ngu ilayisensi ngaphansi kwe-Apache 2.0. Umehluko omkhulu kusukela kumshini wokuphindaphinda onengqondo owakhelwe ngaphakathi:

  • Ukusekelwa kwanoma yiziphi izinhlobo zamathebula okuqondiwe (ukubukwa, i-fdw (I-Foreign Data Wrapper), amathebula ahlukaniswe izingxenye, amathebula e-citus asabalalisiwe);
  • Ikhono lokuchaza kabusha amagama ethebula (ukuphindaphinda kusuka kwelinye ithebula kuya kwelinye);
  • Ukusekelwa kokuphindaphinda okunezinhlangothi ezimbili ngokudlulisa izinguquko zendawo kuphela kanye nokuziba ukuphindaphinda okuvela ngaphandle;
  • Ukutholakala kwesistimu yokuxazulula ukungqubuzana okusekelwe ku-algorithm ye-LWW (i-last-win-win);
  • Ikhono lokulondoloza ulwazi mayelana nokuqhubeka kokuphindaphinda kanye nezifaniso ezingasetshenzisiwe kuthebula elihlukile, elingasetshenziswa ukuze lilulame ngemva kokubuyiselwa kwenodi yokwamukela engatholakali okwesikhashana.

Source: opennet.ru

Engeza amazwana