PostgreSQL 12.2 Released with security fixes, 9.4 series reaching EOL

Editorial Staff

February 13, PostgreSQL Global Development Group released “PostgreSQL 12.2”, the latest version of the open-source beta system.  It includes many small fixes, focusing on security improvements.

PostgreSQL 12.2 is the latest point release of the version 12 series, which made the first appearance in October 2019.

Vulnerability CVE-2020-1720 has been fixed.  CVE-2020-1720  is a vulnerability in which the “ALTER … DEPENDS ON EXTENSION” subcommands don’t perform appropriate authorization, and therefore unprivileged users can execute to drop any function, materialized view, and so on.  This vulnerability affects PostgreSQL version 9.6 to 12.

Another fixed vulnerability to note is the “TRUNCATE … CASCADE”. The problem that the entire data gets deleted when TRUNCATE … CASCADE is executed is fixed.  Also, it includes over 75 bug fixes.

PostgreSQL is available on the project website.  Besides the 12 series, they have released the latest versions for the 11 series (11.7) , the 10 series (10.12), and the 9 series (9.6.17/9.5.21/9.4.26).  As the 9.4 series has reached the EOL (End of life) with v9.4.26, users of 9.4 series will have to upgrade to upper version.

PostgreSQL
https://www.postgresql.org/