formed Corrective updates for all supported PostgreSQL branches: 13.4 , 12.8 , 11.13 , 10.18 And 9.6.23 . Updates for branch 9.6 will be formed until November 2021, 10 – until November 2022, 11 – until November 2023, 12 – until November 2024, 13 until November 2025.
In the new versions 75 corrections were proposed and the vulnerability was eliminated CVE-2021-3677, allowing you to read the contents of the server process through the execution of a specially decorated query. The attack can be done by any user having access to SQL queries. The problem is subject to only PostgreSQL 11, 12 and 13 branches. The well-known attack options do not affect the configurations with the MAX_WORKER_PROCESS = 0 setting, but the existence of options that do not depend on this setting are not excluded.