The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 13.1, 12.5, 11.10, 10.15, 9.6.20 and
9.5.24. This release closes three security vulnerabilities and fixes over 65
bugs reported over the last three months.
Due to the nature of CVE-2020-25695, we advise you to update as soon as possible.
Additionally, this is the second-to-last release of PostgreSQL 9.5. If you are
running PostgreSQL 9.5 in a production environment, we suggest that you make
plans to upgrade.
For the full list of changes, please review the release notes.
Security: CVE-2020-25695: Multiple features escape "security restricted
operation" sandbox
Security: CVE-2020-25694: Reconnection can downgrade connection security
settings
Security: CVE-2020-25696: psql's \gset allows overwriting specially
treated variables
4ffca4aa7f