A critical security vulnerability, CVE-2024-7348, impacts PostgreSQL versions 12 through 16, allowing attackers to execute arbitrary SQL code during `pg_dump` operations. The PostgreSQL team has released minor updates that fix this TOCTOU race condition vulnerability by introducing a new server parameter, `restrict_nonsystem_relation_kind`. Users are urged to upgrade immediately and review their setup, including user permissions, to avoid potential data compromise.
Table of contents
Why Should You Upgrade Your PostgreSQL Today? 🦉Sort: