2024.04.4 Release
Docker tag: quay.io/pganalyze/enterprise:v2024.04.4
Notes
- This is a security patch release on top of 2024.04.0, 2024.04.1, 2024.04.2 and 2024.04.3
- This release does not have any new database migrations, and is easy to apply (or rollback)
- If you're upgrading from a release before 2024.04.0, be sure to read those release notes, and follow the recommended upgrade steps
- We recommend upgrading as soon as possible if you are utilizing SAML authentication in pganalyze
- Security impact: The resolved CVE-2024-45409 in ruby-saml would have allowed impersonating any member within your pganalyze organization by an internal threat actor with existing access to your SAML application or SAML identity provider (for example escalating from a view-only role to one that allows modifying server configuration in pganalyze)
- Contact our security team for questions on the security content of this release
Security
- Update ruby-saml for CVE-2024-45409
- Update bundled collector from 0.57.0 to 0.58.0
- Log Insights: Redact parameters from utility statements by default
- See the collector changelog for the full details
- Other package security upgrades (Rails CVE-2024-26144, rexml CVE-2024-43398, ws CVE-2024-37890, braces CVE-2024-4068, bootstrap CVE-2024-6531, fugit CVE-2024-43380)
- Routine security updates to packages in the base image
Couldn't find what you were looking for or want to talk about something specific?
Start a conversation with us →