Navigation :

Release 4.1.9

pgpool-II 4.2.10 Documentation
Prev Up Appendix A. Release Notes Next

Release Date: 2021-11-18

A.16.1. Security release

  • Reject extraneous data after SSL encryption handshake. (Tatsuo Ishii)

    In the server side implementation of SSL negotiation, it was possible for a man-in-the-middle attacker to inject arbitrary SQL commands. This is possible if Pgpool-II is configured to use cert authentication or hostssl + trust. This resembles PostgreSQL's CVE-2021-23214.

    Similarly, in the client side implementation of SSL negotiation, it was possible for a man-in-the-middle attacker to inject arbitrary responses. This is possible if PostgreSQL is using trust authentication with a clientcert requirement. It is not possible with cert authentication because Pgpool-II does not implement the cert authentication between Pgpool-II and PostgreSQL. This resembles PostgreSQL's CVE-2021-23222.

A.16.2. Changes

  • Deal with PostgreSQL 14 while processing pg_terminate_backend() . (Tatsuo Ishii)

  • Enhance SIGCHLD handler of Pgpool-II main process. (Tatsuo Ishii)

    When Pgpool-II child is killed by SIGKILL signal, the SIGCHLD handler just emitted LOG level message as other signals. But SIGKILL is an important event, for example killed by OOM killer. So emit a WARNING level message instead. Per suggestion from Michail Alexakis. Discussion: [pgpool-general: 7750]

A.16.3. Bug fixes

  • Fix connection counter issue when reserved_connections is 0. (Tatsuo Ishii)

    If reserved_connections is 0, we don't need to manage the connection counter. This will prevent unwanted "Sorry, too many clients already" error by accidental counter leak. Discussion: [pgpool-general: 7750]

  • Fix for bug 732 : Segmentation fault at failover ... (Muhammad Usama)

  • Fix occasional hang in COPY FROM . (Tatsuo Ishii)

    If an error occurs while doing COPY FROM , it was possible the Pgpool-II waited forever for a response from backend after COPY end marker was sent from frontend. The bug was found by Bo Peng.

  • Fix the incorrect display of load balancing node in raw mode. (Bo Peng)

    In raw mode, Pgpool-II sends all queies to main node. This is harmless, but it may confuse users.

  • Fix backend_flag* parameter shown twice while executing PGPOOL SHOW ALL . (Tatsuo Ishii)

A.16.4. Documents

  • Doc: fix documentation typos. (Bo Peng)

  • Fix typos in documentation and sample scripts. (Bo Peng)

    Patch is created by Kazufumi Noto.

  • Doc: Mention that double quotes are required in PGPOOL SHOW command, if the parameter contains uppercase letters. (Bo Peng)

A.16.5. Test tools

  • Fix pgpool_setup to do nothing when no new main node is available. (Tatsuo Ishii)

A.16.6. Regression tests

  • Fix occasional 073.pg_terminate_backend regression test failure. (Tatsuo Ishii)

  • Rename regression test 074. (Bo Peng)

  • Fix psql command path to avoid test failure. (Bo Peng)