Navigation :

Release 4.2.6

pgpool-II 4.2.10 Documentation
Prev Up Appendix A. Release Notes Next

Release Date: 2021-11-18

A.5.1. Security release

  • Reject extraneous data after SSL encryption handshake. (Tatsuo Ishii)

    In the server side implementation of SSL negotiation, it was possible for a man-in-the-middle attacker to inject arbitrary SQL commands. This is possible if Pgpool-II is configured to use cert authentication or hostssl + trust. This resembles PostgreSQL's CVE-2021-23214.

    Similarly, in the client side implementation of SSL negotiation, it was possible for a man-in-the-middle attacker to inject arbitrary responses. This is possible if PostgreSQL is using trust authentication with a clientcert requirement. It is not possible with cert authentication because Pgpool-II does not implement the cert authentication between Pgpool-II and PostgreSQL. This resembles PostgreSQL's CVE-2021-23222.

A.5.2. Changes

  • Deal with PostgreSQL 14 while processing pg_terminate_backend() . (Tatsuo Ishii)

  • Enhance SIGCHLD handler of Pgpool-II main process. (Tatsuo Ishii)

    When Pgpool-II child is killed by SIGKILL signal, the SIGCHLD handler just emitted LOG level message as other signals. But SIGKILL is an important event, for example killed by OOM killer. So emit a WARNING level message instead. Per suggestion from Michail Alexakis. Discussion: [pgpool-general: 7750]

A.5.3. Bug fixes

  • Fix application_name array lacking an entry for logger process. (Tatsuo Ishii)

  • Fix connection counter issue when reserved_connections is 0. (Tatsuo Ishii)

    If reserved_connections is 0, we don't need to manage the connection counter. This will prevent unwanted "Sorry, too many clients already" error by accidental counter leak. Discussion: [pgpool-general: 7750]

  • Fix for bug 732 : Segmentation fault at failover ... (Muhammad Usama)

  • Fix occasional hang in COPY FROM . (Tatsuo Ishii)

    If an error occurs while doing COPY FROM , it was possible the Pgpool-II waited forever for a response from backend after COPY end marker was sent from frontend. The bug was found by Bo Peng.

A.5.4. Documents

  • Doc: fix documentation typos. (Bo Peng)

  • Fix typos in documentation and sample scripts. (Bo Peng)

    Patch is created by Kazufumi Noto.

  • Doc: fix yum install command typo in configuration example. (Bo Peng)

A.5.5. Regression tests

  • Fix occasional 073.pg_terminate_backend regression test failure. (Tatsuo Ishii)

  • Rename regression test 074. (Bo Peng)

  • Fix pg_config command path to avoid test failure. (Bo Peng)

  • Fix psql command path to avoid test failure. (Bo Peng)