PgBackMan 1.2.0 available now

New version of popular PostgreSQL related tool released
05 July 2017   2112
PostgeSQL

An object-relational database management system with an emphasis on extensibility and standards compliance.

PgBackMan is a tool for managing PostgreSQL logical backups created with pg_dump and pg_dumpall.

It is designed to manage backups from thousands of databases running in multiple PostgreSQL nodes, and it supports a multiple backup server topology.

This new update provides some new features and fixes bugs from version 1.1.0. Source files, RPM and DEB files are available at GitHub.

Features list:

  • Add dbname exception field to "register snapshot definition"
  • Add dbname exception field to "register backup definitions"
  • Possibility of defining multiple snapshots definitions in one command
  • Update "show pgbackman config" to show more information
  • Define a default backup server in all backup servers inputs.
  • Possibility of generating CSV and JSON output with all show_* pgbackman commands
  • Refactor the code used to manage command line parameters and define new parameters.
  • Automatic compression of cluster type backups if gzip is available.
  • New command to move backup definitions between backup servers.
  • Add support for postgreSQL 9.

Migration to 1.2.0

Upgrade to new version is always important task and it has to be complited very carefully. You can have more info at this section.

Issues fixed:

  • "show job queues" view does not show the right domain for pgsql_nodes.
  • Backup definitions of type CLUSTER getting DELETE status. 

PostgeSQL to Deny COPY...PROGRAM Vulnerability

Developers state that CVE-2019-9193 is not a vulnerability at all
05 April 2019   183

In response to the news based on the CVE-2019-9193 vulnerability report, PostgreSQL developers have published a refutation. CVE-2019-9193 is being presented by some analysts as a critical remotely exploited problem, which in the default configuration, through manipulations with the COPY TO / FROM PROGRAM construct, executes arbitrary code with user rights under which the DBMS is running. As reported, these statements do not correspond to reality, the problem described is contrived and CVE-2019-9193 is in fact not a vulnerability. The vulnerability identifier CVE-2019-9193 was issued by mistake.

We encourage all users of PostgreSQL to follow the best practice that is to never grant superuser access to remote or otherwise untrusted users. This is a standard security operating procedure that is followed in system administration and extends to database administration as well.
 

PostgreSQL Team

The construction of "COPY TO / FROM PROGRAM" is a regular functionality that is available only to a user with administrative rights (superuser) or with the explicit delegation of the authority "pg_execute_server_program". Contrary to statements in publications, the pg_read_server_files and pg_write_server_files rights granted by default do not grant authority to execute the COPY..PROGRAM construct. Regular DBMS users do not have the ability to run handlers using the "COPY TO / FROM PROGRAM", and the administrator does not need to break into his own environment in which the database is running and which already has full access (the database administrator has the authority of the user under which PostgreSQL is running).