Dave, Thanks, but I expected that once an issue makes it into a release, and a release announcement, that the veil is pulled back.
rik. On Thu, Nov 12, 2020 at 11:05 AM Dave Page <dp...@pgadmin.org> wrote: > Richard, > > On Thu, Nov 12, 2020 at 3:59 PM richard coleman < > rcoleman.ascen...@gmail.com> wrote: > >> Hi All, >> >> The release notes list: >> >> Issue #5919 <https://redmine.postgresql.org/issues/5919> - Added >> security related enhancements. >> >> >> But this issue does not show up on the list of issues and following the >> link returns a 403 error. What exactly was included in this change? >> > > The issue (like all security issues) was marked as private. We make the > public following the release, which has now been done. The commit lists the > following changes: > > Added following security enhancements: > 1) Added ALLOWED_HOSTS list to limit the host address. > 2) Added CSP and HSTS security header. > 3) Hide the webserver/ development framework version. > > >> >> It doesn't seem exactly *transparent* that *secret* changes are being >> made to this program. >> > > We almost always make security changes in secret, in much the same way as > other Open Source projects (e.g. PostgreSQL) do. That is to help protect > users by not advertising potential vulnerabilities before fixes are > available. > > > >> >> Thanks, >> >> rik. >> >> On Thu, Nov 12, 2020 at 6:34 AM Akshay Joshi < >> akshay.jo...@enterprisedb.com> wrote: >> >>> The pgAdmin Development Team is pleased to announce pgAdmin 4 version >>> 4.28. >>> This release of pgAdmin 4 includes 19 bug fixes and new features. For >>> more details please see the release notes at: >>> >>> https://www.pgadmin.org/docs/pgadmin4/4.28/release_notes_4_28.html. >>> >>> pgAdmin is the leading Open Source graphical management tool for >>> PostgreSQL. For more information, please see: >>> >>> https://www.pgadmin.org/ >>> >>> Notable changes in this release include: >>> >>> - Added support to download utility files at the client-side. >>> - Added support to rename query tool and debugger tabs title. >>> - Added support for dynamic tab size. >>> - Added tab title placeholder for Query Tool, View/Edit Data, and >>> Debugger. >>> - Added support to compare schemas and databases in schema diff. >>> - Ensure that non-superuser should be able to debug the function. >>> - Ensure that query history should be listed by date/time in >>> descending order. >>> - Ensure that Grant Wizard should include foreign tables. >>> - Ensure that search object functionality works with case >>> insensitive string. >>> >>> >>> Builds for Windows and macOS are available now, along with a Python >>> Wheel, >>> Docker Container, RPM, DEB Package, and source code tarball from: >>> >>> https://www.pgadmin.org/download/ >>> >>> -- >>> Akshay Joshi >>> pgAdmin Project >>> >>> > > -- > Dave Page > Blog: http://pgsnake.blogspot.com > Twitter: @pgsnake > > EDB: http://www.enterprisedb.com > >
