On Thu, Nov 12, 2020 at 4:13 PM richard coleman <rcoleman.ascen...@gmail.com> wrote:
> Dave, > > Thanks, but I expected that once an issue makes it into a release, and a > release announcement, that the veil is pulled back. > It has been - we just forgot with this one. There are a lot of moving parts in a release, and that's one that can't easily be automated. > > rik. > > On Thu, Nov 12, 2020 at 11:05 AM Dave Page <dp...@pgadmin.org> wrote: > >> Richard, >> >> On Thu, Nov 12, 2020 at 3:59 PM richard coleman < >> rcoleman.ascen...@gmail.com> wrote: >> >>> Hi All, >>> >>> The release notes list: >>> >>> Issue #5919 <https://redmine.postgresql.org/issues/5919> - Added >>> security related enhancements. >>> >>> >>> But this issue does not show up on the list of issues and following the >>> link returns a 403 error. What exactly was included in this change? >>> >> >> The issue (like all security issues) was marked as private. We make the >> public following the release, which has now been done. The commit lists the >> following changes: >> >> Added following security enhancements: >> 1) Added ALLOWED_HOSTS list to limit the host address. >> 2) Added CSP and HSTS security header. >> 3) Hide the webserver/ development framework version. >> >> >>> >>> It doesn't seem exactly *transparent* that *secret* changes are being >>> made to this program. >>> >> >> We almost always make security changes in secret, in much the same way as >> other Open Source projects (e.g. PostgreSQL) do. That is to help protect >> users by not advertising potential vulnerabilities before fixes are >> available. >> >> >> >>> >>> Thanks, >>> >>> rik. >>> >>> On Thu, Nov 12, 2020 at 6:34 AM Akshay Joshi < >>> akshay.jo...@enterprisedb.com> wrote: >>> >>>> The pgAdmin Development Team is pleased to announce pgAdmin 4 version >>>> 4.28. >>>> This release of pgAdmin 4 includes 19 bug fixes and new features. For >>>> more details please see the release notes at: >>>> >>>> https://www.pgadmin.org/docs/pgadmin4/4.28/release_notes_4_28.html. >>>> >>>> pgAdmin is the leading Open Source graphical management tool for >>>> PostgreSQL. For more information, please see: >>>> >>>> https://www.pgadmin.org/ >>>> >>>> Notable changes in this release include: >>>> >>>> - Added support to download utility files at the client-side. >>>> - Added support to rename query tool and debugger tabs title. >>>> - Added support for dynamic tab size. >>>> - Added tab title placeholder for Query Tool, View/Edit Data, and >>>> Debugger. >>>> - Added support to compare schemas and databases in schema diff. >>>> - Ensure that non-superuser should be able to debug the function. >>>> - Ensure that query history should be listed by date/time in >>>> descending order. >>>> - Ensure that Grant Wizard should include foreign tables. >>>> - Ensure that search object functionality works with case >>>> insensitive string. >>>> >>>> >>>> Builds for Windows and macOS are available now, along with a Python >>>> Wheel, >>>> Docker Container, RPM, DEB Package, and source code tarball from: >>>> >>>> https://www.pgadmin.org/download/ >>>> >>>> -- >>>> Akshay Joshi >>>> pgAdmin Project >>>> >>>> >> >> -- >> Dave Page >> Blog: http://pgsnake.blogspot.com >> Twitter: @pgsnake >> >> EDB: http://www.enterprisedb.com >> >> -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EDB: http://www.enterprisedb.com
