👍
On Thu, Nov 12, 2020 at 11:22 AM Dave Page <dp...@pgadmin.org> wrote: > > > On Thu, Nov 12, 2020 at 4:13 PM richard coleman < > rcoleman.ascen...@gmail.com> wrote: > >> Dave, >> >> Thanks, but I expected that once an issue makes it into a release, and a >> release announcement, that the veil is pulled back. >> > > It has been - we just forgot with this one. There are a lot of moving > parts in a release, and that's one that can't easily be automated. > > >> >> rik. >> >> On Thu, Nov 12, 2020 at 11:05 AM Dave Page <dp...@pgadmin.org> wrote: >> >>> Richard, >>> >>> On Thu, Nov 12, 2020 at 3:59 PM richard coleman < >>> rcoleman.ascen...@gmail.com> wrote: >>> >>>> Hi All, >>>> >>>> The release notes list: >>>> >>>> Issue #5919 <https://redmine.postgresql.org/issues/5919> - Added >>>> security related enhancements. >>>> >>>> >>>> But this issue does not show up on the list of issues and following the >>>> link returns a 403 error. What exactly was included in this change? >>>> >>> >>> The issue (like all security issues) was marked as private. We make the >>> public following the release, which has now been done. The commit lists the >>> following changes: >>> >>> Added following security enhancements: >>> 1) Added ALLOWED_HOSTS list to limit the host address. >>> 2) Added CSP and HSTS security header. >>> 3) Hide the webserver/ development framework version. >>> >>> >>>> >>>> It doesn't seem exactly *transparent* that *secret* changes are being >>>> made to this program. >>>> >>> >>> We almost always make security changes in secret, in much the same way >>> as other Open Source projects (e.g. PostgreSQL) do. That is to help protect >>> users by not advertising potential vulnerabilities before fixes are >>> available. >>> >>> >>> >>>> >>>> Thanks, >>>> >>>> rik. >>>> >>>> On Thu, Nov 12, 2020 at 6:34 AM Akshay Joshi < >>>> akshay.jo...@enterprisedb.com> wrote: >>>> >>>>> The pgAdmin Development Team is pleased to announce pgAdmin 4 version >>>>> 4.28. >>>>> This release of pgAdmin 4 includes 19 bug fixes and new features. For >>>>> more details please see the release notes at: >>>>> >>>>> https://www.pgadmin.org/docs/pgadmin4/4.28/release_notes_4_28.html >>>>> . >>>>> >>>>> pgAdmin is the leading Open Source graphical management tool for >>>>> PostgreSQL. For more information, please see: >>>>> >>>>> https://www.pgadmin.org/ >>>>> >>>>> Notable changes in this release include: >>>>> >>>>> - Added support to download utility files at the client-side. >>>>> - Added support to rename query tool and debugger tabs title. >>>>> - Added support for dynamic tab size. >>>>> - Added tab title placeholder for Query Tool, View/Edit Data, and >>>>> Debugger. >>>>> - Added support to compare schemas and databases in schema diff. >>>>> - Ensure that non-superuser should be able to debug the function. >>>>> - Ensure that query history should be listed by date/time in >>>>> descending order. >>>>> - Ensure that Grant Wizard should include foreign tables. >>>>> - Ensure that search object functionality works with case >>>>> insensitive string. >>>>> >>>>> >>>>> Builds for Windows and macOS are available now, along with a Python >>>>> Wheel, >>>>> Docker Container, RPM, DEB Package, and source code tarball from: >>>>> >>>>> https://www.pgadmin.org/download/ >>>>> >>>>> -- >>>>> Akshay Joshi >>>>> pgAdmin Project >>>>> >>>>> >>> >>> -- >>> Dave Page >>> Blog: http://pgsnake.blogspot.com >>> Twitter: @pgsnake >>> >>> EDB: http://www.enterprisedb.com >>> >>> > > -- > Dave Page > Blog: http://pgsnake.blogspot.com > Twitter: @pgsnake > > EDB: http://www.enterprisedb.com > >
