# What is Pgpool-II? Pgpool-II is a tool to add useful features to PostgreSQL, including:
* connection pooling * load balancing * automatic failover and [more](https://www.pgpool.net/). # Minor releases Pgpool Global Development Group is pleased to announce the availability of following versions of Pgpool-II: * 4.4.2 * 4.3.5 * 4.2.12 * 4.1.15 * 4.0.22 This release contains a security fix. If following conditions are all met, the password of "wd_lifecheck_user" is exposed by "SHOW POOL STATUS" command. The command can be executed by any user who can connect to Pgpool-II. (CVE-2023-22332) * Version 3.3 or later * use_watchdog = on * wd_lifecheck_method = 'query' * A plain text password is set to wd_lifecheck_password In this case it is strongly recommended to upgrade to this version (we do not expose wd_lifecheck_password in show pool_status command any more), or use one of following workarounds. Workarounds for 4.0.x to 4.4.x users: * Disable watchdog. Set use_watchdog to off. * Change wd_lifecheck_method to heartbeat. * Set an empty string to wd_lifecheck_password. This will use password in the pool_passwd file. * Set an AES encrypted password to wd_lifecheck_password. In any case we recommend to change "wd_lifecheck_password" in PostgreSQL. Workarounds for 3.0.x to 3.7.x users: * Disable watchdog. Set use_watchdog to off. * Change wd_lifecheck_method to heartbeat. In any case we recommend to change "wd_lifecheck_password" in PostgreSQL. Please note that Pgpool-II 3.7.x or before are end of life and no minor updates are provided for those versions. Please take a look at [release notes](https://www.pgpool.net/docs/latest/en/html/release.html). You can download [the source code and RPMs](https://pgpool.net/mediawiki/index.php/Downloads).
