Skip to content

Commit

Permalink
v1.16.1
Browse files Browse the repository at this point in the history
  • Loading branch information
@petere
petere committed Nov 11, 2021
1 parent e4453c9 commit eadd71f
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
15 changes: 15 additions & 0 deletions NEWS.md
View file
Expand Up @@ -4,6 +4,21 @@ PgBouncer changelog
PgBouncer 1.16.x
----------------

**2021-11-11 - PgBouncer 1.16.1 - "Test of depth against quiet efficiency"**

This is a minor release with a security fix.

* Make PgBouncer acting as a server reject extraneous data after an
SSL or GSS encryption handshake.

A man-in-the-middle with the ability to inject data into the TCP
connection could stuff some cleartext data into the start of a
supposedly encryption-protected database session. This could be
abused to send faked SQL commands to the server, although that would
only work if PgBouncer did not demand any authentication data.
(However, a PgBouncer setup relying on SSL certificate
authentication might well not do so.)

**2021-08-09 - PgBouncer 1.16.0 - "Fended off a jaguar"**

- Features
Expand Down
2 changes: 1 addition & 1 deletion configure.ac
View file
@@ -1,7 +1,7 @@
dnl Process this file with autoconf to produce a configure script.

AC_INIT([PgBouncer],
[1.16.0],
[1.16.1],
[https://github.com/pgbouncer/pgbouncer/issues], [],
[https://www.pgbouncer.org/])
AC_CONFIG_SRCDIR(src/janitor.c)
Expand Down

0 comments on commit eadd71f

Please sign in to comment.