Skip to content

Commit 7293fb1

Browse files
committed
Update changelog for v5.10.0
1 parent 1ade285 commit 7293fb1

1 file changed

Lines changed: 40 additions & 0 deletions

File tree

CHANGELOG.md

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,43 @@
1+
# 5.10.0 (June 3, 2026)
2+
3+
This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers,
4+
contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled
5+
message sizes, caps server-supplied SCRAM iteration counts, adds `require_auth` to restrict which authentication
6+
methods a server may use (mitigating downgrade attacks under `sslmode=prefer`), and ensures cancellation requests are
7+
sent over TLS when the original connection used TLS.
8+
9+
## Features
10+
11+
* Add `require_auth` to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)
12+
* Add `ParseConfigOptions.ConnStringAllowedKeys` to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)
13+
* Add `StructArgs` and `StrictStructArgs` for `@`-named queries (Tubelight30)
14+
* Add `ErrConnClosed` sentinel error and unwrap it from `connLockError` (Charlie Tonneslan)
15+
* pgxpool: check if connection is expired before acquire (arthurdotwork)
16+
17+
## Security Hardening
18+
19+
* Encrypt `CancelRequest` connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)
20+
* Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)
21+
* Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)
22+
* Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)
23+
* Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
24+
* Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
25+
* Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)
26+
* Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)
27+
* Fix panic on malformed geometric text; return an error instead (MaIII)
28+
29+
## Fixes
30+
31+
* Fix scanning `"char"` (OID 18) into `*string` in binary format (luongs3)
32+
* Fix handling of typed-nil `driver.Valuer` in array and composite codecs (Donncha Fahy)
33+
* Fix `CopyData.Data` hex decoding in `UnmarshalJSON` (Charlie Tonneslan)
34+
* Fix data race when context is cancelled during connect
35+
* Fix `parseKeywordValueSettings` rejecting trailing whitespace (alliasgher)
36+
* pgconn: preserve full error chain in `normalizeTimeoutError` (Charlie Tonneslan)
37+
* pgconn: use a fresh context for the fallback connection in `connectPreferred` (Charlie Tonneslan)
38+
* pgxpool: fix `MaxLifetimeDestroyCount` and ping order for acquire-time expiry check
39+
* Add missing error check of `rows.Err` to load types (Jen Altavilla)
40+
141
# 5.9.2 (April 18, 2026)
242

343
Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

0 commit comments

Comments
 (0)