Documentation Portal

Light theme Dark theme

2.9.14¶

(2023-09-26)

Addressed issues¶

(FIELD-6364) Fixed an issue wherein the --enable-pprof flag did not function as expected.
(FIELD-6330) Fixed an issue wherein a specific corner case could incorrectly produce a nil pointer error in the dtr-api container.
(FIELD-2238) Fixed an issue wherein pushing an image to an immutable registry resulted in an uninformative error message.

Note

FIELD-2238 was appended to these release notes on 2023-09-28.

Security information¶

Resolved CVEs, as detailed:

CVE	Status	Problem details from upstream
CVE-2023-39417	Resolved	In the extension script, a SQL Injection vulnerability was found in PostgreSQL if it uses `@extowner@`, `@extschema@`, or `@extschema:...@` inside a quoting construct (dollar quoting, `''`, or `""`). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level `CREATE` privilege can execute arbitrary code as the bootstrap superuser.