Prepare 4.0.1.

author Bo Peng <[email protected]>

Thu, 20 Dec 2018 06:19:24 +0000 (15:19 +0900)

committer Bo Peng <[email protected]>

Thu, 20 Dec 2018 06:19:24 +0000 (15:19 +0900)
author Bo Peng <[email protected]>
Thu, 20 Dec 2018 06:19:24 +0000 (15:19 +0900)
committer Bo Peng <[email protected]>
Thu, 20 Dec 2018 06:19:24 +0000 (15:19 +0900)
diff --git a/NEWS b/NEWS

index 3795e8972c33ce76430251872567b6d678039bb0..e64719242e3807b2a19f747e53b7a3121e4b3298 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,19 @@
  pgpoolAdmin 4.0
  ===============================================================================
  
+* Version 4.0.1 2018/12/20
+
+  ** Bug fixes
+
+   - PgpoolAdmin has a vulnerability to allow an attacker to
+     login without properly checking the authorization. 
+     Once getting into PgpoolAdmin, the attacker can control 
+     Pgpool-II. Also it may be possible to obtain the superuser 
+     role of a PostgreSQL database. 
+     PgPool Global Development Group would like to thank Fotios Rogkotis
+     of DarkMatter for finding the security issue and giving us the
+     detailed studies on it. (CVE-2018-16203)
+
  * Version 4.0.0 2018/10/19
  
    ** New features
diff --git a/version.php b/version.php

index 43541a6a685d913cf67352d1faeed8506a197ab4..f65a2535356b7bfa4fd0418e5481fd176582082f 100644 (file)
--- a/version.php
+++ b/version.php
@@ -23,6 +23,6 @@
   * @version    SVN: $Id$\r
   */\r
  \r
-$version = '4.0.0';\r
+$version = '4.0.1';\r
  \r
  ?>\r
author	Bo Peng <[email protected]>
	Thu, 20 Dec 2018 06:19:24 +0000 (15:19 +0900)
committer	Bo Peng <[email protected]>
	Thu, 20 Dec 2018 06:19:24 +0000 (15:19 +0900)
NEWS		patch \| blob \| blame \| history
version.php		patch \| blob \| blame \| history