Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN210

_____________________________________________________________________

DATE                : 07/04/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running pgAdmin 4 versions prior to 9.2.

=====================================================================
https://www.pgadmin.org/
_____________________________________________________________________

2025-04-03 - pgAdmin 4 v9.2 Released

The pgAdmin Development Team is pleased to announce pgAdmin 4 version
9.2. This release of pgAdmin 4 includes 24 bug fixes and new features.
For more details, please see the release notes.

Notable changes in this release include:

Features:

    Added an ability to configure the font family for SQL editors.
    Added support to automatically open a file after it is downloaded
in the desktop mode.
    Added support for post-connection SQL execution, which will be
run automatically on each connection made to any database of the
server.
    Add support for restoring plain SQL database dumps.
    Added support for creating Directory nodes in EPAS.
    Change icon buttons to show tooltips even when disabled.
    Add an option to load/replace the servers.json file on each
container startup.
    Open user management in a separate tab instead of a dialog to
enhance UI/UX.


Bugs/Housekeeping:

    Fixed an XSS vulnerability issue in the Query Tool and View/Edit
Data (CVE-2025-2946).
    Fixed a remote code execution issue in the Query Tool and Cloud
Deployment (CVE-2025-2945).
    Ensure that modal dialogs are not triggered more than once to
avoid duplicates.
    Fixed an issue where pgAdmin should fallback to the main screen
if the last opened screen is disconnected.
    Fixed an issue where the PSQL terminal displays keyname for
non-alphanumeric keys.
    Change the stop/terminate icon at all the places for better UX.
    Fixed an issue where the query tool data grid did not respect
the default value for columns of domain type when the domain had a
default value.
    Ensure the newly added parameters in the server dialog are
incorporated into the Import/Export Servers functionality.
    Fixed an issue where the query tool is crashing on macOS 15.4
due to a locale issue.
    Fixed an issue where the upgrade_check API returned an unexpected
keyword argument 'cafile' due to changes in the urllib package
supporting Python v3.13.


Download your copy now!

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================