Hello hello hello friends, enemies and mortal foes it is I here once again with a little release for you!
This one is a medium security release mostly, @mae@is.badat.dev brought an issue to our attention wherein a badly configured firewall or other such fun could create the possibility for someone to use a weak http signature - thanks so much for telling us! we now enforce the existence of the host header and check that it matches ours to prevent this from occuring.
and this release is the fix for that, alongside a few small maintenance fixes
Nothing flashy to show you, check the changelog for a full list of changes, but you shouldn’t really notice much different.
There ARE database migrations this time! Make sure you run them! Normal way, nothing special.
2 Likes
Notably though, update instructions chagned slightly and now have an extra apply-as-needed step at the end. Worth rereading them ^^
Similarly backup restore instructions changed in a small but positively noteworthy way:
It is no longer necessary to force sequential, single-transaction mode. Now indexes can and are recommended to be restored in parallel significantly speeding up the overall process. If you’re now thinking, “ehh, I’ve already been using parallel restore the entire time, still slow”, even better news for you: due to a (now removed) index interdependence, ignoring instructions and using parallel restore before this release caused pg_restore to start restoring some indexes before other indexes they heavily depend on were done. Ironically then leading to much worse restore times than pure sequential mode. For you the difference will be especially pronounced
Update went fine, thanks!