PostgreSQL 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25 released
There is a whole new set of PostgreSQL releases out there, the main purposeof which is to include an important security fix."Using a purpose-crafted trigger definition, an attacker can runarbitrary SQL statements with superuser privileges when a superuser runs`pg_upgrade` on the database or during a pg_dump dump/restore cycle.This attack requires a `CREATE` privilege on some non-temporary schemaor a `TRIGGER` privilege on a table. This is exploitable in the defaultPostgreSQL configuration, where all users have `CREATE` privilege on`public` schema." Note that this is the final update for the 9.3series; users on that version should be planning an upgrade in the nearfuture.