Databases

New IBM Cloud Compose for PostgreSQL Version Updates Address Security Issues

Share this post:

Update your IBM Cloud Compose for PostgreSQL version today

IBM Cloud Compose for PostgreSQL has new, updated versions available. The new versions address security issues for which we recommend updating existing deployments as soon as possible.

Last week saw the release of PostgreSQL updates which included fixes for two security issues. These issues are of concern as they involve vulnerabilities which could be exploited remotely to potentially expose server memory (9.5.x and 9.6.x) or access other servers through extensions such as dblink or pg_fdw (9.4.x, 9.5.x, 9.6.x).  That said, there are no known exploits for either issue.

What IBM Cloud Compose is doing

We are making PostgreSQL 9.4.19, 9.5.14, and 9.6.10 available immediately. This is to allow users to upgrade as soon as possible to the new versions.

The vulnerabilities have been fixed as part of a range of bug fixes incorporated in the various updates. Notes for 9.4.19, 9.5.14, and 9.6.10 list the changes made in each edition.

We are not setting these new versions to preferred—the default for new deployments—yet, so when creating a new deployment, please remember to select the most recent version. We are currently planning to make these new versions preferred on September 20th. When that happens, we’ll be removing the ability to provision older versions of PostgreSQL. From that point onwards, we will beginning managed, forced upgrades of PostgreSQL databases to the highest minor version.

Your options for action

We hope that you will make the time to protect your database by upgrading it to the latest minor version using the in-place upgrade option in settings. This will allow you to control when the upgrade is scheduled. In place upgrades have minimal disruption as they are done on a rolling basis, allowing the database to gracefully failover as the nodes are upgraded.

You may wish to consider also taking the opportunity to upgrade to a more recent major version of PostgreSQL. You can then make use of the many new features available. PostgreSQL 9.5 added the “Upsert” feature and enhanced JSONB. PostgreSQL 9.6 improved vacuuming and added full-text search for phrases. You can do that with the Restore-from-Backup capability. This allows you to take a recent backup and create a new deployment with a newer version of PostgreSQL on it. Read more about the process in the migration section of IBM Cloud Compose documentation on upgrading PostgreSQL major versions.

Whatever you do, upgrade to one of these new versions. On September 20th, when we move to “preferred” status for them, we will be begin the process on managed, forced upgrades on older versions. This will help eliminate the underlying security issues from the IBM Cloud Compose platform.

Compose's Technical Content Curator

More Databases stories
February 13, 2019

IBM Cloudant Security Update: TLS 1.2+ and Service Endpoints

The IBM Cloudant team wants to share some very important updates that will bring enhanced security to the service. These updates will change the way you engage with Cloudant, so please review to ensure that your applications can take advantage and continue uninterrupted.

Continue reading

February 13, 2019

Introducing IBM Cloudant Partition Queries: Faster, Cheaper, and More Scalable

To meet our customer demands while improving the scalability and performance of Cloudant, we are excited to introduce partition queries—a scalable, faster, and cheaper way to query a Cloudant database.

Continue reading

February 5, 2019

IBM Cloud Databases Update: New Regions and Integrations

We are excited to announce new integrations and the expansion of IBM Cloud Databases services into the IBM Cloud regions of Sydney, London, and Washington D.C.

Continue reading