New IBM Cloud Compose for PostgreSQL Version Updates Address Security Issues

Share this post:

Update your IBM Cloud Compose for PostgreSQL version today

IBM Cloud Compose for PostgreSQL has new, updated versions available. The new versions address security issues for which we recommend updating existing deployments as soon as possible.

Last week saw the release of PostgreSQL updates which included fixes for two security issues. These issues are of concern as they involve vulnerabilities which could be exploited remotely to potentially expose server memory (9.5.x and 9.6.x) or access other servers through extensions such as dblink or pg_fdw (9.4.x, 9.5.x, 9.6.x).  That said, there are no known exploits for either issue.

What IBM Cloud Compose is doing

We are making PostgreSQL 9.4.19, 9.5.14, and 9.6.10 available immediately. This is to allow users to upgrade as soon as possible to the new versions.

The vulnerabilities have been fixed as part of a range of bug fixes incorporated in the various updates. Notes for 9.4.19, 9.5.14, and 9.6.10 list the changes made in each edition.

We are not setting these new versions to preferred—the default for new deployments—yet, so when creating a new deployment, please remember to select the most recent version. We are currently planning to make these new versions preferred on September 20th. When that happens, we’ll be removing the ability to provision older versions of PostgreSQL. From that point onwards, we will beginning managed, forced upgrades of PostgreSQL databases to the highest minor version.

Your options for action

We hope that you will make the time to protect your database by upgrading it to the latest minor version using the in-place upgrade option in settings. This will allow you to control when the upgrade is scheduled. In place upgrades have minimal disruption as they are done on a rolling basis, allowing the database to gracefully failover as the nodes are upgraded.

You may wish to consider also taking the opportunity to upgrade to a more recent major version of PostgreSQL. You can then make use of the many new features available. PostgreSQL 9.5 added the “Upsert” feature and enhanced JSONB. PostgreSQL 9.6 improved vacuuming and added full-text search for phrases. You can do that with the Restore-from-Backup capability. This allows you to take a recent backup and create a new deployment with a newer version of PostgreSQL on it. Read more about the process in the migration section of IBM Cloud Compose documentation on upgrading PostgreSQL major versions.

Whatever you do, upgrade to one of these new versions. On September 20th, when we move to “preferred” status for them, we will be begin the process on managed, forced upgrades on older versions. This will help eliminate the underlying security issues from the IBM Cloud Compose platform.

Compose's Technical Content Curator

More Databases stories
April 26, 2019

Updated Tutorial: Database-Driven Chatbot

The tutorial on how to build a database-driven chatbot has been updated. It's now simpler to deploy and and offers more options—Slack, Facebook Messenger, Wordpress, and more.

Continue reading

April 18, 2019

Getting Started with IBM Cloud Databases for Elasticsearch and Kibana

In this article, we’ll show you how to use Docker to connect your Databases for Elasticsearch deployment to Kibana—the open source tool that lets you add visualization capabilities to your Elasticsearch database.

Continue reading

April 8, 2019

IBM Cloud Databases: Announcing Read Replicas and LogDNA Integration

IBM Cloud Databases is announcing the availability of database read replicas and IBM Log Analysis with LogDNA.

Continue reading