Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vQvAp-0027kF-3B for pgsql-announce@arkaria.postgresql.org; Wed, 03 Dec 2025 22:18:12 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vQvAo-00Gam2-2Z for pgsql-announce@arkaria.postgresql.org; Wed, 03 Dec 2025 22:18:11 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vQvAo-00Galm-01 for pgsql-announce@lists.postgresql.org; Wed, 03 Dec 2025 22:18:10 +0000 Received: from mahout.postgresql.org ([2001:4800:3e1:1::227]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vQvAl-002zdH-14 for pgsql-announce@lists.postgresql.org; Wed, 03 Dec 2025 22:18:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=postgresql.org; s=20171124; h=Message-ID:Date:Reply-To:From:To:Subject: MIME-Version:Content-Type:Sender:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:In-Reply-To:References; bh=kC4K457j91GHb7q9b3INyjRk+pWwDTh/9y3wEvdbcwM=; b=OKM/j7O98p/QxP2v5bsVF3yRiI C2Cuxub7QOOeealXHlXSqekP+zMpoiT2iGB9cDnb8uanMmz3q5dnXrfrG3AQoC8BI+uBubj2CHDDW BQ+VBEQ5FCaY6KQYFqDayh3QnAxvMssPaqvncNcWORceQAYohdh8HY35sRbVaN7owgbzFNFf+SHqA VYf+Py9IzCa0baQs0oQC6xuHozLb7PpU7n2TPqp5d4aMsK7Nrb5zTGANf7w1j/q4v0+n7qCN2a2U6 oc+Lzi0cVWOOARkOEJq5c06FnKqWKbwCtI7HVJCtlSb7Em0HniJ84bLEtpsROXmM7A2h512Qrb4dj 2s02g/uw==; Received: from wrigleys.postgresql.org ([217.196.149.60]) by mahout.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vQvAj-004hnN-2d for pgsql-announce@lists.postgresql.org; Wed, 03 Dec 2025 22:18:05 +0000 Received: from localhost ([127.0.0.1] helo=wrigleys.postgresql.org) by wrigleys.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vQvAg-0054Z5-2m for pgsql-announce@lists.postgresql.org; Wed, 03 Dec 2025 22:18:03 +0000 Content-Type: multipart/mixed; boundary="===============4232236993000785197==" MIME-Version: 1.0 Subject: PgBouncer 1.25.1 released - Fixing a bunch of bugs before Christmas (including CVE-2025-12819) To: PostgreSQL Announce From: PgBouncer via PostgreSQL Announce Reply-To: postgres-news-submissions@jeltef.nl Date: Wed, 03 Dec 2025 22:17:29 +0000 Message-ID: <176480024948.2921403.17247771773846586825@wrigleys.postgresql.org> X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-pglister-tags: related,security X-pglister-tagsig: 0463281da62400d1ec8f5e50acb1e43d1f2b6426833df06c13bacb11e2182390 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --===============4232236993000785197== Content-Type: multipart/alternative; boundary="===============6983687928756585517==" MIME-Version: 1.0 --===============6983687928756585517== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable PgBouncer 1.25.1 has been released. This release fixes CVE-2025-12819: Before this release it was possible for an unauthenticated attacker to exec= ute arbitrary SQL during authentication by providing a malicious search_pat= h parameter in the StartupMessage. Systems that have ALL the following conf= igurations are vulnerable: 1. `track_extra_parameters` includes search_path (non-default configuration= , probably only configured in setups involving Citus or PostgreSQL 18) 2. `auth_user` is set to a non-empty string (non-default configuration) 3. `auth_query` is configured without fully-qualified object names (default= configuration, the < operator is not schema q This release also fixes a bunch of bugs/issues introduced in the recent 1.2= 5.0 release. See the full details in the [changelog](https://pgbouncer.org/changelog.htm= l#pgbouncer-125x). Download here: [pgbouncer-1.25.1.tar.gz](https://pgbouncer.org/downloads/files/1.25.1/pgbo= uncer-1.25.1.tar.gz) ([sha256](https://pgbouncer.org/downloads/files/1.25.1/pgbouncer-1.25.1.tar= .gz.sha256)) --===============6983687928756585517== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable PgBouncer 1.25.1 released - Fixing a bunch of bugs before Chris= tmas (including CVE-2025-12819)
 

PgBouncer 1.25.1 released - Fixing a bunch of bugs before Christmas = (including CVE-2025-12819)

PgBouncer 1.25.1 has been released. This re= lease fixes CVE-2025-12819: Before this release it was possible for an unauthenticated attacker to exec= ute arbitrary SQL during authentication by providing a malicious search_pat= h parameter in the StartupMessage. Systems that have ALL the following conf= igurations are vulnerable:

  1. track_ext= ra_parameters includes search_path (non-default configuration, proba= bly only configured in setups involving Citus or PostgreSQL 18)
  2. auth_user= is set to a non-empty string (non-default configuration)
  3. auth_quer= y is configured without fully-qualified object names (default config= uration, the < operator is not schema q

This release also fixes a bunch of bugs/iss= ues introduced in the recent 1.25.0 release.

See the full details in the changelog.

Download here: pgbouncer-1.25.1= .tar.gz (sha256)
This email was sent to you from PgBouncer. It was delivered on their behalf= by the PostgreSQL project. Any questions about the content of the message shou= ld be sent to PgBouncer.

You were sent this email as a subscriber of the pgsql-announce mai= linglist, for for one of the content tags Related Open Source or Security. To unsubscribe from further emails, or change which emails you want to receive, please click th= e personal unsubscribe link that you can find in the headers of this email, or visit https://lists.postgresql.org/unsubscribe/.
 
--===============6983687928756585517==-- --===============4232236993000785197==--