A.63. Release 4.0.22

Release Date: 2023-01-23

A.63.1. Overview

This release contains a security fix.

If following conditions are all met, the password of wd_lifecheck_user is exposed by SHOW POOL STATUS command. The command can be executed by any user who can connect to Pgpool-II. (CVE-2023-22332)

In this case it is strongly recommended to upgrade to this version (we do not expose wd_lifecheck_password in show pool_status command any more), or use one of following workarounds.

Workarounds for 4.0.x to 4.4.x users:

In any case we recommend to change wd_lifecheck_password in PostgreSQL.

Workarounds for 3.0.x to 3.7.x users:

In any case we recommend to change wd_lifecheck_password in PostgreSQL.

Please note that Pgpool-II 3.7.x or before are end of life and no minor updates are provided for those versions.

A.63.2. Changes

A.63.3. Bug fixes

A.63.4. Documents