audit

Tech Optimizer
July 8, 2026
A common issue in database migrations is the unplanned accumulation of extensions in PostgreSQL, leading to extension sprawl. Teams often install extensions without documenting the rationale, resulting in a complex web of dependencies that complicates future upgrades and removals. The installation process involves PostgreSQL accessing a control file that details the extension's version and dependencies, which can lead to multiple extensions being installed unintentionally. Upgrading and removing extensions are often neglected, causing risks such as the loss of dependent objects. Extensions typically default to the public schema, which can become cluttered; relocating them to dedicated schemas can improve organization. Trusted Language Extensions (TLE) allow non-privileged users to utilize procedural languages in managed databases without needing superuser access. Key extensions recommended for use include pg_stat_statements, pg_trgm, hstore, citext, and PostGIS, each serving specific use cases. Proper governance is essential for managing extensions, including documenting their purpose, ownership, and dependencies, to prevent operational surprises.
Tech Optimizer
July 8, 2026
A recent examination of PHP's database driver layer revealed two significant vulnerabilities in PHP Data Objects (PDO) affecting the pdo_firebird and pdo_pgsql drivers. The first vulnerability, CVE-2026-25289, allows SQL injection attacks through NUL byte manipulation in quoted strings, compromising the safety of SQL statements. The second vulnerability, CVE-2026-25290, can cause application crashes due to null pointer dereferencing when invalid multibyte character sequences are processed. Both vulnerabilities stem from assumptions about C string handling and have been addressed in a security release. Researchers recommend treating binary input as untrustworthy and encapsulating financial workflows within atomic transactions.
Tech Optimizer
July 7, 2026
Researchers at Positive Technologies have identified two significant vulnerabilities in the PHP Data Objects (PDO) extension layer, both posing high severity risks. The first vulnerability (CVE-2025-14180) leads to a NULL pointer dereference, causing PHP worker processes to crash. It affects PHP versions 8.1.x prior to 8.1.34, 8.2.x before 8.2.30, 8.3.x before 8.3.29, 8.4.x before 8.4.16, and 8.5.x before 8.5.1. This issue occurs when the pdo_pgsql driver operates with PDO::ATTR_EMULATE_PREPARES enabled, allowing a remote attacker to exploit it without authentication by submitting malformed character sequences. The second vulnerability (CVE-2025-14179) allows for SQL injection and affects PHP versions 8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21, and 8.5.x before 8.5.6. It arises from a mishandling of NUL bytes in the Firebird driver during the PDO::prepare() process, despite the quoting routine functioning correctly. Additionally, the audit revealed an integer overflow in PostgreSQL’s libpq client library and an information disclosure flaw in Firebird 3’s fbclient.
Tech Optimizer
June 26, 2026
EDB has introduced new features for its Postgres AI platform, including an agentic database and converged analytics capabilities, allowing enterprises to run AI agents alongside transactional workloads on a unified PostgreSQL foundation. The platform includes governance tools that position control mechanisms at the data layer and integrates AI processing with operational data, enabling businesses to connect live records with AI systems without transferring sensitive information. The agentic database can monitor over 200 metrics, identify issues, suggest changes, and apply fixes automatically based on user-defined policies. It consolidates various data types through a single SQL interface, significantly accelerating database tuning processes and enhancing application performance. EDB has also expanded its analytics capabilities with a zero-ETL architecture for real-time analysis and large-scale warehousing. EDB PG AI for ClickHouse targets real-time analysis, while EDB PG AI for WarehousePG focuses on historical analysis at petabyte scale. The platform claims up to 30 times faster query performance compared to legacy systems and improved scaling efficiency. EDB's platform integrates vector search and retrieval for AI agents, demonstrating lower query latency and higher retrieval accuracy than competitors. NTT East is using EDB PG AI for AI-driven network operations, while the governance feature manages agent access at the data querying point using native Postgres roles and row-level security. The platform can be deployed on-premises, in hybrid environments, or across cloud infrastructures, with partnerships including Dell, IBM, Nvidia, Red Hat, and Supermicro.
Search