backup restoration Archives

Tech Optimizer

November 13, 2025

Using delayed read replicas for Amazon RDS for PostgreSQL disaster recovery

Human errors can significantly threaten business continuity, with a single incorrect DELETE statement or mismanaged application deployment potentially corrupting critical business data. Amazon Relational Database Service (Amazon RDS) provides automated backups and transaction log backups to mitigate these risks. Traditional recovery methods often involve creating new database instances and executing point-in-time recovery, which can take hours for large databases. AWS has introduced delayed read replicas for Amazon RDS for PostgreSQL, which maintain a standby replica that intentionally lags behind the primary database by a configurable time interval. This allows users to identify data corruption on the production instance and promote the replica before problematic operations are executed. Promoting the delayed replica to become the new primary cluster can be done within minutes. The feature can be enabled using the recovery_min_apply_delay parameter in specific PostgreSQL versions. Delayed replicas address three main use cases: preventing accidental data modifications, protecting against logical errors in applications, and enabling auditing and forensic analysis of data changes. They act as an "undo buffer," complementing disaster recovery strategies by providing a real-time point-in-time recovery mechanism. To set up delayed replication, the recovery_min_apply_delay parameter must be configured. The process involves creating a custom database parameter group, modifying it to set the desired delay, and applying it to the read replica instance. The parameter is static, requiring a reboot to take effect. The delayed replication feature also includes two recovery functions: pg_wal_replay_pause() to pause the recovery process and pg_wal_replay_resume() to resume it. If WAL replay is paused, it must be resumed to prevent excessive storage consumption. In a recovery scenario, if a user accidentally drops a logical database, the delayed replica provides a crucial opportunity to implement a recovery plan before the DROP statement propagates. The recovery process involves pausing WAL replay, capturing replica metrics, setting recovery target parameters, and promoting the read replica to become the new primary. Best practices for implementing delayed replication include comprehensive monitoring of storage space, enabling storage auto-scaling, managing WAL log accumulation, and regularly reviewing the delayed replica’s replication status.

Tech Optimizer

August 18, 2025

Critical PostgreSQL Vulnerabilities Allow Arbitrary Code Execution During Backup Restoration

The PostgreSQL Global Development Group has released security and maintenance updates for versions 17.6, 16.10, 15.14, 14.19, 13.22, and the third beta of PostgreSQL 18. The updates address three critical vulnerabilities: 1. CVE-2025-8714 (CVSS 8.8) - Allows code injection during dump restoration via pg_dump operations. 2. CVE-2025-8715 (CVSS 8.8) - Enables SQL injection through newline injection in object names during pg_dump. 3. CVE-2025-8713 (CVSS 3.1) - Exposes optimizer statistics data. The update also improves BRIN index performance, logical replication, and resolves WAL segment removal issues. PostgreSQL 13 will reach end-of-life on November 13, 2025. The third beta of PostgreSQL 18 is in development, with general availability expected in September-October 2025. Administrators should perform reindexing after the upgrade if using specific BRIN indexes.

Tech Optimizer

August 18, 2025

Critical PostgreSQL Flaws Allow Code Injection During Restoration

The PostgreSQL Global Development Group released emergency security updates on August 14, 2025, to address three critical vulnerabilities affecting PostgreSQL versions 13 through 17. The vulnerabilities include: 1. CVE-2025-8714: Allows arbitrary OS code execution via pg_dump meta-commands, with a CVSS score of 8.8. 2. CVE-2025-8715: Facilitates code/SQL injection through improper newline handling in object names, also with a CVSS score of 8.8. 3. CVE-2025-8713: Exposes sensitive data via optimizer statistics, with a CVSS score of 3.1. Organizations are advised to upgrade to PostgreSQL versions 17.6, 16.10, 15.14, 14.19, or 13.22 immediately. Cloud providers have begun emergency fleet updates, and development teams should audit their CI/CD pipelines for pg_dump usage. The vulnerabilities were disclosed responsibly by several individuals, and PostgreSQL 13 will reach its end-of-life on November 13, 2025.

Winsage

May 30, 2025

Microsoft unveils “centralized” software update tool for Windows

Microsoft is developing a Windows-native update orchestration platform to improve the software updating experience for IT administrators and end-users. This platform aims to streamline the management of updates across various applications and components within the Windows ecosystem, reducing confusion caused by independent updates for different products. Currently in private preview, developers can access the platform through Windows Runtime (WinRT) APIs and PowerShell commands by registering as update providers. The orchestrator will intelligently defer updates based on user activity and system performance, and it will automatically reschedule failed attempts. Additionally, Microsoft is introducing Windows Backup for Organizations to assist with the transition from Windows 10 to Windows 11. This feature simplifies the backup and restoration of settings for Windows 10 and 11 devices. To use this functionality, devices must be Microsoft Entra hybrid joined or Microsoft Entra joined and running a supported version of Windows. The restore feature is compatible only with Microsoft Entra joined devices running Windows 11, version 22H2 and later. The Windows Backup for Organizations feature is currently in a limited public preview for select members of the Microsoft Management Customer Connection Program.