database Archives

Tech Optimizer

August 18, 2025

Critical PostgreSQL Vulnerabilities Allow Arbitrary Code Execution During Backup Restoration

The PostgreSQL Global Development Group has released security and maintenance updates for versions 17.6, 16.10, 15.14, 14.19, 13.22, and the third beta of PostgreSQL 18. The updates address three critical vulnerabilities: 1. CVE-2025-8714 (CVSS 8.8) - Allows code injection during dump restoration via pg_dump operations. 2. CVE-2025-8715 (CVSS 8.8) - Enables SQL injection through newline injection in object names during pg_dump. 3. CVE-2025-8713 (CVSS 3.1) - Exposes optimizer statistics data. The update also improves BRIN index performance, logical replication, and resolves WAL segment removal issues. PostgreSQL 13 will reach end-of-life on November 13, 2025. The third beta of PostgreSQL 18 is in development, with general availability expected in September-October 2025. Administrators should perform reindexing after the upgrade if using specific BRIN indexes.

Tech Optimizer

August 18, 2025

Critical PostgreSQL Vulnerabilities Allow Arbitrary Code Injection During Restoration

The PostgreSQL Global Development Group has released emergency security updates for versions 13 through 17 to address three critical vulnerabilities that could allow attackers to execute arbitrary code during database restoration processes. The vulnerabilities are tracked as CVE-2025-8714, CVE-2025-8715, and CVE-2025-8713, with CVE-2025-8714 and CVE-2025-8715 both rated with a CVSS score of 8.8. CVE-2025-8714 allows malicious superusers to inject arbitrary code during restoration via the pg_dump utility, while CVE-2025-8715 exploits improper neutralization of newlines in object names to trigger code execution. CVE-2025-8713, with a CVSS score of 3.1, permits unauthorized access to restricted data within optimizer statistics. The fixed PostgreSQL versions are 17.6, 16.10, 15.14, 14.19, and 13.22, released on August 14, 2025. Organizations are advised to upgrade immediately and implement strict access controls.

Tech Optimizer

August 18, 2025

Critical PostgreSQL Flaws Allow Code Injection During Restoration

The PostgreSQL Global Development Group released emergency security updates on August 14, 2025, to address three critical vulnerabilities affecting PostgreSQL versions 13 through 17. The vulnerabilities include: 1. CVE-2025-8714: Allows arbitrary OS code execution via pg_dump meta-commands, with a CVSS score of 8.8. 2. CVE-2025-8715: Facilitates code/SQL injection through improper newline handling in object names, also with a CVSS score of 8.8. 3. CVE-2025-8713: Exposes sensitive data via optimizer statistics, with a CVSS score of 3.1. Organizations are advised to upgrade to PostgreSQL versions 17.6, 16.10, 15.14, 14.19, or 13.22 immediately. Cloud providers have begun emergency fleet updates, and development teams should audit their CI/CD pipelines for pg_dump usage. The vulnerabilities were disclosed responsibly by several individuals, and PostgreSQL 13 will reach its end-of-life on November 13, 2025.

Tech Optimizer

August 15, 2025

Wiz Achieves Near-Zero Downtime for Amazon Aurora PostgreSQL Major Version Upgrades with Aurora Blue/Green Deployments

Wiz has transitioned its Amazon Aurora PostgreSQL database from version 14 to version 16 with near-zero downtime using Aurora Blue/Green Deployments. The upgrade process is facilitated by the DB Upgrade Pilot, which features an automated eight-step flow, including automated validation steps, enhanced synchronization monitoring, and end-to-end orchestration. This has reduced the downtime for database upgrades from one hour to 30 seconds.

BetaBeacon

August 15, 2025

What Do the Epic Games’ Lawsuits Against Apple and Google Say About the DOJ’s Apple Case?

Epic Games filed lawsuits against Apple and Google in 2020 for restricting users' access to Epic's offerings through third-party app stores. The Ninth Circuit ruled in favor of Epic against Google, finding antitrust violations, while Epic lost the federal antitrust case against Apple. The Department of Justice also filed a lawsuit against Apple under Section 2 of the Sherman Act for monopolization. Apple's closed system was found to be successful, while Google's open-source system faced legal challenges. The court in the Google Play case issued remedies targeting exclusivity, which could lead to better user experiences and lower prices.

Tech Optimizer

August 15, 2025

How to Create a Foreign Data Wrapper in PostgreSQL and Aurora PostgreSQL on AWS RDS

Foreign data wrappers (FDWs) in PostgreSQL and Aurora PostgreSQL allow users to access and manipulate data from external sources without data migration. To set up a foreign data wrapper, the following steps are required: 1. **Install the Foreign Data Wrapper**: Use the command `CREATE EXTENSION postgres_fdw;` to install the FDW. 2. **Set Up Foreign Data Wrapper Access**: Grant usage permissions using `GRANT USAGE ON FOREIGN SERVER foreign_server_name TO PUBLIC;` or for specific users. 3. **Create a Foreign Server**: Use the command `CREATE SERVER foreign_server_name FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host 'hostname', dbname 'dbname', port '5432');`. 4. **Create User Mapping**: Establish authentication details with `CREATE USER MAPPING FOR local_username SERVER foreign_server_name OPTIONS (user 'remote_username', password 'remote_password');`. 5. **Create Foreign Tables**: Reference remote tables using `CREATE FOREIGN TABLE remote_table ( id SERIAL PRIMARY KEY, data VARCHAR(50) ) SERVER foreign_server_name OPTIONS (table_name 'remote_table');`. An example use case is an online retailer using a PostgreSQL database for operations and an external SQL database for customer feedback, allowing real-time insights into customer satisfaction.

Tech Optimizer

August 12, 2025

Postgres for everything? not really..and here are some of the problems.

PostgreSQL can serve as a powerful all-in-one database, but real-world implementations often complicate its effectiveness due to complex corporate infrastructures. Accessing a production database may involve numerous network hops, firewalls, and antivirus software that can slow down performance. The lack of administrative privileges can hinder the use of extensions. Developers often turn to Kubernetes for more freedom, but this can introduce new challenges, such as unpredictable resource allocations and performance inconsistencies. Row-Level Security (RLS) can lead to performance overhead and complicate debugging. Centralizing business logic in stored procedures can enhance performance but complicates version control and tracking changes. In large organizations, policies governing technology use often create bottlenecks. PostgreSQL may not be optimal for portable setups (SQLite), simple caching (Redis), or specialized search functionalities (Elasticsearch, Meilisearch). It is most effective when developers have control over the environment, allowing it to handle various applications efficiently.

Tech Optimizer

August 12, 2025

How Wiz achieved near-zero downtime for Amazon Aurora PostgreSQL major version upgrades at scale using Aurora Blue/Green Deployments

Wiz upgraded its Aurora PostgreSQL database from version 14 to 16, achieving a significant reduction in downtime from approximately one hour to just 30 seconds. The upgrade was facilitated by an automated process called DB Upgrade Pilot, which utilized Amazon Aurora's Blue/Green Deployments. This process involved several steps: taking a cluster snapshot, provisioning a synchronized replica of the production database, executing a VACUUM ANALYZE for performance optimization, monitoring replication lag, and performing a switchover to the new environment. The upgrade included performance enhancements such as improved parallel query execution and faster aggregations, along with enhanced security features. The solution also incorporated safety measures like automatic rollback capability and robust validation steps to ensure a stable upgrade process.

AppWizard

August 11, 2025

Fake Android Banking Apps Are Hijacking Devices and Draining Accounts in Malware Campaign

A wave of mobile malware is targeting Android users in India, posing as legitimate banking applications. This malware can fully compromise infected devices, stealing sensitive data, intercepting communications, and conducting unauthorized financial transactions. It typically spreads through deceptive "dropper" apps via phishing messages on platforms like WhatsApp, SMS, or email, often disguised as system updates or official banking apps. The malware requests extensive Android permissions, allowing it to read and send SMS messages and intercept two-factor authentication codes. It operates stealthily, bypassing Android’s battery optimization features, and can manipulate notification content. All captured data is transmitted to attackers, enabling potential financial fraud and identity theft. Users are advised to install apps only from trusted sources, be skeptical of unexpected installation prompts, and review permission requests carefully.

Tech Optimizer

August 9, 2025

PostgreSQL Revolutionizes Durable Execution with Database Workflow Storage

Developers and enterprises are increasingly turning to PostgreSQL for durable execution, which allows workflows to withstand failures without losing state. PostgreSQL's strong transactional guarantees, adherence to ACID principles, and extensibility make it suitable for this purpose. By using Write-Ahead Logging (WAL), PostgreSQL can reliably record every step of a process, facilitating smooth resumption after disruptions. This approach eliminates the need for separate state management layers, simplifying cloud-native environments. PostgreSQL can manage both data persistence and execution logic, allowing for seamless recovery from failures. Recent advancements, such as integrations from Neon and Inngest, enable real-time workflows based on database changes without requiring complex orchestration services. Updates in PostgreSQL 16 and beyond, including improved logical replication and the anticipated asynchronous I/O in PostgreSQL 18, enhance performance for durable tasks. Adoption of PostgreSQL for durable execution is rising among tech giants and startups, with examples like Figma's scalable Postgres database and AWS’s Aurora DSQL service. This trend reflects a movement towards disaggregated architectures, where databases become active participants in application logic. However, challenges remain in balancing speed and durability configurations. Overall, PostgreSQL is evolving as a resilient solution for durable execution in modern applications.