On Thursday November 11, 2021, the PostgreSQL community, EDB, and supporters of adjacent software revealed MITM21, a “Man in the Middle” vulnerability that impacts all released versions of PostgreSQL, EDB Postgres Advanced Server, and several other software packages. Simon Riggs, EDB Postgres Fellow, has described the vulnerability in detail in this blog.
I am using Postgres and EDB products in production - how urgent is this?
We recommend upgrading your servers as soon as possible as that will mitigate the risk. Apply driver updates when they become available. Keep in mind that this vulnerability is most likely to affect servers that have an unsecured network between server and client, which is not a best practice. We expect most enterprise customers to have secured networks between server and client.
Where and when do I get the right components?
Downloads of the EDB product portfolio will be made available via the download page and the EDB repos. We expect most server and client software releases to be available on Nov 11 or shortly thereafter.
I am using BigAnimal, EDB’s fully managed Database As A Service - do I need to be concerned about MITM21?
The servers on BigAnimal have been patched, but customers should update their client side drivers to the latest versions.
Can I get help updating my servers and applications?
Yes, EDB’s Professional Services can help plan and execute the necessary updates.
How can I learn more about this?
Simon Riggs, Postgres Fellow, has written a blog about MITM21, including a description of the vulnerability and a description of the limited circumstances under which this can be exploited. EDB scheduled two customer webinars where Simon will review the vulnerability and advise customers on next steps.
Watch a recording of the MITM21 webinar.
I am not a customer - can I join the webinars?
Yes - EDB is committed to helping all Postgres users address this vulnerability.
I don’t want to wait for the webinars, can I contact you directly to learn more?
Regional experts are ready to assist EDB customers who are looking for more information. Please contact the team of technical experts via MITM21@enterprisedb.com.