Canceling authentication due to timeout aka Denial of Service Attack

UPDATED 2/6/2020

This has been fully fixed with PostgreSQL 12. It was such a big fix that the full fix was split between Postgres 11 and Postgres 12.

The Postgres Security team has decided not to call this a security bug, because if they did so, it would have to be back patched to all currently suported Postgres versions. I personally think it would be better to back patch this fix, but since they have not, this is a big reason to upgrade to Postgres 12.

UPDATED 07/30/2018


Subscribe to Blog