pgAdmin 4 in server mode had no data isolation between users — any
authenticated user could access other users' private servers,
background processes, and debugger state by guessing object IDs.
The shared server feature had 21 vulnerabilities including credential
leaks, privilege escalation via passexec_cmd, and owner data
corruption via SQLAlchemy session mutations.
Centralized access control:
- New server_access.py with get_server(), get_server_group(),
get_user_server_query() replacing ~20 unfiltered queries
- connection_manager() raises ObjectGone (HTTP 410) in server mode
when access is denied — fixes 155+ unguarded callers
- UserScopedMixin.for_user() on 10 models replaces scattered
user_id filters
Shared server isolation (all 21 audit issues):
- Expunge server from session before property merge to prevent
owner data corruption
- Suppress passexec_cmd, post_connection_sql for non-owners in
merge, API response, and ServerManager
- Override all 6 SSL/passfile connection_params keys from
SharedServer; strip owner-only keys; sanitize on creation
- _is_non_owner() helper centralises 15+ inline ownership checks
- SharedServer lookup uses (osid, user_id) not name
- Unique constraint on SharedServer(osid, user_id)
- Tunnel/DB password save, change_password, clear_saved_password,
clear_sshtunnel_password all branch on ownership
- Only owner can unshare (delete_shared_server guard)
- Session restore includes shared servers
- tunnel_port/tunnel_keep_alive copied from owner, not hardcoded
Tool/module hardening:
- All tool endpoints use get_server()
- Debugger function arguments scoped by user_id
- Background processes use Process.for_user()
- Workspace adhoc servers scoped to current user
Migration (schema version 49 -> 50):
- Add user_id to debugger_function_arguments composite PK
- Add indexes on server, sharedserver, servergroup
- Add unique constraint on sharedserver(osid, user_id)
* Core infrastructure for LLM integration.
* Add support for a number of different AI generated reports on security, performance, and schema design on servers, databases, and schemas, as appropriate.
* Add a Natural Language AI assistant to the Query Tool.
* Add an AI Insights panel to the EXPLAIN tool in the Query Tool, to analyse and report on issues in query plans.
2) Fixed an issue where the User Management and Change Password dialogs were hidden when selecting a menu while a workspace other than 'Default' was active. #8418
3) Revert the change of OS from Ubuntu 22.04 to 24.04 for github action failure.
* Updated the columns for the unique and primary keys while creating a table.
Use the 'editable' option for a Cell instead of 'disabled'.
* Don't need to define the hidden member as fields in GridHeaderSchema
* Updated the columns for the exclusion constraints while creating a
table.
* Signaled the relevant field, when column options have changed, for all
the children of a table.
* Use current snapshot of data for the GrigFormHeadeer
* Fixed the styling for the search input box
* Don't check for the 'colOptions.editable' flag, as it could be
indirect call as well.
* Show the icon for the 'Reset' button. (Reference #7884)
* Reload the server list after connecting to a server in the 'New
connection' dialog (QueryTool). (Reference: #7884)
* Pass the grid path during the bulk update (click on a radio action)
* Don't assign the cell value to the 'rowValue' variable.
* Don't rely on the 'optionsLoaded' for setting the variable types as it
is loaded asynchronously, and variable types data may not be available
while rendering the 'value' cell. (Fixes#7884)
* Fixed a type while checking for the 'inline-group'. fixes (#7884)
* 'vnameOptions' can be a Promise function too, hence - taken care accrodingly.
* Introduced a parameter 'reloadOnDepChanges' in the BaseSchemaUI field
to force reload the control on value change for one of the
dependencies.
* Reload on the components in case of dependent value changes.
* Introduced 'useSchemaStateSubscriber', which generates a state
subscriber mananager instance. It helps multiple subscribers in a
single control as we could have multiple subscribe within a control.
(For example - value, options, errors, etc).
* Fixed all the issues reported (#7884)
Restructured these modules for ease of maintenance and apply the single
responsibility principle (wherever applicable).
* SchemaView
- Split the code based on the functionality and responsibility.
- Introduced a new View 'InlineView' instead of using the
'nextInline' configuration of the fields to have a better, and
manageable view.
- Using the separate class 'SchemaState' for managing the data and
states of the SchemaView (separated from the 'useSchemaState'
custom hook).
- Introduced three new custom hooks 'useFieldValue',
'useFieldOptions', 'useFieldError' for the individual control to
use for each Schema Field.
- Don't pass value as the parameter props, and let the
'useFieldValue' and other custom hooks to decide, whether to
rerender the control itself or the whole dialog/view. (single
responsibility principle)
- Introduced a new data store with a subscription facility.
- Moving the field metadata (option) evaluation to a separate place
for better management, and each option can be defined for a
particular kind of field (for example - collection, row, cell,
general, etc).
- Allow to provide custom control for all kind of Schema field.
* DataGridView
- Same as SchemaView, split the DataGridView call into smaller,
manageable chunks. (For example - grid, row, mappedCell, etc).
- Use context based approach for providing the row and table data
instead of passing them as parameters to every component
separately.
- Have a facility to extend this feature separately in future.
(for example - selectable cell, column grouping, etc.)
- Separated the features like deletable, editable, reorder,
expandable etc. cells using the above feature support.
- Added ability to provide the CustomHeader, and CustomRow through the
Schema field, which will extend the ability to customize better.
- Removed the 'DataGridViewWithHeaderForm' as it has been achieved
through providing 'CustomHeader', and also introduced
'DataGridFormHeader' (a custom header) to achieve the same feature
as 'DataGridViewWithHeaderForm'.
1) Do not use the Array index in keys.
2) Import from the same module should be merged.
3) Mutable variables should not be exported.
4) Variables should not be initialized to undefined.
5) startswith or endswith method should be used.
6) Unwrap this unnecessarily grouped subpattern.
Additionally, addressed many other SonarQube rules.
1) String literals should not be duplicated.
2) Prefer using an optional chain expression instead, as it's more concise and easier to read.
3) Expected the Promise rejection reason to be an Error.
- Remove the SCSS dependency completely and use MUI for theming.
- Update - date-fns, @date-io, notistack. Remove - popper.js, sass-loader.
- Cleanup webpack config.
- Port PSQL tool to use MUI themes instead of SCSS theme.
- Theme change will reflect realtime without refreshing pgAdmin.
1. Replace the current layout library wcDocker with ReactJS based rc-dock. #6479
2. Have close buttons on individual panel tabs instead of common. #2821
3. Changes in the context menu on panel tabs - Add close, close all and close others menu items. #5394
4. Allow closing all the tabs, including SQL and Properties. #4733
5. Changes in docking behaviour of different tabs based on user requests and remove lock layout menu.
6. Fix an issue where the scroll position of panels was not remembered on Firefox. #2986
7. Reset layout now will not require page refresh and is done spontaneously.
8. Use the zustand store for storing preferences instead of plain JS objects. This will help reflecting preferences immediately.
9. The above fix incorrect format (no indent) of SQL stored functions/procedures. #6720
10. New version check is moved to an async request now instead of app start to improve startup performance.
11. Remove jQuery and Bootstrap completely.
12. Replace jasmine and karma test runner with jest. Migrate all the JS test cases to jest. This will save time in writing and debugging JS tests.
13. Other important code improvements and cleanup.
Ashesh Vashi
Dave Page
Akshay Joshi
Aditya Toshniwal
Rohit Bhati
Yogesh Mahajan
Khushboo Vashi