pgAdmin 4 in server mode had no data isolation between users — any
authenticated user could access other users' private servers,
background processes, and debugger state by guessing object IDs.
The shared server feature had 21 vulnerabilities including credential
leaks, privilege escalation via passexec_cmd, and owner data
corruption via SQLAlchemy session mutations.
Centralized access control:
- New server_access.py with get_server(), get_server_group(),
get_user_server_query() replacing ~20 unfiltered queries
- connection_manager() raises ObjectGone (HTTP 410) in server mode
when access is denied — fixes 155+ unguarded callers
- UserScopedMixin.for_user() on 10 models replaces scattered
user_id filters
Shared server isolation (all 21 audit issues):
- Expunge server from session before property merge to prevent
owner data corruption
- Suppress passexec_cmd, post_connection_sql for non-owners in
merge, API response, and ServerManager
- Override all 6 SSL/passfile connection_params keys from
SharedServer; strip owner-only keys; sanitize on creation
- _is_non_owner() helper centralises 15+ inline ownership checks
- SharedServer lookup uses (osid, user_id) not name
- Unique constraint on SharedServer(osid, user_id)
- Tunnel/DB password save, change_password, clear_saved_password,
clear_sshtunnel_password all branch on ownership
- Only owner can unshare (delete_shared_server guard)
- Session restore includes shared servers
- tunnel_port/tunnel_keep_alive copied from owner, not hardcoded
Tool/module hardening:
- All tool endpoints use get_server()
- Debugger function arguments scoped by user_id
- Background processes use Process.for_user()
- Workspace adhoc servers scoped to current user
Migration (schema version 49 -> 50):
- Add user_id to debugger_function_arguments composite PK
- Add indexes on server, sharedserver, servergroup
- Add unique constraint on sharedserver(osid, user_id)
2) Fixed an issue where Kerberos authentication to the server is not imported/exported. #5732
3) Increase the length of the value column of the setting table. #5746
4) Upgrade Flask-Migrate to 4.0.0. #5525
2. When a server of an in progress cloud deployment is expanded, it is throwing a failed error.
3. Close the process notification on clicking View Processes.
Fixes#3709
1) No options are shown in the instance type.
2) No options for the last 2 types.
3) Unable to change Storage config - size and iops
4) Unable to create an instance when pgAdmin is installed using the installer in Desktop mode
5) Can not create cloud instance with the temporary credentials.
6) Mapped region display name (hardcoded) with region code.
1) Replace the deprecated unit test method.
2) Wraps filter usage in a list call.
3) Converts the old metaclass syntax to new.
4) Use range instead of xrange method.
5) Change Unicode to str.
6) Several other transformations.
7) Fixed change password test cases.
8) Use simplejson instead of plain JSON.
- Remove this assignment to the local variable, the value is never used.
- Rename local variables to match the regular expression
- Add logic to this except clause or eliminate it and rethrow the exception automatically.
- Rename fields to match the regular expression
- Extract this nested conditional expression into an independent statement.
- Change this default value to "None" and initialize this parameter inside the function/method.
- Update this function so that its implementation is not identical to __repr__
- Refactor this method to not always return the same value
- Reraise this exception to stop the application as the user expects
- Add missing parameters _w _PY3. This method overrides simplejson.decoder.JSONDecoder.decode.
- Remove this redundant continue.
- Remove this unused function declaration
- Remove this identity check; it will always be False.
Ashesh Vashi
Rohit Bhati
Akshay Joshi
Dave Page
Aditya Toshniwal
Yogesh Mahajan
Mark Mayo
Nikhil Mohite
Khushboo Vashi
Rahul Shirsat
Cyril Jouve