Only the latest release receives security fixes.
| Version | Supported |
|---|---|
| 0.x | yes |
Please do not open a public GitHub issue for security vulnerabilities.
Report security issues privately via GitHub's built-in mechanism:
- Go to the Security tab of this repository.
- Click "Report a vulnerability".
- Fill in the details: affected versions, reproduction steps, and potential impact.
You will receive an acknowledgement within 72 hours and a resolution timeline within 7 days for critical issues.
- SQL injection or data exfiltration via crafted server responses
- Path traversal in
.pgpassfile parsing or\copymeta-command - Credential or connection-string leakage in logs or error messages
- TLS downgrade attacks or certificate validation bypass
- Remote code execution via crafted PostgreSQL wire protocol messages
- Vulnerabilities in PostgreSQL servers themselves (report to the PostgreSQL team)
- Social engineering or phishing
- Issues in systems that
pgcli-rsdoes not control (e.g. OS keychain, network infrastructure)