open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
235 Commits
38 Branches
662 Tags
735 MiB
 
 
 
 
 
 
Tag: Branch: Tree: bf936b0a10
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bf936b0a10'
${ noResults }
postgres/documentation/docs/release-notes/release-notes.md

59 lines
2.9 KiB
Raw Blame History

# pg_tde release notes
`pg_tde` extension brings in [Transparent Data Encryption (TDE)](tde.md) to PostgreSQL and enables you to keep sensitive data safe and secure.
[Get started](../install.md){.md-button}
## Beta (2024-06-30)
With this version, the access method for `pg_tde` extension is renamed `tde_heap_basic`. Use this access method name to create tables. Find guidelines in [Test TDE](../test.md) tutorial.
The Beta version introduces the following bug fixes and improvements:
* Fixed the issue with `pg_tde` running out of memory used for decrypted tuples. The fix introduces the new component `TDEBufferHeapTupleTableSlot` that keeps track of the allocated memory for decrypted tuples and frees this memory when the tuple slot is no longer needed.
* Fixed the issue with adjusting a current position in a file by using raw file descriptor for the `lseek` function. (Thanks to user _rainhard_ for providing the fix)
* Enhanced the init script to consider a custom superuser for the POSTGRES_USER parameter when `pg_tde` is running via Docker (Thanks to _Alejandro Paredero_ for reporting the issue)
## Alpha 1 (2024-03-28)
### Release Highlights
The Alpha1 version of the extension introduces the following key features:
* You can now rotate principal keys used for data encryption. This reduces the risk of long-term exposure to potential attacks and helps you comply with security standards such as GDPR, HIPAA, and PCI DSS.
* You can now configure encryption differently for each database. For example, encrypt specific tables in some databases with different encryption keys while keeping others non-encrypted.
* Keyring configuration has undergone several improvements, namely:
* You can define separate keyring configuration for each database
* You can change keyring configuration dynamically, without having to restart the server
* The keyring configuration is now stored in a catalog separately for each database, instead of a configuration file
* Avoid storing secrets in the unencrypted catalog by configuring keyring parameters to be read from external sources (file, http(s) request)
### Improvements
* Renamed the repository and Docker image from `postgres-tde-ext` to `pg_tde`. The extension name remains unchanged
* Changed the Initialization Vector (IV) calculation of both the data and internal keys
### Bugs fixed
* Fixed toast related crashes
* Fixed a crash with the DELETE statement
* Fixed performance-related issues
* Fixed a bug where `pg_tde` sent many 404 requests to the Vault server
* Fixed сompatibility issues with old OpenSSL versions
* Fixed сompatibility with old Curl versions
## MVP (2023-12-12)
The Minimum Viable Product (MVP) version introduces the following functionality:
* Encryption of heap tables, including TOAST
* Encryption keys are stored either in Hashicorp Vault server or in local keyring file (for development)
* The key storage is configurable via separate JSON configuration files
* Replication support