Instaclustr for PostgreSQL

Instaclustr, an open-source software company, has announced the general availability of the relational database software PostgreSQL on its platform.

Instaclustr for PostgreSQL was designed to eliminate the costly overheads and risks associated with the internal operation of large-scale PostgreSQL clusters.

Postgres is widely regarded as the world’s leading object-relational database system, owing to its ease of use. At scale, however, the database becomes significantly more complex to manage, necessitating continuous optimization to maintain performance, security, cost-efficiency, and availability.
Postgres, according to Instaclustr Chief Product Officer Ben Slater, joins the open-source solutions Apache Cassandra, Redis, Apache Kafka, and Open Search on the Instaclustr platform.

Organizations can deploy production-ready PostgreSQL clusters in minutes using Instaclustr for PostgreSQL. The solution includes PostgreSQL in its completely open-source form.

reference: technologydecision

PostgreSQL JDBC and the log4j CVE

A critical vulnerability has been discovered in the popular logging implementation log4j.

We determined that there is no need for concern because the PostgreSQL JDBC driver does not include this as a dependency. This CVE does not affect the driver.

reference: postgresqlorg


Log4j logs events – errors and routine system operations – and sends diagnostic messages to system administrators and users about them. The Apache Software Foundation provides open-source software.

When you type or click on a bad weblink and get a 404 error message, this is a common example of Log4j at work. The web server that runs the domain of the web link you attempted to access informs you that no such webpage exists. It also logs that event in Log4j for the server’s system administrators.

The Log4j flaw allows attackers to remotely execute code on a target computer, allowing them to steal data, install malware, or take control. Recently discovered exploits include hacking systems to mine cryptocurrency. Other hackers have created malware to hijack computers in order to launch large-scale attacks on internet infrastructure, according to cyber researchers.

The vulnerability could provide hackers with enough of a foothold within a system to install ransomware, a type of computer virus that encrypts data and systems until victims pay the attackers. F-Secure Oyj’s analysts have observed some ransomware variants being deployed via the Log4j flaw, as well as malware that is frequently deployed as a precursor to a ransomware strike.

“To be clear, this vulnerability poses a significant risk,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, stated. The vulnerability could exist in both Internet-facing and back-end systems.

reference: WSJ

image: chasersystems