Issue #5919 - Added security related enhancements.
But this issue does not show up on the list of issues and following the link returns a 403 error. What exactly was included in this change?
The issue (like all security issues) was marked as private. We make the public following the release, which has now been done. The commit lists the following changes:
Added following security enhancements: 1) Added ALLOWED_HOSTS list to limit the host address. 2) Added CSP and HSTS security header. 3) Hide the webserver/ development framework version.
It doesn't seem exactly transparent that secret changes are being made to this program.
We almost always make security changes in secret, in much the same way as other Open Source projects (e.g. PostgreSQL) do. That is to help protect users by not advertising potential vulnerabilities before fixes are available.
The pgAdmin Development Team is pleased to announce pgAdmin 4 version 4.28. This release of pgAdmin 4 includes 19 bug fixes and new features. For more details please see the release notes at: