|
| 1 | +--- |
| 2 | +# IMPORTANT: Do not edit this file directly - it is generated from yaml source. |
| 3 | +title: Postgres Enterprise Manager 10.3.1 release notes |
| 4 | +navTitle: Version 10.3.1 |
| 5 | +originalFilePath: product_docs/docs/pem/10/pem_rel_notes/src/pem_10.3.1_rel_notes.yml |
| 6 | +editTarget: originalFilePath |
| 7 | +--- |
| 8 | + |
| 9 | +Released: 25 February 2026 |
| 10 | + |
| 11 | + |
| 12 | +!!!Important PEM Agent 10.3.1 Compatibility and Registration |
| 13 | +The `pemworker` utility in PEM agent 10.3.1 can't register a new server if the PEM server version is earlier than 10.3. This is a known issue scheduled for resolution in a future release. |
| 14 | + |
| 15 | +**Recommended Workarounds** — |
| 16 | +If you need to register a server with a PEM server version earlier than 10.3, you can use one of the following methods: |
| 17 | +1. **Registration via Web UI** — Register the server using the PEM web application interface. |
| 18 | +2. **Staged agent upgrade** — First register the server using PEM agent version 10.2, then upgrade the agent to version 10.3.1. |
| 19 | +!!! |
| 20 | + |
| 21 | + |
| 22 | +This is a security patch and is recommended for all PEM 10 users. |
| 23 | + |
| 24 | +## Changes |
| 25 | + |
| 26 | +<table class="table w-100"><thead><tr><th>Description</th><th width="10%">Addresses</th></tr></thead><tbody> |
| 27 | +<tr><td>PEM now depends on the OS-provided libcurl package on RHEL 8 x86 (this was already the case for all other platforms). The deprecated <code>libcurl-pem</code> package can be safely removed after upgrade.</td><td></td></tr> |
| 28 | +</tbody></table> |
| 29 | + |
| 30 | + |
| 31 | +## Bug Fixes |
| 32 | + |
| 33 | +<table class="table w-100"><thead><tr><th>Description</th><th width="10%">Addresses</th></tr></thead><tbody> |
| 34 | +<tr><td>Cryptography was updated to 46.0.5 (Fixes: CVE-2026-26007).</td><td></td></tr> |
| 35 | +<tr><td>urllib3 was updated to 2.6.3 (Fixes: CVE-2025-66418, CVE-2025-66471, CVE-2026-21441).</td><td></td></tr> |
| 36 | +<tr><td>Authlib was updated to 1.6.7 (Fixes: CVE-2025-68158).</td><td></td></tr> |
| 37 | +<tr><td>Pillow was updated to 12.1.1 (Fixes: CVE-2026-25990, for the platforms using Python 3.10+).</td><td></td></tr> |
| 38 | +<tr><td>Werkzeug was updated to 3.1.5 (Fixes: CVE-2025-66221, CVE-2026-21860).</td><td></td></tr> |
| 39 | +<tr><td>PyNaCl was updated to 1.6.2 (Fixes: CVE-2026-26007).</td><td></td></tr> |
| 40 | +<tr><td>pyasn1 was updated to 0.6.2 (Fixes: CVE-2026-23490).</td><td></td></tr> |
| 41 | +<tr><td>RequireJS was updated to 2.3.8 (Fixes: CVE-2024-38999).</td><td></td></tr> |
| 42 | +<tr><td>Swagger-UI was updated to 5.31.0 (Fixes: CVE-2021-46708, CVE-2018-25031).</td><td></td></tr> |
| 43 | +<tr><td>Axios was updated to 1.13.5 (Fixes: CVE-2025-27152, CVE-2026-25639, CVE-2025-58754, CVE-2024-57965).</td><td></td></tr> |
| 44 | +<tr><td>Plain SQL restore now runs with the 'restrict' option to prevent harmful psql meta-commands (Fixes CVE-2025-13780).</td><td></td></tr> |
| 45 | +<tr><td>PEM now masks the secret key for the 'restrict' option in the process watcher when restoring plain SQL files (Fixes CVE-2026-1707).</td><td></td></tr> |
| 46 | +</tbody></table> |
| 47 | + |
| 48 | + |
0 commit comments