From: Bo Peng <pengbo@sraoss.co.jp>
Date: Thu, 20 Dec 2018 06:19:24 +0000 (+0900)
Subject: Prepare 4.0.1.
X-Git-Tag: V4_0_1
X-Git-Url: http://git.postgresql.org/gitweb/static/session/%7B%7Bsession.id%7D%7D-%7B%7Bsession.title%7Cslugify%7D%7D?a=commitdiff_plain;h=456ec2ff4f3712f69a56fcedcbb2a4b3cdce72ac;p=pgpooladmin.git

Prepare 4.0.1.
---

diff --git a/NEWS b/NEWS
index 3795e89..e647192 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,19 @@
 pgpoolAdmin 4.0
 ===============================================================================
 
+* Version 4.0.1 2018/12/20
+
+  ** Bug fixes
+
+   - PgpoolAdmin has a vulnerability to allow an attacker to
+     login without properly checking the authorization. 
+     Once getting into PgpoolAdmin, the attacker can control 
+     Pgpool-II. Also it may be possible to obtain the superuser 
+     role of a PostgreSQL database. 
+     PgPool Global Development Group would like to thank Fotios Rogkotis
+     of DarkMatter for finding the security issue and giving us the
+     detailed studies on it. (CVE-2018-16203)
+
 * Version 4.0.0 2018/10/19
 
   ** New features
diff --git a/version.php b/version.php
index 43541a6..f65a253 100644
--- a/version.php
+++ b/version.php
@@ -23,6 +23,6 @@
  * @version    SVN: $Id$
  */
 
-$version = '4.0.0';
+$version = '4.0.1';
 
 ?>