Security Fix
Fixed critical Remote Code Execution (RCE) vulnerability in wire-protocol type decoders that used eval() on server-controlled data. Replaced unsafe eval() with safe parsing in vector_in() decoder and removed unsupported array_in() decoder for NUMERIC[] arrays.
Security Advisory: Upgrade immediately if connecting to untrusted Netezza servers or over unencrypted connections.
Acknowledgments: Thanks to @tonghuaroot for reporting this vulnerability.
Contributors
tonghuaroot