Re: Don't use the deprecated and insecure PQcancel in our frontend tools anymore
Jelte Fennema-Nio <postgres@jeltef.nl>
From: "Jelte Fennema-Nio" <postgres@jeltef.nl>
To: "PostgreSQL Hackers" <pgsql-hackers@lists.postgresql.org>, "Alvaro
Herrera" <alvherre@alvh.no-ip.org>, "Jacob Champion"
<jacob.champion@enterprisedb.com>
Date: 2026-01-02T15:14:54Z
Lists: pgsql-hackers
Attachments
- v2-0001-Move-Windows-pthread-compatibility-functions-to-s.patch (text/x-patch) patch v2-0001
- v2-0002-Don-t-use-the-deprecated-and-insecure-PQcancel-in.patch (text/x-patch) patch v2-0002
On Sun Dec 14, 2025 at 3:40 PM CET, Jelte Fennema-Nio wrote: > A bunch of frontend tools, including psql, still used PQcancel to send > cancel requests to the server. That function is insecure, because it > does not use encryption to send the cancel request. This starts using > the new cancellation APIs (introduced in 61461a300) for all these > frontend tools. Fixed conflict after Copyright update.