Over 50 bugs, along with a few serious vulnerabilities, have been reported in the last three months for PostgreSQL. The companys latest security update features round of patches to deal with the bugs and the three security vulnerabilities that were recently identified. The most serious vulnerability, tracked as CVE-2017-7546, has to do with PostgreSQL accepting empty passwords. After being patched, libpq will ignore empty password specifications and will not transmit them to the server. Users looking to address the issue in older databases must take a series of steps outlined in the latest release.”]
Source: https://securityintelligence.com/news/postgresql-database-management-system-patches-password-flaws/