Postgres Enterprise Manager 10.3.1 release notes v10.3
Released: 25 February 2026
PEM Agent 10.3.1 Compatibility and Registration
The pemworker utility in PEM agent 10.3.1 can't register a new server if the PEM server version is earlier than 10.3. This is a known issue scheduled for resolution in a future release.
Recommended Workarounds — If you need to register a server with a PEM server version earlier than 10.3, you can use one of the following methods:
- Registration via Web UI — Register the server using the PEM web application interface.
- Staged agent upgrade — First register the server using PEM agent version 10.2, then upgrade the agent to version 10.3.1.
This is a security patch and is recommended for all PEM 10 users.
Changes
| Description | Addresses |
|---|---|
PEM now depends on the OS-provided libcurl package on RHEL 8 x86 (this was already the case for all other platforms). The deprecated libcurl-pem package can be safely removed after upgrade. |
Bug Fixes
| Description | Addresses |
|---|---|
| Cryptography was updated to 46.0.5 (Fixes: CVE-2026-26007). | |
| urllib3 was updated to 2.6.3 (Fixes: CVE-2025-66418, CVE-2025-66471, CVE-2026-21441). | |
| Authlib was updated to 1.6.7 (Fixes: CVE-2025-68158). | |
| Pillow was updated to 12.1.1 (Fixes: CVE-2026-25990, for the platforms using Python 3.10+). | |
| Werkzeug was updated to 3.1.5 (Fixes: CVE-2025-66221, CVE-2026-21860). | |
| PyNaCl was updated to 1.6.2 (Fixes: CVE-2026-26007). | |
| pyasn1 was updated to 0.6.2 (Fixes: CVE-2026-23490). | |
| RequireJS was updated to 2.3.8 (Fixes: CVE-2024-38999). | |
| Swagger-UI was updated to 5.31.0 (Fixes: CVE-2021-46708, CVE-2018-25031). | |
| Axios was updated to 1.13.5 (Fixes: CVE-2025-27152, CVE-2026-25639, CVE-2025-58754, CVE-2024-57965). | |
| Plain SQL restore now runs with the 'restrict' option to prevent harmful psql meta-commands (Fixes CVE-2025-13780). | |
| PEM now masks the secret key for the 'restrict' option in the process watcher when restoring plain SQL files (Fixes CVE-2026-1707). |