CVE-2021-38599

Name of the Vulnerable Software and Affected Versions WAL-G versions prior to 1.1

Description The issue arises when a non-libsodium build of WAL-G is used, causing it to silently ignore the libsodium encryption key and upload backups in cleartext. This behavior is considered a violation of the Principle of Least Surprise, as users likely intend to encrypt all file activity.

Recommendations For versions prior to 1.1, update to version 1.1 or later to ensure that backups are properly encrypted. As a temporary workaround, consider avoiding the use of non-libsodium builds until a secure version is available.