The pgAdmin Development Team has released pgAdmin 4 v9.16, the latest version of the leading open-source graphical management tool for PostgreSQL. This release includes 64 bug fixes and addresses seven security vulnerabilities (CVE-2026-12044 through CVE-2026-12050). Key updates focus on UI customization, security hardening, and improved workflows.
Notable Changes
- Color-coded panel and tab headers: Tabs now display the connected server's color, enabling quick visual identification of which server a tab belongs to.
- "Back to login" link: Added to the Forgot Password and Reset Password pages for easier navigation.
- TOAST tuple target storage parameter: Now supported in the Materialized View dialog (
toast_tuple_target), giving more control over storage behavior. - Helm chart
containerSecurityContext: The init container's security context is now configurable viacontainerSecurityContext, enhancing Kubernetes deployment flexibility. - Middle-click tab closure: Users can close a tab by clicking its title with the middle mouse button, matching common browser behavior.
- OAuth2 login button icon: Now supports any Font Awesome style, not just brand icons, allowing broader icon customization.
- Security fixes: Resolved SQL injection vulnerabilities across sixteen dialog templates that rendered
COMMENT ON ... IS ' '; affected templates now useqtLiteraland rewritten stats queries.
Why It Matters for Developers
These updates improve both developer productivity and security posture. The color-coded tabs and middle-click closure streamline multi-server management, while the TOAST parameter support offers finer-grained storage tuning. The SQL injection fixes are critical for any organization using pgAdmin in production environments, as they eliminate a class of attack vectors in common dialog interactions. Configurable container security contexts also make pgAdmin more adaptable to modern, secure Kubernetes deployments.
Source: https://www.postgresql.org/about/news/pgadmin-4-v916-released-3324/