From 4acdcd30bf0780fda0be6a30ae5f3c39299e053b Mon Sep 17 00:00:00 2001
From: Etienne Stalmans <etienne@supabase.io>
Date: Wed, 3 Dec 2025 09:37:02 +0100
Subject: [PATCH 1/2] chore: prevent loopback ssh connections

Block ssh connections that originate from localhost
---
 ansible/tasks/setup-system.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ansible/tasks/setup-system.yml b/ansible/tasks/setup-system.yml
index 5d40fdf21..c2fdc3d54 100644
--- a/ansible/tasks/setup-system.yml
+++ b/ansible/tasks/setup-system.yml
@@ -64,6 +64,18 @@
         dest: '/etc/apt/apt.conf.d/10periodic'
         src: 'files/apt_periodic'
 
+    - name: Set local ssh policy
+      ansible.builtin.copy:
+        content: |
+          Match Address 127.0.0.1,::1
+            ForceCommand /bin/false
+            DisableForwarding yes
+            PermitTunnel no
+        dest: /etc/ssh/sshd_config.d/local.conf
+        mode: '0644'
+        owner: 'root'
+        group: 'root'
+
 - name: Install other useful tools
   ansible.builtin.apt:
     pkg:

From 9af39678a1e792e820f673ac96a687a1932e2348 Mon Sep 17 00:00:00 2001
From: Etienne Stalmans <etienne@supabase.io>
Date: Thu, 4 Dec 2025 08:06:04 +0100
Subject: [PATCH 2/2] chore: bump version

---
 ansible/vars.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ansible/vars.yml b/ansible/vars.yml
index a9a465cd6..7c98a794f 100644
--- a/ansible/vars.yml
+++ b/ansible/vars.yml
@@ -10,9 +10,9 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.6.0.016-orioledb"
-  postgres17: "17.6.1.059"
-  postgres15: "15.14.1.059"
+  postgresorioledb-17: "17.6.0.017-orioledb"
+  postgres17: "17.6.1.060"
+  postgres15: "15.14.1.060"
 
 # Non Postgres Extensions
 pgbouncer_release: 1.19.0