Don't disable SSL on database connections
How to connect to the database is specified in a connection string, such as the following:
On all connection strings, sslmode is explicitly disabled. This could make it possible for an attacker to perform a Man-in-the-Middle attack and intercept all data.
It may be acceptable to omit SSL in some instances where the network is trusted, such as a connection to localhost. However, currently sslmode is set to disable on all connection strings, and also in default configuration values. This increases the risk that a user installs the database on a separate host in the network and leave sslmode on disabled.
Review the connection strings, and enable SSL if possible. If left disabled, document why and in which cases it is acceptable to disable SSL.