| Version | Change log |
| PostgreSQL 17.1 Nov 14, 2024 |
Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (Nathan Bossart) § If a CTE, subquery, sublink, security invoker view, or coercion projection in a query references a table with row-level security policies, we neglected to mark the resulting plan as potentially dependent on which role is executing it. This could lead to later query executions in the same session using the wrong plan, and then returning or hiding rows that should have been hidden or returned instead. The PostgreSQL Project thanks Wolfgang Walther for reporting this problem. (CVE-2024-10976) Make libpq discard error messages received during SSL or GSS protocol negotiation (Jacob Champion) § An error message received before encryption negotiation is completed might have been injected by a man-in-the-middle, rather than being real server output. Reporting it opens the door to various security hazards; for example, the message might spoof a query result that a careless user could mistake for correct output. The best answer seems to be to discard such data and rely only on libpq's own report of the connection failure. The PostgreSQL Project thanks Jacob Champion for reporting this problem. (CVE-2024-10977) Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (Tom Lane) § § The SQL standard mandates that SET SESSION AUTHORIZATION have a side-effect of doing SET ROLE NONE. Our implementation of that was flawed, creating more interaction between the two settings than intended. Notably, rolling back a transaction that had done SET SESSION AUTHORIZATION would revert ROLE to NONE even if that had not been the previous state, so that the effective user ID might now be different from what it had been before the transaction. Transiently setting session_authorization in a function SET clause had a similar effect. A related bug was that if a parallel worker inspected current_setting('role'), it saw none even when it should s |
| PostgreSQL 17.0 Sep 26, 2024 |
New memory management system for VACUUM, which reduces memory consumption and can improve overall vacuuming performance. New SQL/JSON capabilities, including constructors, identity functions, and the JSON_TABLE() function, which converts JSON data into a table representation. Various query performance improvements, including for sequential reads using streaming I/O, write throughput under high concurrency, and searches over multiple values in a btree index. New client-side connection option, sslnegotiation=direct, that performs a direct TLS handshake to avoid a round-trip negotiation. pg_basebackup now supports incremental backup. COPY adds a new option, ON_ERROR ignore, that allows a copy operation to continue in the event of an error. Logical replication enhancements, including: Failover control pg_createsubscriber, a utility that creates logical replicas from physical standbys pg_upgrade now preserves replication slots on both publishers and subscribers |
| PostgreSQL 16.4 Aug 8, 2024 |
Avoid incorrect results from "Merge Right Anti Join" plans, where if the inner relation is known to have unique join keys, the merge could misbehave when there are duplicated join keys in the outer relation. Prevent infinite loop in VACUUM. Fix partition pruning setup during ALTER TABLE DETACH ... PARTITION CONCURRENTLY. Fix behavior of stable functions that are used as an argument to a CALL statement. pg_sequence_last_value() now returns NULL instead of throwing an error when called on unlogged sequences on standby servers and on temporary sequences of other sessions. Fix parsing of ignored operators in websearch_to_tsquery(). Correctly check updatability of view columns targeted by INSERT ... DEFAULT. Lock owned sequences during ALTER TABLE ... SET LOGGED|UNLOGGED. Don't throw an error if a queued AFTER trigger no longer exists. Fix selection of an arbiter index for INSERT ... ON CONFLICT when the desired index has expressions or predicates, for example, through an updatable view. Refuse to modify a temporary table of another session with ALTER TABLE. Fix handling of extended statistics on expressions in CREATE TABLE ... LIKE STATISTICS. Fix failure to recalculate sub-queries generated from MIN() or MAX() aggregates. Disallow underscores in positional parameters. Avoid crashing when a JIT-inlined backend function throws an error. Fix handling of subtransactions of prepared transactions when starting a hot standby server. Prevent incorrect initialization of logical replication slots. Fix memory leak in the logical replication WAL sender when publishing changes to a partitioned table whose partitions have row types that are physically different from the table. Disable creation of stateful TLS session tickets by OpenSSL. Fix how PL/pgSQL handles integer ranges containing underscores (e.g., FOR i IN 1_001..1_002). Fix incompatibility between PL/Perl and Perl 5.40. Several fixes related to recursive PL/Python functions and triggers. Ensure that pg_restore -l |
Total downloads
42
Last month's downloads
0
Last week's downloads
0
PostgreSQL Maestro, developed by SQL Maestro Group, is an exceptional database management tool designed specifically for PostgreSQL users. This powerful software provides a user-friendly interface ... database administrators. With its robust set of features, PostgreSQL Maestro enables seamless database management, allowing users to ...
... full potential of your data integration processes with PostgreSQL SSIS Components by Devart. Designed specifically for SQL ... powerful toolset enables seamless connectivity and interaction with PostgreSQL databases, making it an essential asset for data ... data flows, ensuring efficient data migration and transformation. Devart’s PostgreSQL SSIS Components offer robust features, including advanced data ...
PostgreSQL PHP Generator Lite, developed by SQL Maestro Group, ... streamline the process of creating PHP scripts for PostgreSQL databases. This intuitive software empowers developers and database ... for extensive coding knowledge. With its user-friendly interface, PostgreSQL PHP Generator Lite simplifies the complexities of database ...
