| Version | Change log |
| PostgreSQL 18.1 Nov 14, 2025 |
Avoid returning duplicate rows from hash right semi-joins. Avoid possible out-of-memory failures during parallel GIN index build. Several fixes for BRIN indexes. Fixes for crashes related to partitioned tables, including one occurring during a recheck. Avoid duplicating hash partition constraints during DETACH CONCURRENTLY, which previously caused issues during dump/restore or if a parent table is dropped after the DETACH. Disallow generated columns in partition keys and in COPY ... FROM ... WHERE clauses. Fix incorrect reporting of replication lag in pg_stat_replication view. Avoid failures when synchronized_standby_slots references nonexistent replication slots. Avoid unwanted WAL receiver shutdown when switching from streaming to archive WAL source. Avoid unnecessary invalidation of logical replication slots. Correctly handle GROUP BY DISTINCT in PL/pgSQL assignment statements. Avoid leaking memory when handling a SQL error within PL/Python. Fix how libpq handles socket-related errors on Windows within its GSSAPI logic. Fix dumping of non-inherited NOT NULL constraints on inherited table columns. Ensure consistent ordering of foreign key constraints in the output of pg_dump. Several fixes for pgbench error handling and reporting. Fix memory leak in pg_combinebackup. Allow nonsuperusers with SELECT privileges on a table to use pg_prewarm to prewarm indexes on that table. |
| PostgreSQL 17.4 Feb 20, 2025 |
Improve behavior of libpq's quoting functions (Andres Freund, Tom Lane) § § § The changes made for CVE-2025-1094 had one serious oversight: PQescapeLiteral() and PQescapeIdentifier() failed to honor their string length parameter, instead always reading to the input string's trailing null. This resulted in including unwanted text in the output, if the caller intended to truncate the string via the length parameter. With very bad luck it could cause a crash due to reading off the end of memory. In addition, modify all these quoting functions so that when invalid encoding is detected, an invalid sequence is substituted for just the first byte of the presumed character, not all of it. This reduces the risk of problems if a calling application performs additional processing on the quoted string. Fix small memory leak in pg_createsubscriber (Ranier Vilela) § Fix meson build system to correctly detect availability of the bsd_auth.h system header (Nazir Bilal Yavuz) § |
| PostgreSQL 17.3 Feb 13, 2025 |
Harden PQescapeString and allied functions against invalidly-encoded input strings (Andres Freund, Noah Misch) Data-quoting functions supplied by libpq now fully check the encoding validity of their input. If invalid characters are detected, they report an error if possible. For the ones that lack an error return convention, the output string is adjusted to ensure that the server will report invalid encoding and no intervening processing will be fooled by bytes that might happen to match single quote, backslash, etc. The purpose of this change is to guard against SQL-injection attacks that are possible if one of these functions is used to quote crafted input. There is no hazard when the resulting string is sent directly to a PostgreSQL server (which would check its encoding anyway), but there is a risk when it is passed through psql or other client-side code. Historically such code has not carefully vetted encoding, and in many cases it's not clear what it should do if it did detect such a problem. This fix is effective only if the data-quoting function, the server, and any intermediate processing agree on the character encoding that's being used. Applications that insert untrusted input into SQL commands should take special care to ensure that that's true. Applications and drivers that quote untrusted input without using these libpq functions may be at risk of similar problems. They should first confirm the data is valid in the encoding expected by the server. The PostgreSQL Project thanks Stephen Fewer for reporting this problem. (CVE-2025-1094) Restore auto-truncation of database and user names appearing in connection requests (Nathan Bossart) This reverts a v17 change that proved to cause trouble for some users. Over-length names should be truncated in an encoding-aware fashion, but for now just return to the former behavior of blind truncation at NAMEDATALEN-1 bytes. Exclude parallel workers from connection privilege checks and limits (Tom Lane) Do not check da |
Total downloads
97
Last month's downloads
4
Last week's downloads
0
PostgreSQL Maestro, developed by SQL Maestro Group, is an exceptional database management tool designed specifically for PostgreSQL users. This powerful software provides a user-friendly interface ... database administrators. With its robust set of features, PostgreSQL Maestro enables seamless database management, allowing users to ...
... full potential of your data integration processes with PostgreSQL SSIS Components by Devart. Designed specifically for SQL ... powerful toolset enables seamless connectivity and interaction with PostgreSQL databases, making it an essential asset for data ... data flows, ensuring efficient data migration and transformation. Devart’s PostgreSQL SSIS Components offer robust features, including advanced data ...
PostgreSQL PHP Generator Lite, developed by SQL Maestro Group, ... streamline the process of creating PHP scripts for PostgreSQL databases. This intuitive software empowers developers and database ... for extensive coding knowledge. With its user-friendly interface, PostgreSQL PHP Generator Lite simplifies the complexities of database ...
