PostgreSQL 15.4, 14.9, 13.12, 12.16, 11.21 and 16 Beta 3 Released

News 2023-08-11 17:11:44 views: null

The PostgreSQL Global Development Team has released an update for all currently supported versions : 15.4, 14.9, 13.12, 12.16, and 11.21, as well as the third beta of PostgreSQL 16. This release fixes two security holes and fixes over 40  bugs reported over the past few months.

If you use BRIN indexes to look up values, you will need to reindex themNULL after upgrading to this release . On PostgreSQL 12 and later, you can   avoid blocking writes to affected indexes and tables with, for example:REINDEX CONCURRENTLYREINDEX INDEX CONCURRENTLY your_index_name;

For a full list of changes, view  the release notes .

PostgreSQL 11 EOL Notice

PostgreSQL 11 will stop receiving fixes on November 9, 2023. If you are running PostgreSQL 11 in production, it is recommended that you plan to upgrade to a newer supported version of PostgreSQL. See Version Control Policy for more information.

Security Question

CVE-2023-39417  : Extended scripts in references @substitutions@allow SQL injection.

Supported, vulnerable versions: 11 - 15. Security teams usually don't test unsupported versions, but this problem has existed for a long time.

Extension scripts are vulnerable if they are used within quoting constructs ( dollar quoting, '', or  ) "". Vulnerabilities exist for extensions that are not bundled. There are indeed holes in the documentation examples and non-bundled extensions. Therefore, a prerequisite for the attack is that the administrator installs the vulnerable, trusted, non-bundled extension file. Under this prerequisite, an attacker with database-level privileges can execute arbitrary code as a bootstrap superuser. PostgreSQL will prevent this attack in the core server, so there is no need to modify individual extensions. @extowner@@extschema@@extschema:...@CREATE

CVE-2023-39418 : MERGEUnable to enforce UPDATEor SELECTenforce security policies.

Supported, vulnerable versions: 15.

PostgreSQL 15 introduced MERGEcommands that fail to test new rows against the row security policy defined for UPDATEand . SELECTUsers can store certain rows if UPDATEand SELECTpolicy prohibits them, but INSERTthe policy does not. Subsequent consequences depend on the application. This only affects CREATE POLICYdatabases used to define row security policies. ​​​​​​​​​​​​​​​​

Bug fixes and improvements

The issues listed below affect PostgreSQL 15, some of which may also affect other supported PostgreSQL versions.

  • FixedNULL handling of values  ​​in BRIN indexes . This repair does not apply to existing BRIN indexes - users will need to run REINDEXto repair any BRIN indexes that are used to search for NULL values.
  • Avoid leaving a corrupt database when DROP DATABASE is interrupted.
  • Several fixes for partitioned indexes.
  •  Fix bug if extension contains any objects outside of extension schema ALTER EXTENSION ... SET SCHEMA.
  • Fix dependency tracking for table access methods.
  • Do not use partially unique indexes in the planner to prove uniqueness.
  • Properly handle RLS policy expressions and sub-SELECTs in security-barrier views when extending rule actions.
  • Fix SERIALIZABLErace conditions in transaction isolation mode conflict detection.
  •  Fix intermittent failure when trying to update fields of composite columns that require out-of-line TOASTing .
  • Fix multiple memory leaks that occurred during the query lifecycle.
  • Accept fractional seconds in input to jsonpathdatetime() methods.
  • Increased the token limit in pg_hba.confand pg_ident.confto 10,240 bytes.
  • Out-of-memory errors from the JIT will now result in PostgreSQL FATALerrors instead of C++ exceptions.
  • Allows continuation after detection of certain types of B-tree index corruption VACUUM. While this repair allows VACUUM to continue, users still need to REINDEXrepair corrupted indexes.
  • Avoid double replaying prepared transactions during crash recovery.
  • Make sure checkpoint calls fsync on newly created empty tables.
  • Silence "missing contrecord" errors to avoid logging  inaccurate messages from pg_waldumpand .walsender
  • Fix [fuzzystrmatch]( https://www.postgresql.org/docs/current/fuzzystrmatch.html  Soundex  function to handle empty input correctly. difference()
  • Several fixes for intarray, including disallowing overly large input arrays in GiST indexes.
  • Fix pg_dumpto correctly handle SQL standard function bodies ( ) that depend on unique indexes when parsing is required BEGIN ATOMIC.

For a full list of available changes, view  the release notes .

Fixes in PostgreSQL 16 Beta 3

  • psqlAdd commands in \drgto display information about role authorization.
  • pg_waldump --save-fullpageAdd the timeline ID to the filename generated using .
  • Fix crash after deadlock in parallel VACUUM worker.

See the release notes for a complete list of new and changed features.

Download address: https://www.postgresql.org/download/

Guess you like

Origin www.oschina.net/news/253267/postgresql-154-149-1312-1216-1121-16-beta-3-released
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com