PostgreSQL development team for all supported database versions released updates, including PostgreSQL 12.2, 11.7, 10.12, 9.6.17, 9.5.21 and 9.4.26. This release of the update fixes a security issue found in the PostgreSQL server and fix the mistakes of the past over 70 feedback from the community within three months.
Note that, PostgreSQL 9.4 has been EOL (End of Life), the PostgreSQL 9.4.26 is the last version of the 9.4 series. Starting with this release, PostgreSQL 9.4 no longer receive security updates and bug fixes. PostgreSQL 9.4 introduces many new features, such as support JSONB, ALTER SYSTEMcommand, changes the logical function output stream to plug the like .
The team said that these functions are provided in the new version of PostgreSQL, it is recommended that users update the plan as soon as possible.
safe question
- CVE-2020-1720:
ALTER ... DEPENDS ON EXTENSIONthe lack of an authorization check
Affected versions: 9.6 --12
The ALTER ... DEPENDS ON EXTENSIONsub-command does not perform authorization checks, which can lead to unauthorized users can delete an arbitrary function, stored procedures, materialized views (materialized view), trigger index, and under certain conditions. If the administrator user installed extensions, and the unprivileged can CREATE, or expand owner can perform as expected DROP EXTENSION, and was persuaded to perform DROP EXTENSION., This attack may occur DROP EXTENSION.
Bug fixes and improvements
The update also fixes a 75 error reports of the past few months the community. Some of these issues only affect version 12, but may also affect all supported versions.
Some of these fixes include:
- Repair partition table with a foreign key references, the partition table
TRUNCATE ... CASCADEdoes not delete all the data. If you've used on a partitioned table with a foreign key referencesTRUNCATE ... CASCADE, see "Update" in part for verification and clearance procedures. - Unable to repair (also known as multi-level partition table) into a table with sub-partition add foreign key constraint problem. If you have used this feature, and can be isolated by Reconnect affected partition, or to repair it by dragging and dropping a foreign key constraint to the parent table. Can ALTER TABLE find more information about how to perform these steps profile.
- Solve performance problems partitioned tables CVE-2017-7484 fixes introduced in the planning process now allows query operators include memory leaks, use statistical information on the child table columns to grant the user has access to on the parent table.
- Some other fixes and changes the partition table, including the partition key does not allow expression returns a pseudo-type ( pseudo-types ), for example
RECORD. - Repair for executing each column
UPDATElogic trigger replication Subscribers - Repair logical replication subscribers and publishers of several crashes and failure problems
- ……
Download: https://www.postgresql.org/download/
update instructions: https://www.postgresql.org/about/news/2011/