August 17, 2023 | OpenLogic by Perforce

Stay Informed

This week, read about:

Finding the Best Linux Distro for Your Organization.
Oracle, SUSE, and others caught up in RHEL drama hit back with OpenELA.
What's New in Apache Kafka 3.5: Features to Watch.

Key Security, Maintenance, and Features Releases

Non-Security Based Updates

Angular 16.2.0
benchpress:
fix: correctly report GC memory amounts (#50760)
common:
feat: add component input binding support for NgComponentOutlet (#51148)
feat: Allow ngSrc to be changed post-init (#50683)
compiler:
feat: scope selectors in @scope queries (#50747)
compiler-cli:
fix: libraries compiled with v16.1+ breaking with Angular framework v16.0.x (#50714)
core:
feat: add afterRender and afterNextRender (#50607)
feat: create injector debugging APIs (#48639)
feat: support Provider type in Injector.create (#49587)
fix: handle hydration of view containers for root components (#51247)
router:
feat: exposes the fixture of the RouterTestingHarness (#50280)

Apache Tomcat 11.0.0-M10
Catalina:

Fix potential database connection leaks in DataSourceUserDatabase identified by Coverity Scan. (markt)
Make parsing of ExtendedAccessLogValve patterns more robust. (markt)
Fix failure trying to persist configuration for an internal credential handler. (remm)
66680: When serializing a session during the session presistence process, do not log a warning that null Principals are not serializable. Pull request #638 provided by tsryo. (markt)
66822: Use the same naming format in log messages for Connector instances as the associated ProtocolHandler instance. (markt)
The parts count should also lower the actual maxParameterCount used for parsing parameters if parts are parsed first. (remm)

Coyote

Refactor blocking reads and writes for the NIO connector to remove code paths that could allow a notification from the Poller to be missed resuting in a timeout rather than the expected read or write. (markt)
Refactor waiting for an HTTP/2 stream or connection window update to handle spurious wake-ups during the wait. (markt)
Improve extensibility of endpoints for socket channel creation and TLS. Pull request #639 provided by Marco Fargetta. (remm)
Correct a regression introduced in 11.0.0-M9 and use the correct constant when constructing the default value for the certificateKeystoreFile attribute of an SSLHostConfigCertificate instance. (markt)
Refactor HTTP/2 implementation to reduce pinning when using virtual threads. (markt)
Pass through ciphers referring to an OpenSSL profile, such a PROFILE=SYSTEM instead of producing an error trying to parse it. (remm)
66841: Ensure that AsyncListener.onError() is called after an error during asynchronous processing with HTTP/2. (markt)
66842: When using asynchronous I/O (the default), include DATA frames when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. (markt)
Correct a race condition that could cause spurious RST messages to be sent after the response had been written to an HTTP/2 stream. (markt)

Web-socket:

66681: Fix a NullPointerException when flushing batched messages with compression enabled using permessage-deflate. (markt)

Jdbc-pool:

Fix the releaseIdleCounter does not increment when testAllIdle releases them. Pull request #241 provided by Arun Chaitanya Miriappalli (lihan)
Fix the ConnectionState state will be inconsistent with actual state on the connection when an exception occurs while writing. Pull request #643 provided by Wenjun Xiao. (lihan)

Other:

Update NSIS to 3.0.9. (markt)
Update Checkstyle to 10.12.2. (markt)
Improvements to French translations. (remm)
Improvements to Japanese translations. Contributed by tak7iji and Shirayuking. (markt)
66829: Fix quoting so users can use the _RUNJAVA environment variable as intended on Windows when the path to the Java executable contains spaces. (markt)
66834: Correct the OSGi contract references in the manifest files to refer to the Jakarta EE contract names rather than the Java EE contract names. (markt)
Update Tomcat Native to 2.0.5. (markt)

Apache Tomcat 10.1.12
Catalina:

66680: When serializing a session during the session presistence process, do not log a warning that null Principals are not serializable. Pull request #638 provided by tsryo. (markt)
Catch NamingException in JNDIRealm#getPrincipal. It is used in Java up to 17 to signal closed connections. (fschumacher)
66822: Use the same naming format in log messages for Connector instances as the associated ProtocolHandler instance. (markt)
The parts count should also lower the actual maxParameterCount used for parsing parameters if parts are parsed first. (remm)

Coyote:

Correct a regression introduced in 10.1.11 and use the correct constant when constructing the default value for the certificateKeystoreFile attribute of an SSLHostConfigCertificate instance. (markt)
Refactor HTTP/2 implementation to reduce pinning when using virtual threads. (markt)
Pass through ciphers referring to an OpenSSL profile, such as PROFILE=SYSTEM instead of producing an error trying to parse it. (remm)
66841: Ensure that AsyncListener.onError() is called after an error during asynchronous processing with HTTP/2. (markt)
66842: When using asynchronous I/O (the default), include DATA frames when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. (markt)
Correct a race condition that could cause spurious RST messages to be sent after the response had been written to an HTTP/2 stream. (markt)

WebSocket:

66681: Fix a NullPointerException when flushing batched messages with compression enabled using permessage-deflate. (markt)

jdbc-pool:

Fix the releaseIdleCounter does not increment when testAllIdle releases them. Pull request #241 provided by Arun Chaitanya Miriappalli (lihan)
Fix the ConnectionState state will be inconsistent with actual state on the connection when an exception occurs while writing. Pull request #643 provided by Wenjun Xiao. (lihan)

Other:

Update NSIS to 3.0.9. (markt)
Update Checkstyle to 10.12.2. (markt)
Improvements to French translations. (remm)
Improvements to Japanese translations. Contributed by tak7iji and Shirayuking. (markt)
66829: Fix quoting so users can use the _RUNJAVA environment variable as intended on Windows when the path to the Java executable contains spaces. (markt)
66834: Correct the OSGi contract references in the manifest files to refer to the Jakarta EE contract names rather than the Java EE contract names. (markt)
Update Tomcat Native to 2.0.5. (markt)

Docker Engine / Compose v2.20.3
Enhancements:

Watch: add tar sync implementation by @milas in #10853
Improve buildkit node creation by @silvin-lubecki in #10843
Display builder's name on the first build line. by @silvin-lubecki in #10881
Improve shell completion for --project-directory by @relrelb in #10879
Add shell completion for --profile by @relrelb in #10878

Fixes:

Progress: minor correctness fixes by @milas in #10871
Up: do not warn on successful optional dependency complete by @milas in #10870
Build: fix missing proxy build args for classic builder by @milas in #10887

Internal:

Trace: do not block connecting to OTLP endpoint by @milas in #10882
Test: fix e2e test for privileged builds by @milas in #10873
Test: temporarily disable an exit-code-from Cucumber test case by @milas in #10875
Watch: support multiple containers for tar implementation by @milas in #10860
Watch: batch & de-duplicate file events by @milas in #10865
Watch: enable tar-based syncer by default by @milas in #10877
Update Config comment in API Service interface by @prafgup in #10840
Update README and CI workflows to match main branch by @glours in #10889

Dependencies:

Build(deps): bump github.com/docker/cli from 24.0.4+incompatible to 24.0.5+incompatible by @dependabot in #10845
Build(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 by @dependabot in #10847
Build(deps): bump github.com/containerd/containerd from 1.7.2 to 1.7.3 by @dependabot in #10850
Build(deps): bump github.com/docker/docker from 24.0.5-0.20230714235725-36e9e796c6fc+incompatible to 24.0.5+incompatible by @dependabot in #10844
Update to go1.20.7 by @thaJeztah in #10861
Upgrade Golang to 1.21 by @glours in #10890
Bump compose-go to version v1.18.0 by @glours in #10891
Bump compose-go to version v1.18.1 by @glours in #10893
Build(deps): bump github.com/moby/buildkit from 0.12.1-0.20230717122532-faa0cc7da353 to 0.12.1 by @dependabot in #10867

HAProxy v2.9-dev3
BUG/MINOR: ssl: OCSP callback only registered for first SSL_CTX
BUG/MEDIUM: h3: Properly report a C-L header was found to the HTX start-line
MINOR: sample: add pid sample
MINOR: sample: implement act_conn sample fetch
MINOR: sample: accept_date / request_date return %Ts / %tr timestamp values
MEDIUM: sample: implement us and ms variant of utime and ltime
BUG/MINOR: sample: check alloc_trash_chunk() in conv_time_common()
DOC: configuration: describe Td in Timing events
MINOR: sample: implement the T* timer tags from the log-format as fetches
DOC: configuration: add sample fetches for timing events
BUG/MINOR: quic: Possible crash when acknowledging Initial v2 packets
MINOR: quic: Export QUIC traces code from quic_conn.c
MINOR: quic: Export QUIC CLI code from quic_conn.c
MINOR: quic: Move TLS related code to quic_tls.c
MINOR: quic: Add new "QUIC over SSL" C module.
MINOR: quic: Add a new quic_ack.c C module for QUIC acknowledgements
CLEANUP: quic: Defined but no more used function (quic_get_tls_enc_levels())
MINOR: quic: Split QUIC connection code into three parts
CLEANUP: quic: quic_conn struct cleanup
MINOR: quic; Move the QUIC frame pool to its proper location
BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full
BUG/MEDIUM: h3: Be sure to handle fin bit on the last DATA frame
DOC: configuration: rework the custom log format table
BUG/MINOR: quic+openssl_compat: Non initialized TLS encryption levels
CLEANUP: acl: remove cache_idx from acl struct
REORG: cfgparse: extract curproxy as a global variable
MINOR: acl: add acl() sample fetch
BUILD: cfgparse: keep a single "curproxy"
BUG/MEDIUM: bwlim: Reset analyse expiration date when then channel analyse ends
MEDIUM: stream: Reset response analyse expiration date if there is no analyzer
BUG/MINOR: htx/mux-h1: Properly handle bodyless responses when splicing is used
BUG/MEDIUM: quic: consume contig space on requeue datagram
BUG/MINOR: http-client: Don't forget to commit changes on HTX message
CLEANUP: stconn: Move comment about sedesc fields on the field line
REGTESTS: http: Create a dedicated script to test spliced bodyless responses
REGTESTS: Test SPLICE feature is enabled to execute script about splicing
BUG/MINOR: quic: reappend rxbuf buffer on fake dgram alloc error
BUILD: quic: fix wrong potential NULL dereference
MINOR: h3: abort request if not completed before full response
BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement
CLEANUP: quic: Remove quic_path_room().
MINOR: quic: Amplification limit handling sanitization.
MINOR: quic: Move some counters from [rt]x quic_conn anonymous struct
MEDIUM: quic: Send CONNECTION_CLOSE packets from a dedicated buffer.
MINOR: quic: Use a pool for the connection ID tree.
MEDIUM: quic: Allow the quic_conn memory to be asap released.
MINOR: quic: Release asap quic_conn memory (application level)
MINOR: quic: Release asap quic_conn memory from ->close() xprt callback.
MINOR: quic: Warning for OpenSSL wrapper QUIC bindings without "limited-quic"
REORG: http: move has_forbidden_char() from h2.c to http.h
BUG/MAJOR: h3: reject header values containing invalid chars
MINOR: mux-h2/traces: also suggest invalid header upon parsing error
MINOR: ist: add new function ist_find_range() to find a character range
MINOR: http: add new function http_path_has_forbidden_char()
MINOR: h2: pass accept-invalid-http-request down the request parser
REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests
BUG/MINOR: h1: do not accept '#' as part of the URI component
BUG/MINOR: h2: reject more chars from the :path pseudo header
BUG/MINOR: h3: reject more chars from the :path pseudo header
REGTESTS: http-rules: verify that we block '#' by default for normalize-uri
DOC: clarify the handling of URL fragments in requests
BUG/MAJOR: http: reject any empty content-length header value
BUG/MINOR: http: skip leading zeroes in content-length values
BUG/MEDIUM: mux-h1: fix incorrect state checking in h1_process_mux()
BUG/MEDIUM: mux-h1: do not forget EOH even when no header is sent
BUILD: mux-h1: shut a build warning on clang from previous commit
DEV: makefile: add a new "range" target to iteratively build all commits
CI: do not use "groupinstall" for Fedora Rawhide builds
CI: get rid of travis-ci wrapper for Coverity scan
BUG/MINOR: quic: mux started when releasing quic_conn
BUG/MINOR: quic: Possible crash in quic_cc_conn_io_cb() traces.
MINOR: quic: Add a trace for QUIC conn fd ready for receive
BUG/MINOR: quic: Possible crash when issuing "show fd/sess" CLI commands
BUG/MINOR: quic: Missing tasklet (quic_cc_conn_io_cb) memory release (leak)
BUG/MEDIUM: quic: fix tasklet_wakeup loop on connection closing
BUG/MINOR: hlua: fix invalid use of lua_pop on error paths
MINOR: hlua: add hlua_stream_ctx_prepare helper function
BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread
MAJOR: threads/plock: update the embedded library again
MINOR: stick-table: move the task_queue() call outside of the lock
MINOR: stick-table: move the task_wakeup() call outside of the lock
MEDIUM: stick-table: change the ref_cnt atomically
MINOR: stick-table: better organize the struct stktable
MEDIUM: peers: update ->commitupdate out of the lock using a CAS
MEDIUM: peers: drop then re-acquire the wrlock in peer_send_teachmsgs()
MEDIUM: peers: only read-lock peer_send_teachmsgs()
MEDIUM: stick-table: use a distinct lock for the updates tree
MEDIUM: stick-table: touch updates under an upgradable read lock
MEDIUM: peers: drop the stick-table lock before entering peer_send_teachmsgs()
MINOR: stick-table: move the update lock into its own cache line
CLEANUP: stick-table: slightly reorder the stktable struct
BUILD: defaults: use __WORDSIZE not LONGBITS for MAX_THREADS_PER_GROUP
MINOR: tools: make ptr_hash() support 0-bit outputs
MINOR: tools: improve ptr hash distribution on 64 bits
OPTIM: tools: improve hash distribution using a better prime seed
OPTIM: pools: use exponential back-off on shared pool allocation/release
OPTIM: pools: make pool_get_from_os() / pool_put_to_os() not update ->allocated
MINOR: pools: introduce the use of multiple buckets
MEDIUM: pools: spread the allocated counter over a few buckets
MEDIUM: pools: move the used counter over a few buckets
MEDIUM: pools: move the needed_avg counter over a few buckets
MINOR: pools: move the failed allocation counter over a few buckets
MAJOR: pools: move the shared pool's free_list over multiple buckets
MINOR: pools: make pool_evict_last_items() use pool_put_to_os_no_dec()
BUILD: pools: fix build error on clang with inline vs forceinline

Jenkins 2.419
Use standard size node icon even with long node names. (pull 8089)

Jenkins 2.418
New login page breaks login theme plugin. (issue 71238)
Fix "Manage Jenkins" context menu (regression in 2.415). (issue 71744)
Fix mistranslation of Japanese message in mailing list reference. (pull 8324)

Nodejs v20.5.1
Notable Changes
The following CVEs are fixed in this release:
CVE-2023-32002: Policies can be bypassed via Module._load (High)
CVE-2023-32558: process.binding() can bypass the permission model through path traversal (High)
CVE-2023-32004: Permission model can be bypassed by specifying a path traversal sequence in a Buffer (High)
CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
CVE-2023-32005: fs.statfs can bypass the permission model (Low)
CVE-2023-32003: fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low)

OpenSSL Security Releases:
OpenSSL security advisory 14th July.
OpenSSL security advisory 19th July.
OpenSSL security advisory 31st July.

Postgres REL_15_4

Disallow substituting a schema or owner name into an extension script if the name contains a quote, backslash, or dollar sign (Noah Misch)

This restriction guards against SQL-injection hazards for trusted extensions.

The PostgreSQL Project thanks Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg for reporting this problem. (CVE-2023-39417)

Fix MERGE to enforce row security policies properly (Dean Rasheed)

When MERGE performs an UPDATE action, it should enforce any UPDATE or SELECT RLS policies defined on the target table, to be consistent with the way that a plain UPDATE with a WHERE clause works. Instead it was enforcing INSERT RLS policies for both INSERT and UPDATE actions.

In addition, when MERGE performs a DO NOTHING action, it applied the target table's DELETE RLS policies to existing rows, even though those rows are not being deleted. While it's not a security problem, this could result in unwanted errors.

The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2023-39418)

Fix confusion between empty (no rows) ranges and all-NULL ranges in BRIN indexes, as well as incorrect merging of all-NULL summaries (Tomas Vondra)

Each of these oversights could result in forgetting that a BRIN index range contains any NULL values, potentially allowing subsequent queries that should return NULL values to miss doing so.

This fix will not in itself correct faulty BRIN entries. It's recommended to REINDEX any BRIN indexes that may be used to search for nulls.

Avoid leaving a corrupted database behind when DROP DATABASE is interrupted (Andres Freund)

If DROP DATABASE was interrupted after it had already begun taking irreversible steps, the target database remained accessible (because the removal of its pg_database row would roll back), but it would have corrupt contents. Fix by marking the database as inaccessible before we begin to perform irreversible operations. A failure after that will leave the database still partially present, but nothing can be done with it except to issue another DROP DATABASE.

Ensure that partitioned indexes are correctly marked as valid or not at creation (Michael Paquier)

If a new partitioned index matches an existing but invalid index on one of the partitions, the partitioned index could end up being marked valid prematurely. This could lead to misbehavior or assertion failures in subsequent queries on the partitioned table.

Ignore invalid child indexes when matching partitioned indexes to child indexes during ALTER TABLE ATTACH PARTITION (Michael Paquier)

Such an index will now be ignored, and a new child index created instead.

Fix possible failure when marking a partitioned index valid after all of its partitions have been attached (Michael Paquier)

The update of the index's pg_index entry could use stale data for other columns. One reported symptom is an “attempted to update invisible tuple” error.

Fix ALTER EXTENSION SET SCHEMA to complain if the extension contains any objects outside the extension's schema (Michael Paquier, Heikki Linnakangas)

Erroring out if the extension contains objects in multiple schemas was always intended; but the check was mis-coded so that it would fail to detect some cases, leading to surprising behavior.

Fix tracking of tables' access method dependencies (Michael Paquier)

ALTER TABLE ... SET ACCESS METHOD failed to update relevant pg_depend entries when changing a table's access method. When using non-built-in access methods, this creates a risk that an access method could be dropped even though tables still depend on it. This fix corrects the logic in ALTER TABLE, but it will not adjust any already-missing pg_depend entries.

Don't use partial unique indexes for uniqueness proofs in the planner (David Rowley)

This could give rise to incorrect plans, since the presumed uniqueness of rows read from a table might not hold if the index in question isn't used to scan the table.

Don't Memoize lateral joins with volatile join conditions (Richard Guo)

Applying Memoize to a sub-plan that contains volatile filter conditions is likely to lead to wrong answers. The check to avoid doing this missed some cases that can arise when using LATERAL.

Avoid producing incorrect plans for foreign joins with pseudoconstant join clauses (Etsuro Fujita)

The planner currently lacks support for attaching pseudoconstant join clauses to a pushed-down remote join, so disable generation of remote joins in such cases. (A better solution will require ABI-breaking changes of planner data structures, so it will have to wait for a future major release.)

Correctly handle sub-SELECTs in RLS policy expressions and security-barrier views when expanding rule actions (Tom Lane)
Fix race conditions in conflict detection for SERIALIZABLE isolation mode (Thomas Munro)

Conflicts could be missed when using bitmap heap scans, when using GIN indexes, and when examining an initially-empty btree index. All these cases could lead to serializability failures due to improperly allowing conflicting transactions to commit.

Fix misbehavior of EvalPlanQual checks with inherited or partitioned target tables (Tom Lane)

This oversight could lead to update or delete actions in READ COMMITTED isolation mode getting performed when they should have been skipped because of a conflicting concurrent update.

Fix hash join with an inner-side hash key that contains Params coming from an outer nested loop (Tom Lane)

When rescanning the join after the values of such Params have changed, we must rebuild the hash table, but neglected to do so. This could result in missing join output rows.

Fix intermittent failures when trying to update a field of a composite column (Tom Lane)

If the overall value of the composite column is wide enough to require out-of-line toasting, then an unluckily-timed cache flush could cause errors or server crashes.

Prevent query-lifespan memory leaks in some UPDATE queries with triggers (Tomas Vondra)
Prevent query-lifespan memory leaks when an Incremental Sort plan node is rescanned (James Coleman, Laurenz Albe, Tom Lane)
Accept fractional seconds in the input to jsonpath's datetime() method (Tom Lane)
Prevent stack-overflow crashes with very complex text search patterns (Tom Lane)
Allow tokens up to 10240 bytes long in pg_hba.conf and pg_ident.conf (Tom Lane)

The previous limit of 256 bytes has been found insufficient for some use-cases.

Ensure that all existing placeholders are checked for matches when an extension declares its GUC prefix to be reserved (Karina Litskevich, Ekaterina Sokolova)

Faulty loop logic could cause some entries to be skipped.

Fix mishandling of C++ out-of-memory conditions (Heikki Linnakangas)

If JIT is in use, running out of memory in a C++ new call would lead to a PostgreSQL FATAL error, instead of the expected C++ exception.

Fix rare null-pointer crash in plancache.c (Tom Lane)
Avoid leaking a stats entry for a subscription when it is dropped (Masahiko Sawada)
Avoid losing track of possibly-useful shared memory segments when a page free results in coalescing ranges of free space (Dongming Liu)

Ensure that the segment is moved into the appropriate “bin” for its new amount of free space, so that it will be found by subsequent searches.

Allow VACUUM to continue after detecting certain types of b-tree index corruption (Peter Geoghegan)

If an invalid sibling-page link is detected, log the issue and press on, rather than throwing an error as before. Nothing short of REINDEX will fix the broken index, but preventing VACUUM from completing until that is done risks making matters far worse.

Ensure that WrapLimitsVacuumLock is released after VACUUM detects invalid data in pg_database.datfrozenxid or pg_database.datminmxid (Andres Freund)

Failure to release this lock could lead to a deadlock later, although the lock would be cleaned up if the session exits or encounters some other error.

Avoid double replay of prepared transactions during crash recovery (suyu.cmj, Michael Paquier)

After a crash partway through a checkpoint with some two-phase transaction state data already flushed to disk by this checkpoint, crash recovery could attempt to replay the prepared transaction(s) twice, leading to a fatal error such as “lock is already held” in the startup process.

Ensure that a newly created, but still empty table is fsync'ed at the next checkpoint (Heikki Linnakangas)

Without this, if there is an operating system crash causing the empty file to disappear, subsequent operations on the table might fail with “could not open file” errors.

Ensure that creation of the init fork of an unlogged index is WAL-logged (Heikki Linnakangas)

While an unlogged index's main data fork is not WAL-logged, its init fork should be, to ensure that we have a consistent state to restore the index to after a crash. This step was missed if the init fork contains no data, which is a case not used by any standard index AM; but perhaps some extension behaves that way.

Silence bogus “missing contrecord” errors (Thomas Munro)

Treat this case as plain end-of-WAL to avoid logging inaccurate complaints from pg_waldump and walsender.

Fix overly strict assertion in jsonpath code (David Rowley)

This assertion failed if a query applied the .type() operator to a like_regex result. There was no bug in non-assert builds.

Avoid assertion failure when processing an empty statement via the extended query protocol in an already-aborted transaction (Tom Lane)
Avoid assertion failure when the stats_fetch_consistency setting is changed intra-transaction (Kyotaro Horiguchi)
Fix contrib/fuzzystrmatch's Soundex difference() function to handle empty input sanely (Alexander Lakhin, Tom Lane)

An input string containing no alphabetic characters resulted in unpredictable output.

Tighten whitespace checks in contrib/hstore input (Evan Jones)

In some cases, characters would be falsely recognized as whitespace and hence discarded.

Disallow oversize input arrays with contrib/intarray's gist__int_ops index opclass (Ankit Kumar Pandey, Alexander Lakhin)

Previously this code would report a NOTICE but press on anyway, creating an invalid index entry that presents a risk of crashes when the index is read.

Avoid useless double decompression of GiST index entries in contrib/intarray (Konstantin Knizhnik, Matthias van de Meent, Tom Lane)
Fix contrib/pageinspect's gist_page_items() function to work when there are included index columns (Alexander Lakhin, Michael Paquier)

Previously, if the index has included columns, gist_page_items() would fail to display those values on index leaf pages, or crash outright on non-leaf pages.

In psql, ignore the PSQL_WATCH_PAGER environment variable when stdin/stdout are not a terminal (Tom Lane)

This corresponds to the treatment of PSQL_PAGER in commands besides \watch.

Fix pg_dump to correctly handle new-style SQL-language functions whose bodies require parse-time dependencies on unique indexes (Tom Lane)

Such cases can arise from GROUP BY and ON CONFLICT clauses, for example. The function must then be postponed until after the unique index in the dump output, but pg_dump did not do that and instead printed a warning about “could not resolve dependency loop”.

Improve pg_dump's display of details about dependency-loop problems (Tom Lane)
Avoid crash in pgbench with an empty pipeline and prepared mode (Álvaro Herrera)
Ensure that pg_index.indisreplident is kept up-to-date in relation cache entries (Shruthi Gowda)

This value could be stale in some cases. There is no core code that relies on the relation cache's copy, so this is only a latent bug as far as Postgres itself is concerned; but there may be extensions for which it is a live bug.

Fix make_etags script to work with non-Exuberant ctags (Masahiko Sawada)

Postgres REL_14_9

Disallow substituting a schema or owner name into an extension script if the name contains a quote, backslash, or dollar sign (Noah Misch)

This restriction guards against SQL-injection hazards for trusted extensions.

The PostgreSQL Project thanks Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg for reporting this problem. (CVE-2023-39417)

Fix confusion between empty (no rows) ranges and all-NULL ranges in BRIN indexes, as well as incorrect merging of all-NULL summaries (Tomas Vondra)

Each of these oversights could result in forgetting that a BRIN index range contains any NULL values, potentially allowing subsequent queries that should return NULL values to miss doing so.

This fix will not in itself correct faulty BRIN entries. It's recommended to REINDEX any BRIN indexes that may be used to search for nulls.

Avoid leaving a corrupted database behind when DROP DATABASE is interrupted (Andres Freund)

Ensure that partitioned indexes are correctly marked as valid or not at creation (Michael Paquier)

Ignore invalid child indexes when matching partitioned indexes to child indexes during ALTER TABLE ATTACH PARTITION (Michael Paquier)

Such an index will now be ignored, and a new child index created instead.

Fix possible failure when marking a partitioned index valid after all of its partitions have been attached (Michael Paquier)

The update of the index's pg_index entry could use stale data for other columns. One reported symptom is an “attempted to update invisible tuple” error.

Fix ALTER EXTENSION SET SCHEMA to complain if the extension contains any objects outside the extension's schema (Michael Paquier, Heikki Linnakangas)

Erroring out if the extension contains objects in multiple schemas was always intended; but the check was mis-coded so that it would fail to detect some cases, leading to surprising behavior.

Don't use partial unique indexes for uniqueness proofs in the planner (David Rowley)

This could give rise to incorrect plans, since the presumed uniqueness of rows read from a table might not hold if the index in question isn't used to scan the table.

Don't Memoize lateral joins with volatile join conditions (Richard Guo)

Applying Memoize to a sub-plan that contains volatile filter conditions is likely to lead to wrong answers. The check to avoid doing this missed some cases that can arise when using LATERAL.

Avoid producing incorrect plans for foreign joins with pseudoconstant join clauses (Etsuro Fujita)

Correctly handle sub-SELECTs in RLS policy expressions and security-barrier views when expanding rule actions (Tom Lane)
Fix race conditions in conflict detection for SERIALIZABLE isolation mode (Thomas Munro)

Fix misbehavior of EvalPlanQual checks with inherited or partitioned target tables (Tom Lane)

This oversight could lead to update or delete actions in READ COMMITTED isolation mode getting performed when they should have been skipped because of a conflicting concurrent update.

Fix hash join with an inner-side hash key that contains Params coming from an outer nested loop (Tom Lane)

When rescanning the join after the values of such Params have changed, we must rebuild the hash table, but neglected to do so. This could result in missing join output rows.

Fix intermittent failures when trying to update a field of a composite column (Tom Lane)

If the overall value of the composite column is wide enough to require out-of-line toasting, then an unluckily-timed cache flush could cause errors or server crashes.

Prevent query-lifespan memory leaks in some UPDATE queries with triggers (Tomas Vondra)
Prevent query-lifespan memory leaks when an Incremental Sort plan node is rescanned (James Coleman, Laurenz Albe, Tom Lane)
Accept fractional seconds in the input to jsonpath's datetime() method (Tom Lane)
Prevent stack-overflow crashes with very complex text search patterns (Tom Lane)
Allow tokens up to 10240 bytes long in pg_hba.conf and pg_ident.conf (Tom Lane)

The previous limit of 256 bytes has been found insufficient for some use-cases.

Fix mishandling of C++ out-of-memory conditions (Heikki Linnakangas)

If JIT is in use, running out of memory in a C++ new call would lead to a PostgreSQL FATAL error, instead of the expected C++ exception.

Fix rare null-pointer crash in plancache.c (Tom Lane)
Avoid losing track of possibly-useful shared memory segments when a page free results in coalescing ranges of free space (Dongming Liu)

Ensure that the segment is moved into the appropriate “bin” for its new amount of free space, so that it will be found by subsequent searches.

Allow VACUUM to continue after detecting certain types of b-tree index corruption (Peter Geoghegan)

Ensure that WrapLimitsVacuumLock is released after VACUUM detects invalid data in pg_database.datfrozenxid or pg_database.datminmxid (Andres Freund)

Failure to release this lock could lead to a deadlock later, although the lock would be cleaned up if the session exits or encounters some other error.

Avoid double replay of prepared transactions during crash recovery (suyu.cmj, Michael Paquier)

Fix possible failure while promoting a standby server, if archiving is enabled and two-phase transactions need to be recovered (Julian Markwort)

If any required two-phase transactions were logged in the most recent (partial) log segment, promotion would fail with an incorrect complaint about “requested WAL segment has already been removed”.

Ensure that a newly created, but still empty table is fsync'ed at the next checkpoint (Heikki Linnakangas)

Without this, if there is an operating system crash causing the empty file to disappear, subsequent operations on the table might fail with “could not open file” errors.

Ensure that creation of the init fork of an unlogged index is WAL-logged (Heikki Linnakangas)

Fix missing reinitializations of delay-checkpoint-end flags (suyu.cmj)

This could result in unnecessary delays of checkpoints, or in assertion failures in assert-enabled builds.

Fix overly strict assertion in jsonpath code (David Rowley)

This assertion failed if a query applied the .type() operator to a like_regex result. There was no bug in non-assert builds.

Avoid assertion failure when processing an empty statement via the extended query protocol in an already-aborted transaction (Tom Lane)
Fix contrib/fuzzystrmatch's Soundex difference() function to handle empty input sanely (Alexander Lakhin, Tom Lane)

An input string containing no alphabetic characters resulted in unpredictable output.

Tighten whitespace checks in contrib/hstore input (Evan Jones)

In some cases, characters would be falsely recognized as whitespace and hence discarded.

Disallow oversize input arrays with contrib/intarray's gist__int_ops index opclass (Ankit Kumar Pandey, Alexander Lakhin)

Previously this code would report a NOTICE but press on anyway, creating an invalid index entry that presents a risk of crashes when the index is read.

Avoid useless double decompression of GiST index entries in contrib/intarray (Konstantin Knizhnik, Matthias van de Meent, Tom Lane)
Fix contrib/pageinspect's gist_page_items() function to work when there are included index columns (Alexander Lakhin, Michael Paquier)

Previously, if the index has included columns, gist_page_items() would fail to display those values on index leaf pages, or crash outright on non-leaf pages.

Fix pg_dump to correctly handle new-style SQL-language functions whose bodies require parse-time dependencies on unique indexes (Tom Lane)

Ensure that pg_index.indisreplident is kept up-to-date in relation cache entries (Shruthi Gowda)

Redis 7.2.0
Upgrade urgency LOW: This is the first stable Release for Redis 7.2.
Bug Fixes:

redis-cli in cluster mode handles unknown-endpoint (#12273)
Update request / response policy hints for a few commands (#12417)
Ensure that the function load timeout is disabled during loading from RDB/AOF and on replicas. (#12451)
Fix false success and a memory leak for ACL selector with bad parenthesis combination (#12452)
Fix the assertion when script timeout occurs after it signaled a blocked client (#12459)

Fixes for issues in previous releases of Redis 7.2:

Update MONITOR client's memory correctly for INFO and client-eviction (#12420)
The response of cluster nodes was unnecessarily adding an extra comma when no
hostname was present. (#12411)

OpenJ9 0.40.0

d12d10c (0.40) Update to OpenSSL 1.1.1v Peter Shipton #17896
67512b5 (0.40) Update OpenSSL to the 1.1.1 July 19 CVE level Peter Shipton #17836
18fb6d1 (0.40) Use jdk19 to build jdk20 Peter Shipton #17834
b681a67 (0.40) Exclude cmdLineTester_CryptoTest in FIPS mode Paritosh Kumar #17777
ac8c50c (v0.40.0-release) j9gc_createJavaLangString protects string objects across GC points Jason Feng #17747
7319b8d (0.40) Split sanity.openjdk into 3 parallel jobs Lan Xia #17705
6eed053 (v0.40.0-release) CRIU tests pass if the original thread IDs can't be acquired Jason Feng #17702
c5b1658 (0.40) Modify the translated PII files in nls folder 20230627 Dong Chen #17687
26d65ac Change API used for computing code cache size in low memory environments (0.40.0) Marius Pirvu #17682
4dd1080 (v0.40.0-release) CRIU tests require only one Pre-checkpoint message Jason Feng #17669
e116b33 (v0.40.0-release) CRIU skips clearInetAddressCache() if InetAddress is not initialized Jason Feng #17670
e13741a (0.40) Add missed check for compressed string Dmitri Pivkine #17661
558f239 (0.40) CRIU GC: Flush and Reset Buffers on Reinit Salman Rana #17653
c50c466 (0.40) Add checkpoint delay when clinit is occuring Tobi Ajila #17652
8b4420c (v0.40.0)Use debug interpreter unconditionally when debug is enabled … Mike Zhang #17627
efe6ee2 (v0.40.0-release) CRIU throws JVMCRIUException in single threaded mode if parks no timeout Jason Feng #17639
2684cbb (0.40) Update Split List Forced Flag + Revert CRIU Thread Count Reinit Salman Rana #17644
970c9be (0.40) GC CRIU: Reinit HeapRegionDescriptorExtensions (Region Obj Lists) Salman Rana #17645
71eab61 (0.40) Avoid generating store of uninitialized auto when reducing TRT2 Devin Papineau #17605
b5af32b [0.40] Add NLS message: J9NLS_PORT_RUNNING_IN_CONTAINER_FAILURE Babneet Singh #17600
17f2765 (0.40) Fix invalid OMR_PRI* usage on Windows Kevin Grigorenko #17569
c4720f2 [FFI/Jtreg_JDK20] Keep the downcall address alive for downcall (0.40) ChengJin01 #17565
936ec54 (0.40) Modify the translated PII files in nls folder 20230607 Dong Chen #17545
99c5d95 [FFI/Jtreg_JDK20] Validate the downcall address with the scope check (0.40) ChengJin01 #17538
b9cd65e Insert branch around re performing store for awrtbar Rahil Shah #17517
f514560 CRIU skips j9sysinfo_get_username()/getpwuid() if isCheckPointAllowed Jason Feng #17505
0a07503 Put select system property names and values in allocated memory Keith W. Campbell #17407
bedafef Handle new vector opcodes Gita Koblents #17112
60798a3 Revert "Enable EDO during AOT compilation" Peter Shipton #17512
6ed80ce Enable EDO during AOT compilation Christian Despres #17217
3cbf8a0 Bump actions/setup-python from 2.3.3 to 4.6.1 dependabot[bot] #17502
4334ef0 Remove configuration information for Java 19 Keith W. Campbell #17507
42d8c31 Correct return type of JVM_Sleep() Keith W. Campbell #17504
c005819 Expand bytecode offset variables to 32bit Kevin Langman #17469
91c8570 Fix array constructor for Object Lists Aleksandar Micic #17503
283b706 Set LIGHT_WEIGHT_CHECKOUT to true Lan Xia #17497
423823f Correct SPDX license identifiers Jason Feng #17494
b087017 Correct SPDX license identifier Dmitri Pivkine #17489
dd16eba CRIU JDK11UpTimeoutAdjustmentTest adjusts for thread starting Jason Feng #17473
9797bca Rework RegionExtenstion/Object List Initialization Salman Rana #17461
69d50bc Bump actions/github-script from 3.2.0 to 6.4.1 dependabot[bot] #17481
ba2ccc1 Bump actions/checkout from 2.7.0 to 3.5.2 dependabot[bot] #17482
914adf4 Bump adoptium/run-aqa from 1.0.8 to 2.0.1 dependabot[bot] #17483
54a776f Bump peter-evans/create-pull-request from 3.14.0 to 5.0.1 dependabot[bot] #17480
013e44d Bump actions/upload-artifact from 2.3.1 to 3.1.2 dependabot[bot] #17484
ff98e55 [StepSecurity] Apply security best practices StepSecurity Bot #17477
b58a15e Call static method VM.getVMArgs() from JNI as a static method Peter Shipton #17475
f98cb31 Update openssl to version 1.1.1u Keith W. Campbell #17468
3e340db Disable FFI specific code for compilation in JDK21 ChengJin01 #17352
6aab183 Add/update java.specification.maintenance.version Keith W. Campbell #17470
c7ac2f7 Correct SPDX license identifiers Keith W. Campbell #17435
3b029b0 Add support for persistent SCC on z/OS Hang Shao #17073
f988e15 Set symbol declared class for field shadows Devin Papineau #17327
623c7ba Adding helper functions for crc32 special routines to enable optimizations in AOT Bhavani SN #17453
1b94cba Handle code cache alloction for low memory SajinaKandy #17425
12286f5 CRIU restore clears InetAddress.cache Jason Feng #17448
ec0eb13 Add the unimplemented assertion to Thread.findScopedValueBindings() Gengchen Tuo #17451
3bacb5a Add CH Table AOT Feature Flag Irwin D'Souza #17260
4bb727b Place fatal asserts in FE queries that JITServer should not call Marius Pirvu #17355
18f6869 Simplify callMustBeInlinedRegardlessOfSize calls James You #17406
1220e36 Use genLoadProfiledClassAddressConstant in Z codegen Spencer Comin #14932
37e239e Revert "Sync JVM init and exit paths" Babneet Singh #17438
de38712 Fix bug related to J9::Options::_compilationDelayTime unit Marius Pirvu #17436
3ca50dc Fix compile error due to unused variable Keith W. Campbell #17434
7d5d62a Correctly handle primitive VTs in System.arraycopy Ehren Julien-Neitzert #17048
3fbe09e Add areFlattenableValueTypesEnabled() for JIT Hang Shao #17413
22b17b8 [Jtreg/FFI] Remove the null segment check for pointer ChengJin01 #17408
826d49a (0.39) Prototype Continuation caching Babneet Singh #17409
e4a741f Add new optimization catchBlockProfiler Marius Pirvu #16854
b182f7a Add 31-64 interop support for JVM_ funcs for JDK17+ Joran Siu #17369
9667d83 Add new build flag to split value object feature from Valhalla Hang Shao #17394
a555ad2 WIP: Teach ValueTypeUnsafeTests about dual header shape Shubham Verma #17375
cb36d2d Sync JVM init and exit paths Babneet Singh #17101
d41eba9 Fix handling of IPv6 addressed Keith W. Campbell #17403
c9ea68f Enable CRC32 to run with AOT enabled on Power Bhavani SN #17243
8800e58 Patch addresses in LLILF/IIHF pairs on class unload and HCR Spencer Comin #15705
0ef06f4 Use TRUE instead of true calling freeContinuation() Babneet Singh #17398
8aa8676 Prototype Continuation caching Jack Lu #17344
09a3602 DDR: Fix function call parsing in StackMap Devin Nakamura #17278
b5c39bf Return false from JVM_DTraceIsSupported Peter Shipton #17391
1cbe6d1 Add missing value type check before zero the lockword Hang Shao #17381
8e3bb68 [FFI/JDK20_Jtreg] Handle the invalid arguments & return value ChengJin01 #17308
7806354 Provide a better error message for failed library loads on jdk17+ Peter Shipton #17374
3e7e8f9 Fix to handle suspend/resume of virtual/carrier threads Dipak Bagadiya #17350
45ed10a Fix typo in JDK11 build instructions James You #17373
575cae3 Remove unnecessary compatibility constant J9DescriptionCpTypeShift Keith W. Campbell #17376
ae2bda7 Throw UnsupportedOperationException in sun.misc.Perf.attach natives Peter Shipton #17380
ba48d1f Refactor GC Object List Allocation/Initialization Salman Rana #17330
7aa3fb8 Introduce GC CRIU (reinit) API for Thread Local Obj Buffers / Env Delegate Salman Rana #17348
0d24025 Remove obsolete references to freetype in jdk8 build instructions Peter Shipton #17379
9f19595 Define J9ClassEnv::primitiveArrayComponentType() Devin Papineau #17274
400ef3e Fix constant mapping in J9ConstantPoolCommand Jack Lu #17371
61cabd5 Support offloading for jdk17+ Peter Shipton #17306
899eedf Ensure JITServer tests check if server exists Irwin D'Souza #17363
663c581 Correct condition for preparing offloading library Keith W. Campbell #17370
7815549 Close VM and thread libraries on successful DestroyJavaVM Graham Chapman #17336
b3ac5be Correct types for min, length in memory segment objects Keith W. Campbell #17275
e698b8f Revert "Restore @OverRide annotation for Access.getLoaderNameID()" Peter Shipton #17361
36f6357 Implement JVM_VirtualThreadHideFrames() Gengchen Tuo #16654

View all OpenUpdate editions >