Stay Informed

This week, read about:

Security Based Updates

Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:

We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!

CentOS 8

  • expat-2.2.5-4_ol003.el8
    • Build Date: Mon 06 May 2024 08:32:42 PM UTC
    • Backported security fix for CVE-2021-46143.
  • openssh-8.0p1-10_ol001.el8
    • Build Date: Thu 02 May 2024 08:20:48 PM UTC
    • Backported security fixes for CVE-2023-38408.
  • expat-2.2.5-4_ol002.el8

PUTTY Vulnerability CVE-2024-31497
The effect of the vulnerability is to compromise the private key.

OpenSSL 3.3.0 released
OpenSSL 3.3 delivers the following new features:

  • QUIC qlog diagnostic logging support
  • Support for the non-blocking polling of multiple QUIC connections or stream objects
  • Support for optimized generation of end-of-stream frames for QUIC connections
  • Support for disabling QUIC event processing when making API calls
  • Support for configuring QUIC idle timeout durations
  • Support for querying the size and utilization of a QUIC stream’s write buffer
  • Support for RFC 9480 and RFC 9483 extensions to CMP
  • Ability to disable OpenSSL usage of atexit(3) at build time
  • Year 2038-compatible SSL_SESSION APIs
  • Ability to automatically derive Chinese Remainder Theorem (CRT) parameters when requested
  • Ability to ignore unknown algorithm names in TLS signature algorithm and group configuration strings
  • Ability to configure a TLS 1.3 server to prefer PSK-only key exchange during session resumption
  • Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple times with different output sizes.
  • Added exporter for CMake on Unix and Windows, alongside the pkg-config exporter.
  • And more.

Non-Security Based Updates

Angular 17.3.8
COMPILER:

  • (fix - c21b459ba6) | add math elements to schema (#55631) (#55645)

CORE:

  • (fix - 3818436ebc) | don't schedule timer triggers on the server (#55605)

Gitlab v16.9.7
Fixed (1 change):
- [Changed the email validation for only encoded chars](gitlab-org/security/gitlab@01275ef428e3b183c638adaebe28ac53edb6ce0b) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151484/))

Changed (1 change):
- [Return or display Gitlab version if GITLAB_KAS_VERSION is a SHA](gitlab-org/security/gitlab@d7792bcb9cdfaabc3b1345facee6b7536fb2b3cb)

Security (11 changes):
- [Update GITHUB_MEDIA_CDN to avoid SSRF when importing from Github](gitlab-org/security/gitlab@3910b8db08f64662611322b84abfa282fe975396) ([merge request](gitlab-org/security/gitlab!4013))
- [Prevent namespace banned users from reading project todos](gitlab-org/security/gitlab@a43f81187c393376f7bdf603277e72036a127013) ([merge request](gitlab-org/security/gitlab!3941))
- [ReDoS in GitRefsFinder when using wildcards in branch search](gitlab-org/security/gitlab@844ad9c3f404a0a838b895d4ac9b7dc7493bd291) ([merge request](gitlab-org/security/gitlab!3997))
- [ReDos in escape and commit reference filters](gitlab-org/security/gitlab@186bda71e1bbcf542effee18a14d1a7261b0b12d) ([merge request](gitlab-org/security/gitlab!3974))
- [Validate request origin before MR approval](gitlab-org/security/gitlab@47be8dd9e352c19ca8fe2865c6cf995fbce987de) ([merge request](gitlab-org/security/gitlab!4009))
- [Check request size before updating user pins](gitlab-org/security/gitlab@f882c7ffaca37e10933d3f7e82d665444e25fd64) ([merge request](gitlab-org/security/gitlab!4016))
- [Enforce per_page validation for Branches/TagsFinders](gitlab-org/security/gitlab@29b2b5636a1ce1defa6dedaf656f84b54b322976) ([merge request](gitlab-org/security/gitlab!4000))
- [Update Integrations::Discord::ATTACHMENT_REGEX regex](gitlab-org/security/gitlab@3e9f6cca867362cfbd70da79f47a6ce2481fef0e) ([merge request](gitlab-org/security/gitlab!3986))
- [Update BaseMessage::RELATIVE_LINK_REGEX regex](gitlab-org/security/gitlab@e5be5ad17ba7d09b923098382b16f8637f8cac31) ([merge request](gitlab-org/security/gitlab!3994))
- [Require confirmation before linking JWT identity](gitlab-org/security/gitlab@e889c09bd4bd3897badb73d79231f183881a20f4) ([merge request](gitlab-org/security/gitlab!3992))
- [Fix confidentiality check optimization](gitlab-org/security/gitlab@fb3635e8674859226a71c1a43d26655c908ce15b) ([merge request](gitlab-org/security/gitlab!4004))

Gitlab v16.10.5
Fixed (1 change):
- [Changed the email validation for only encoded chars](gitlab-org/security/gitlab@f7c8aa08b6bac4cfc9942166607ed482037e440f) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151484/))

Changed (1 change):
- [Return or display Gitlab version if GITLAB_KAS_VERSION is a SHA](gitlab-org/security/gitlab@0b3fa36f5dd06891b9e612cc8abc007368b27be3)

Security (11 changes):
- [Update GITHUB_MEDIA_CDN to avoid SSRF when importing from Github](gitlab-org/security/gitlab@0d7ee3cee127d629f12bfee309dbc55c8cc9c256) ([merge request](gitlab-org/security/gitlab!4012))
- [Prevent namespace banned users from reading project todos](gitlab-org/security/gitlab@8073a9aee49d9cad4923adaa2dbf0a6ad14ea9a6) ([merge request](gitlab-org/security/gitlab!3940))
- [ReDoS in GitRefsFinder when using wildcards in branch search](gitlab-org/security/gitlab@ba1ed3f62c2c454ec295636c66b4b1e4a2f8d990) ([merge request](gitlab-org/security/gitlab!3996))
- [ReDos in escape and commit reference filters](gitlab-org/security/gitlab@a1894c71a676f5b762bd951cf996f39e13a7725c) ([merge request](gitlab-org/security/gitlab!3973))
- [Validate request origin before MR approval](gitlab-org/security/gitlab@5279a01f625dc258a2f450ef2a7f65f63eb5d138) ([merge request](gitlab-org/security/gitlab!4008))
- [Check request size before updating user pins](gitlab-org/security/gitlab@914de75d86f9cf2a3275e2a48f35e19478d3aad4) ([merge request](gitlab-org/security/gitlab!4015))
- [Enforce per_page validation for Branches/TagsFinders](gitlab-org/security/gitlab@2ad4ddfb1fb705fec72771870624647443e7e55c) ([merge request](gitlab-org/security/gitlab!3999))
- [Update Integrations::Discord::ATTACHMENT_REGEX regex](gitlab-org/security/gitlab@3900a2e11afbca28d28bdf014e4c2f40b255236c) ([merge request](gitlab-org/security/gitlab!3987))
- [Update BaseMessage::RELATIVE_LINK_REGEX regex](gitlab-org/security/gitlab@f8641296f1bc0e944cee2685df703bcd72c4a556) ([merge request](gitlab-org/security/gitlab!3993))
- [Require confirmation before linking JWT identity](gitlab-org/security/gitlab@47382334fb05c3bef26719100e4281124dea606f) ([merge request](gitlab-org/security/gitlab!3991))
- [Fix confidentiality check optimization](gitlab-org/security/gitlab@3a6d5fbdea0f205695f0bf34cd5f64bec6ddbbd1) ([merge request](gitlab-org/security/gitlab!4003))

Gitlab v16.11.2
Fixed (1 change):
- [Changed the email validation for only encoded chars](gitlab-org/security/gitlab@d920615ba4a25ffc035ad6b8c26285815eeff4f9) ([merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151484/))

Changed (1 change):
- [Return or display Gitlab version if GITLAB_KAS_VERSION is a SHA](gitlab-org/security/gitlab@0f75cac19752463492bd3311b14c37c468f8ab0d)

Security (11 changes):
- [Update GITHUB_MEDIA_CDN to avoid SSRF when importing from Github](gitlab-org/security/gitlab@d09a2e9218ca0388e17c6e5810d73b1cdfaed965) ([merge request](gitlab-org/security/gitlab!4011))
- [Prevent namespace banned users from reading project todos](gitlab-org/security/gitlab@b3cc2799fe98e9a5a493545f5ff45098b9ba60fb) ([merge request](gitlab-org/security/gitlab!3968))
- [ReDoS in GitRefsFinder when using wildcards in branch search](gitlab-org/security/gitlab@1b2d2c2b4fb27eafd40ab4ef230f2b52d7b73747) ([merge request](gitlab-org/security/gitlab!3995))
- [ReDos in escape and commit reference filters](gitlab-org/security/gitlab@0b08bd7eebf65e4999574f3f856d996568c87fe6) ([merge request](gitlab-org/security/gitlab!3972))
- [Validate request origin before MR approval](gitlab-org/security/gitlab@ad8dfe033740952805ed677f26ff2ec391e4be82) ([merge request](gitlab-org/security/gitlab!4007))
- [Check request size before updating user pins](gitlab-org/security/gitlab@8f8110ed24f70c00f1bc69848af22f7fdd0caf57) ([merge request](gitlab-org/security/gitlab!4014))
- [Enforce per_page validation for Branches/TagsFinders](gitlab-org/security/gitlab@4655fca6ac2ecc340dd3bc50ddd6a74a8d00048f) ([merge request](gitlab-org/security/gitlab!3998))
- [Update Integrations::Discord::ATTACHMENT_REGEX regex](gitlab-org/security/gitlab@7d6c80a3768a7c0281647402990b67a4fa8a2c19) ([merge request](gitlab-org/security/gitlab!3988))
- [Update BaseMessage::RELATIVE_LINK_REGEX regex](gitlab-org/security/gitlab@52311b09ce70c1b3db8b7e7a49808467f76980b5) ([merge request](gitlab-org/security/gitlab!3989))
- [Require confirmation before linking JWT identity](gitlab-org/security/gitlab@2d84949cf6707d14ffd5a54290c605ff83bed6f6) ([merge request](gitlab-org/security/gitlab!3990))
- [Fix confidentiality check optimization](gitlab-org/security/gitlab@df63eb711d5d1f75147a4c5b3365559ed42af879) ([merge request](gitlab-org/security/gitlab!4002))

Jenkins 2.457
1. Remove tooltip when a widget is refreshed. (issue 72744))
2. Update bundled Script Security plugin from 1335.vf07d9ce377a_e to 1336.vf33a_a_9863911. (issue 73093))

Node.js v20.13.1

  • Version 20.13.1 'Iron' (LTS), @marco-ippolito
  • ### Revert "tools: install npm PowerShell scripts on Windows"
  • Due to a regression in the npm installation on Windows, this commit reverts the change that installed npm PowerShell scripts on Windows.

Node.js v20.13.0

  • Version 20.13.0 'Iron' (LTS), @marco-ippolito
  • ### buffer: improve `base64` and `base64url` performance
    • The performance of the `base64` and `base64url` encoding and decoding functions has been improved significantly.
  • ### crypto: deprecate implicitly shortened GCM tags
    • This release, introduces a doc-only deprecation of using GCM authentication tags that are shorter than the cipher's block size, unless the user specified the `authTagLength` option.
  • ### events,doc: mark CustomEvent as stable
    • From this release `CustomEvent` has been marked stable.
  • ### fs: add stacktrace to fs/promises
    • Sync functions in fs throwed an error with a stacktrace which is helpful for debugging. But functions in fs/promises throwed an error without a stacktrace. This commit adds stacktraces by calling `Error.captureStacktrace` and re-throwing the error.
    • Contributed by / green in [#49849](https://github.com/nodejs/node/pull/49849)
  • ### report: add `--report-exclude-network` option
    • New option `--report-exclude-network`, also available as `report.excludeNetwork`, enables the user to exclude networking interfaces in their diagnostic report. On some systems, this can cause the report to take minutes to generate so this option can be used to optimize that.
    • Contributed by Ethan Arrowood in [#51645](https://github.com/nodejs/node/pull/51645)
  • ### src: add uv_get_available_memory to report and process
    • From this release it is possible to get the available memory in the system by calling `process.getAvailableMemory()`.
  • ### stream: support typed arrays
    • This commit adds support for typed arrays in streams.
  • ### util: support array of formats in util.styleText
    • It is now possible to pass an array of format strings to `util.styleText` to apply multiple formats to the same text.
```js
console.log(util.styleText(['underline', 'italic'], 'My italic underlined message'));
```
  • ### v8: implement v8.queryObjects() for memory leak regression testing
    • This is similar to the queryObjects() console API provided by the Chromium DevTools console. It can be used to search for objects that have the matching constructor on its prototype chain in the heap after a full garbage collection, which can be useful for memory leak regression tests.
    • To avoid surprising results, users should avoid using this API on constructors whose implementation they don't control, or on constructors that can be invoked by other parties in the application.
    • To avoid accidental leaks, this API does not return raw references to the objects found. By default, it returns the count of the objects found. If options.format is 'summary', it returns an array containing brief string representations for each object. The visibility provided in this API is similar to what the heap snapshot provides, while users can save the cost of serialization and parsing and directly filer the target objects during the search.
    • We have been using this API internally for the test suite, which has been more stable than any other leak regression testing strategies in the CI. With a public implementation we can now use the public API instead.
```js
const { queryObjects } = require('node:v8');
class A { foo = 'bar'; }
console.log(queryObjects(A)); // 0
let a = new A();
console.log(queryObjects(A)); // 1
// [ "A { foo: 'bar' }" ]
console.log(queryObjects(A, { format: 'summary' }));
// Release the object.
a = null;
// Search again. queryObjects() includes a full garbage collection
// so a should disappear.
console.log(queryObjects(A)); // 0
class B extends A { bar = 'qux'; }
// The child class B's prototype has A's prototype on its prototype chain
// so the prototype object shows up too.
console.log(queryObjects(A, { format: 'summary' })); // [ A {}' ]
```
  • ### watch: mark as stable
    • From this release Watch Mode is considered stable.
    • When in watch mode, changes in the watched files cause the Node.js process to restart.

Other Notable Changes:
* [f8ad30048d] - **benchmark**: add AbortSignal.abort benchmarks (Raz Luvaton) [#52408](https://github.com/nodejs/node/pull/52408)
* [3b41da9a56] - **(SEMVER-MINOR)** **deps**: update simdutf to 5.0.0 (Daniel Lemire) [#52138](https://github.com/nodejs/node/pull/52138)
* [0a08c4a7b3] - **(SEMVER-MINOR)** **deps**: update undici to 6.3.0 (Node.js GitHub Bot) [#51462](https://github.com/nodejs/node/pull/51462)
* [f1b7bda4f5] - **(SEMVER-MINOR)** **deps**: update undici to 6.2.1 (Node.js GitHub Bot) [#51278](https://github.com/nodejs/node/pull/51278)
* [4acca8ed84] - **(SEMVER-MINOR)** **dns**: add order option and support ipv6first (Paolo Insogna) [#52492](https://github.com/nodejs/node/pull/52492)
* [cc67720ff9] - **doc**: update release gpg keyserver (marco-ippolito) [#52257](https://github.com/nodejs/node/pull/52257)
* [c2def7df96] - **doc**: add release key for marco-ippolito (marco-ippolito) [#52257](https://github.com/nodejs/node/pull/52257)
* [807c89cb26] - **doc**: add UlisesGascon as a collaborator (Ulises Gascón) [#51991](https://github.com/nodejs/node/pull/51991)
* [5e78a20ef9] - **(SEMVER-MINOR)** **doc**: deprecate fs.Stats public constructor (Marco Ippolito) [#51879](https://github.com/nodejs/node/pull/51879)
* [722fe64ff7] - **(SEMVER-MINOR)** **lib, url**: add a `windows` option to path parsing (Aviv Keller) [#52509](https://github.com/nodejs/node/pull/52509)
* [d116fa1568] - **(SEMVER-MINOR)** **net**: add CLI option for autoSelectFamilyAttemptTimeout (Paolo Insogna) [#52474](https://github.com/nodejs/node/pull/52474)
* [6af7b78b0d] - **(SEMVER-MINOR)** **src**: add `string_view` overload to snapshot FromBlob (Anna Henningsen) [#52595](https://github.com/nodejs/node/pull/52595)
* [b3a11b574b] - **(SEMVER-MINOR)** **src**: preload function for Environment (Cheng Zhao) [#51539](https://github.com/nodejs/node/pull/51539)
* [41646d9c9e] - **(SEMVER-MINOR)** **test_runner**: add suite() (Colin Ihrig) [#52127](https://github.com/nodejs/node/pull/52127)
* [fc9ba17f6c] - **(SEMVER-MINOR)** **test_runner**: add `test:complete` event to reflect execution order (Moshe Atlow) [#51909](https://github.com/nodejs/node/pull/51909)

PostgreSQL REL_12_19
E.1. Release 12.19
Release date: 2024-05-09:

  • This release contains a variety of fixes from 12.18. For information about new features in major release 12, see Section E.20 . The PostgreSQL community will stop releasing updates for the 12.X release series in November 2024. Users are encouraged to update to a newer release branch soon.

E.1.1. Migration to Version 12.19:

  • A dump/restore is not required for those running 12.X. However, if you are upgrading from a version earlier than 12.18, see Section E.2.

E.1.2. Changes:

  • Fix INSERT from multiple VALUES rows into a target column that is a domain over an array or composite type (Tom Lane) Such cases would either fail with surprising complaints about mismatched datatypes, or insert un- expected coercions that could lead to odd results.
  • Fix incorrect pruning of NULL partition when a table is partitioned on a boolean column and the query has a boolean IS NOT clause (David Rowley) A NULL value satisfies a clause such as boolcol  IS NOT FALSE , so pruning away a partition containing NULLs yielded incorrect answers.
  • Make ALTER FOREIGN TABLE SET SCHEMA  move any owned sequences into the new schema (Tom Lane). Moving a regular table to a new schema causes any sequences owned by the table to be moved to that schema too (along with indexes and constraints). This was overlooked for foreign tables, however.
  • Fix EXPLAIN 's counting of heap pages accessed by a bitmap heap scan (Melanie Plageman). Previously, heap pages that contain no visible tuples were not counted; but it seems more consistent to count all pages returned by the bitmap index scan.

1.) https://www.postgresql.org/list/pgsql-committers/
2.) https://git.postgresql.org/gitweb/?p=postgresql.git;a=summary

2428Release Notes:

  • Avoid deadlock during removal of orphaned temporary tables (Mikhail Zhilin). If the session that creates a temporary table crashes without removing the table, autovacuum will eventually try to remove the orphaned table. However, an incoming session that's been assigned the same temporary namespace will do that too. If a temporary table has a dependency (such as an owned sequence) then a deadlock could result between these two cleanup attempts.
  • Avoid race condition while examining per-relation frozen-XID values (Noah Misch). VACUUM's computation of per-database frozen-XID values from per-relation values could get con- fused by a concurrent update of those values by another VACUUM.
  • Disallow converting a table to a view within an outer SQL command that is using that table (Tom Lane). This avoids possible crashes.
  • Ensure that join conditions generated from equivalence classes are applied at the correct plan level (Tom Lane). In versions before PostgreSQL 16, it was possible for generated conditions to be evaluated below outer joins when they should be evaluated above (after) the outer join, leading to incorrect query results. All versions have a similar hazard when considering joins to UNION ALL trees that have constant outputs for the join column in some SELECT  arms.
  • Avoid unnecessary use of moving-aggregate mode with a non-moving window frame (Vallima-harajan G). When a plain aggregate is used as a window function, and the window frame start is specified as UNBOUNDED PRECEDING, the frame's head cannot move so we do not need to use the special (and more expensive) moving-aggregate mode. This optimization was intended all along, but due to a coding error it never triggered.
  • Avoid use of already-freed data while planning partition-wise joins under GEQO (Tom Lane). This would typically end in a crash or unexpected error message.
  • Fix incorrectly-reported statistics kind codes in “requested statistics kind X is not yet built”  error messages (David Rowley)
  • Be more careful with RECORD-returning functions in FROM (Tom Lane). The output columns of such a function call must be defined by an AS clause that specifies the column names and data types. If the actual function output value doesn't match that, an error is supposed to be thrown at runtime. However, some code paths would examine the actual value prematurely, and potentially issue strange errors or suffer assertion failures if it doesn't match expectations.
  • Fix confusion about the return rowtype of SQL-language procedures (Tom Lane). A procedure implemented in SQL language that returns a single composite-type column would cause an assertion failure or core dump.
  • Add protective stack depth checks to some recursive functions (Egor Chindyaskin)
  • Detect integer overflow when adding or subtracting an interval  to/from a timestamp (Joseph Koshakow). Some cases that should cause an out-of-range error produced an incorrect result instead.
  • Avoid race condition in pg_get_expr()  (Tom Lane)

2429Release Notes:

  • If the relation referenced by the argument is dropped concurrently, the function's intention is to return NULL, but sometimes it failed instead.
  • Fix detection of old transaction IDs in XID status functions (Karina Litskevich). Transaction IDs more than 231 transactions in the past could be misidentified as recent, leading to misbehavior of pg_xact_status()  or txid_status() .
  • Fix file descriptor leakage when an error is thrown while waiting in WaitEventSetWait  (Etsuro Fujita)
  • Throw an error if an index is accessed while it is being reindexed (Tom Lane). Previously this was just an assertion check, but promote it into a regular runtime error. This will provide a more on-point error message when reindexing a user-defined index expression that at- tempts to access its own table.
  • Ensure that index-only scans on name columns return a fully-padded value (David Rowley). The value physically stored in the index is truncated, and previously a pointer to that value was returned to callers. This provoked complaints when testing under valgrind. In theory it could result in crashes, though none have been reported.
  • Fix crash with DSM allocations larger than 4GB (Heikki Linnakangas)
  • Disconnect if a new server session's client socket cannot be put into non-blocking mode (Heikki Linnakangas). It was once theoretically possible for us to operate with a socket that's in blocking mode; but that hasn't worked fully in a long time, so fail at connection start rather than misbehave later.
  • Fix inadequate error reporting with OpenSSL 3.0.0 and later (Heikki Linnakangas, Tom Lane). System-reported errors passed through by OpenSSL were reported with a numeric error code rather than anything readable.
  • Avoid concurrent calls to bindtextdomain()  in libpq and ecpglib (Tom Lane). Although GNU gettext's implementation seems to be fine with concurrent calls, the version available on Windows is not.
  • Fix crash in ecpg's preprocessor if the program tries to redefine a macro that was defined on the preprocessor command line (Tom Lane)
  • In ecpg, avoid issuing false “unsupported feature will be passed to server”  warnings (Tom Lane)
  • Ensure that the string result of ecpg's intoasc()  function is correctly zero-terminated (Oleg Tselebrovskiy)
  • Fix pg_dumpall so that role comments, if present, will be dumped regardless of the setting of -- no-role-passwords  (Daniel Gustafsson, Álvaro Herrera)
  • Fix PL/pgSQL's parsing of single-line comments ( ---style comments) following expressions (Erik Wienhold, Tom Lane). This mistake caused parse errors if such a comment followed a WHEN expression in a PL/pgSQL CASE statement.
  • In contrib/amcheck , don't report false match failures due to short- versus long-header values (Andrey Borodin, Michael Zhilin)

2430Release Notes:

  • A variable-length datum in a heap tuple or index tuple could have either a short or a long header, depending on compression parameters that applied when it was made. Treat these cases as equiva- lent rather than complaining if there's a difference.
  • In contrib/postgres_fdw , avoid emitting requests to sort by a constant (David Rowley). This could occur in cases involving UNION ALL  with constant-emitting subqueries. Sorting by a constant is useless of course, but it also risks being misinterpreted by the remote server, leading to “ORDER BY position N is not in select list”  errors.
  • Make contrib/postgres_fdw  set the remote session's time zone to GMT not UTC (Tom Lane)
  • This should have the same results for practical purposes. However, GMT is recognized by hard- wired code in the server, while UTC is looked up in the timezone database. So the old code could fail in the unlikely event that the remote server's timezone database is missing entries.
  • In contrib/xml2 , avoid use of library functions that have been deprecated in recent versions of libxml2 (Dmitry Koval)
  • Fix incompatibility with LLVM 18 (Thomas Munro, Dmitry Dolgov)
  • Allow make check  to work with the musl C library (Thomas Munro, Bruce Momjian, Tom Lane)

PostgreSQL REL_13_15
E.1. Release 13.15:

  • This release contains a variety of fixes from 13.14. For information about new features in major release 13, see Section E.16 .

E.1.1. Migration to Version 13.15:

  • A dump/restore is not required for those running 13.X. However, if you are upgrading from a version earlier than 13.14, see Section E.2 .

E.1.2. Changes:

  • Fix INSERT from multiple VALUES rows into a target column that is a domain over an array or composite type (Tom Lane). Such cases would either fail with surprising complaints about mismatched datatypes, or insert unexpected coercions that could lead to odd results.
  • Fix incorrect pruning of NULL partition when a table is partitioned on a boolean column and the query has a boolean IS NOT clause (David Rowley) A NULL value satisfies a clause such as boolcol  IS NOT FALSE , so pruning away a partition containing NULLs yielded incorrect answers.
  • Make ALTER FOREIGN TABLE SET SCHEMA  move any owned sequences into the new schema (Tom Lane). Moving a regular table to a new schema causes any sequences owned by the table to be moved to that schema too (along with indexes and constraints). This was overlooked for foreign tables, however.
  • Fix EXPLAIN 's counting of heap pages accessed by a bitmap heap scan (Melanie Plageman). Previously, heap pages that contain no visible tuples were not counted; but it seems more consistent to count all pages returned by the bitmap index scan.
  • Avoid deadlock during removal of orphaned temporary tables (Mikhail Zhilin)

1.) https://www.postgresql.org/list/pgsql-committers/
2.) https://git.postgresql.org/gitweb/?p=postgresql.git;a=summary

2422Release Notes:

  • If the session that creates a temporary table crashes without removing the table, autovacuum will eventually try to remove the orphaned table. However, an incoming session that's been assigned the same temporary namespace will do that too. If a temporary table has a dependency (such as an owned sequence) then a deadlock could result between these two cleanup attempts.
  • Avoid race condition while examining per-relation frozen-XID values (Noah Misch). VACUUM's computation of per-database frozen-XID values from per-relation values could get confused by a concurrent update of those values by another VACUUM.
  • Disallow converting a table to a view within an outer SQL command that is using that table (Tom Lane). This avoids possible crashes.
  • Ensure that join conditions generated from equivalence classes are applied at the correct plan level (Tom Lane). In versions before PostgreSQL 16, it was possible for generated conditions to be evaluated below outer joins when they should be evaluated above (after) the outer join, leading to incorrect query results. All versions have a similar hazard when considering joins to UNION ALL  trees that have constant outputs for the join column in some SELECT  arms.
  • Avoid unnecessary use of moving-aggregate mode with a non-moving window frame (Vallimaharajan G). When a plain aggregate is used as a window function, and the window frame start is specified as UNBOUNDED PRECEDING, the frame's head cannot move so we do not need to use the special(and more expensive) moving-aggregate mode. This optimization was intended all along, but due to a coding error it never triggered.
  • Avoid use of already-freed data while planning partition-wise joins under GEQO (Tom Lane). This would typically end in a crash or unexpected error message.
  • Fix incorrectly-reported statistics kind codes in “requested statistics kind X is not yet built” error messages (David Rowley)
  • Be more careful with RECORD-returning functions in FROM (Tom Lane). The output columns of such a function call must be defined by an AS clause that specifies the column names and data types. If the actual function output value doesn't match that, an error is supposed to be thrown at runtime. However, some code paths would examine the actual value prematurely, and potentially issue strange errors or suffer assertion failures if it doesn't match expectations.
  • Fix confusion about the return rowtype of SQL-language procedures (Tom Lane). A procedure implemented in SQL language that returns a single composite-type column would cause an assertion failure or core dump.
  • Add protective stack depth checks to some recursive functions (Egor Chindyaskin)
  • Detect integer overflow when adding or subtracting an interval  to/from a timestamp  (Joseph Koshakow). Some cases that should cause an out-of-range error produced an incorrect result instead.
  • Avoid race condition in pg_get_expr()  (Tom Lane). If the relation referenced by the argument is dropped concurrently, the function's intention is to return NULL, but sometimes it failed instead.

2423Release Notes:

  • Fix detection of old transaction IDs in XID status functions (Karina Litskevich). Transaction IDs more than 231 transactions in the past could be misidentified as recent, leading to misbehavior of pg_xact_status()  or txid_status() .
  • Fix file descriptor leakage when an error is thrown while waiting in WaitEventSetWait  (Etsuro Fujita)
  • Throw an error if an index is accessed while it is being reindexed (Tom Lane). Previously this was just an assertion check, but promote it into a regular runtime error. This will provide a more on-point error message when reindexing a user-defined index expression that attempts to access its own table.
  • Ensure that index-only scans on name columns return a fully-padded value (David Rowley). The value physically stored in the index is truncated, and previously a pointer to that value was returned to callers. This provoked complaints when testing under valgrind. In theory it could result in crashes, though none have been reported.
  • Fix crash with DSM allocations larger than 4GB (Heikki Linnakangas)
  • Disconnect if a new server session's client socket cannot be put into non-blocking mode (Heikki Linnakangas). It was once theoretically possible for us to operate with a socket that's in blocking mode; but that hasn't worked fully in a long time, so fail at connection start rather than misbehave later.
  • Fix inadequate error reporting with OpenSSL 3.0.0 and later (Heikki Linnakangas, Tom Lane). System-reported errors passed through by OpenSSL were reported with a numeric error code rather than anything readable.
  • Avoid concurrent calls to bindtextdomain()  in libpq and ecpglib (Tom Lane). Although GNU gettext's implementation seems to be fine with concurrent calls, the version available on Windows is not.
  • Fix crash in ecpg's preprocessor if the program tries to redefine a macro that was defined on the preprocessor command line (Tom Lane)
  • In ecpg, avoid issuing false “unsupported feature will be passed to server”  warnings (Tom Lane)
  • Ensure that the string result of ecpg's intoasc()  function is correctly zero-terminated (Oleg Tselebrovskiy)
  • Fix pg_dumpall so that role comments, if present, will be dumped regardless of the setting of -- no-role-passwords  (Daniel Gustafsson, Álvaro Herrera)
  • Fix PL/pgSQL's parsing of single-line comments ( ---style comments) following expressions (Erik Wienhold, Tom Lane). This mistake caused parse errors if such a comment followed a WHEN expression in a PL/pgSQL CASE statement.
  • In contrib/amcheck , don't report false match failures due to short- versus long-header values (Andrey Borodin, Michael Zhilin). A variable-length datum in a heap tuple or index tuple could have either a short or a long header, depending on compression parameters that applied when it was made. Treat these cases as equivalent rather than complaining if there's a difference.

2424Release Notes:

  • In contrib/postgres_fdw , avoid emitting requests to sort by a constant (David Rowley). This could occur in cases involving UNION ALL  with constant-emitting subqueries. Sorting by a constant is useless of course, but it also risks being misinterpreted by the remote server, leading to “ORDER BY position N is not in select list”  errors.
  • Make contrib/postgres_fdw  set the remote session's time zone to GMT not UTC (Tom Lane). This should have the same results for practical purposes. However, GMT is recognized by hardwired code in the server, while UTC is looked up in the timezone database. So the old code could fail in the unlikely event that the remote server's timezone database is missing entries.
  • In contrib/xml2 , avoid use of library functions that have been deprecated in recent versions of libxml2 (Dmitry Koval)
  • Fix incompatibility with LLVM 18 (Thomas Munro, Dmitry Dolgov)
  • Allow make check  to work with the musl C library (Thomas Munro, Bruce Momjian, Tom Lane)

PostgreSQL REL_14_12
E.1. Release 14.12:

  • This release contains a variety of fixes from 14.11. For information about new features in major release 14, see Section E.13 .

E.1.1. Migration to Version 14.12:

  • A dump/restore is not required for those running 14.X. However, a security vulnerability was found in the system views pg_stats_ext  and pg_stats_ext_exprs , potentially allowing authenticated database users to see data they shouldn't. If this is of concern in your installation, follow the steps in the first changelog entry below to rectify it. Also, if you are upgrading from a version earlier than 14.11, see Section E.2 .

E.1.2. Changes:

  • Restrict visibility of pg_stats_ext  and pg_stats_ext_exprs  entries to the table owner (Nathan Bossart). These views failed to hide statistics for expressions that involve columns the accessing user does not have permission to read. View columns such as most_common_vals  might expose security-relevant data. The potential interactions here are not fully clear, so in the interest of erring on the side of safety, make rows in these views visible only to the owner of the associated table. The PostgreSQL Project thanks Lukas Fittl for reporting this problem. (CVE-2024-4317). By itself, this fix will only fix the behavior in newly initdb'd database clusters. If you wish to apply this change in an existing cluster, you will need to do the following:
  • 1.) Find the SQL script fix-CVE-2024-4317.sql  in the share directory of the PostgreSQL installation (typically located someplace like /usr/share/postgresql/ ). Be sure to use the script appropriate to your PostgreSQL major version. If you do not see this file, either your version is not vulnerable (only v14–v16 are affected) or your minor version is too old to have the fix.
  • 2.) In each database of the cluster, run the fix-CVE-2024-4317.sql  script as superuser. In psql this would look like

1.) https://www.postgresql.org/list/pgsql-committers/

2.) https://git.postgresql.org/gitweb/?p=postgresql.git;a=summary

2520Release Notes:

  • \i /usr/share/postgresql/fix-CVE-2024-4317.sql (adjust the file path as appropriate). Any error probably indicates that you've used the wrong script version. It will not hurt to run the script more than once.
  • Do not forget to include the template0  and template1  databases, or the vulnerability will still exist in databases you create later. To fix template0 , you'll need to temporarily make it accept connections. Do that with ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0 , undo it with ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
  • Fix INSERT from multiple VALUES rows into a target column that is a domain over an array or composite type (Tom Lane). Such cases would either fail with surprising complaints about mismatched datatypes, or insert unexpected coercions that could lead to odd results.
  • Fix incorrect pruning of NULL partition when a table is partitioned on a boolean column and the query has a boolean IS NOT clause (David Rowley). A NULL value satisfies a clause such as boolcol  IS NOT FALSE , so pruning away a partition containing NULLs yielded incorrect answers.
  • Make ALTER FOREIGN TABLE SET SCHEMA  move any owned sequences into the new schema (Tom Lane). Moving a regular table to a new schema causes any sequences owned by the table to be moved to that schema too (along with indexes and constraints). This was overlooked for foreign tables, however.
  • Improve ALTER TABLE ... ALTER COLUMN TYPE 's error message when there is a dependent function or publication (Tom Lane)
  • Fix EXPLAIN 's counting of heap pages accessed by a bitmap heap scan (Melanie Plageman). Previously, heap pages that contain no visible tuples were not counted; but it seems more consistent to count all pages returned by the bitmap index scan.
  • Avoid deadlock during removal of orphaned temporary tables (Mikhail Zhilin).If the session that creates a temporary table crashes without removing the table, autovacuum will eventually try to remove the orphaned table. However, an incoming session that's been assigned the same temporary namespace will do that too. If a temporary table has a dependency (such as an owned sequence) then a deadlock could result between these two cleanup attempts.
  • Avoid race condition while examining per-relation frozen-XID values (Noah Misch). VACUUM's computation of per-database frozen-XID values from per-relation values could get confused by a concurrent update of those values by another VACUUM.
  • Disallow converting a table to a view within an outer SQL command that is using that table (Tom Lane). This avoids possible crashes.

2521Release Notes:

  • Ensure that join conditions generated from equivalence classes are applied at the correct plan level (Tom Lane). In versions before PostgreSQL 16, it was possible for generated conditions to be evaluated below outer joins when they should be evaluated above (after) the outer join, leading to incorrect query results. All versions have a similar hazard when considering joins to UNION ALL  trees that have constant outputs for the join column in some SELECT  arms.
  • Avoid unnecessary use of moving-aggregate mode with a non-moving window frame (Vallimaharajan G). When a plain aggregate is used as a window function, and the window frame start is specified as UNBOUNDED PRECEDING, the frame's head cannot move so we do not need to use the special (and more expensive) moving-aggregate mode. This optimization was intended all along, but due to a coding error it never triggered.
  • Avoid use of already-freed data while planning partition-wise joins under GEQO (Tom Lane). This would typically end in a crash or unexpected error message.
  • Avoid freeing still-in-use data in Memoize (Tender Wang, Andrei Lepikhov). In production builds this error frequently didn't cause any problems, as the freed data would most likely not get overwritten before it was used.
  • Fix incorrectly-reported statistics kind codes in “requested statistics kind X is not yet built” error messages (David Rowley)
  • Be more careful with RECORD-returning functions in FROM (Tom Lane). The output columns of such a function call must be defined by an AS clause that specifies the column names and data types. If the actual function output value doesn't match that, an error is supposed to be thrown at runtime. However, some code paths would examine the actual value prematurely, and potentially issue strange errors or suffer assertion failures if it doesn't match expectations.
  • Fix confusion about the return rowtype of SQL-language procedures (Tom Lane). A procedure implemented in SQL language that returns a single composite-type column would cause an assertion failure or core dump.
  • Add protective stack depth checks to some recursive functions (Egor Chindyaskin)
  • Fix mis-rounding and overflow hazards in date_bin()  (Moaaz Assali). In the case where the source timestamp is before the origin timestamp and their difference is already an exact multiple of the stride, the code incorrectly subtracted the stride anyway. Also, detect some integer-overflow cases that would have produced incorrect results.
  • Detect integer overflow when adding or subtracting an interval  to/from a timestamp (Joseph Koshakow). Some cases that should cause an out-of-range error produced an incorrect result instead.
  • Avoid race condition in pg_get_expr() (Tom Lane). If the relation referenced by the argument is dropped concurrently, the function's intention is to return NULL, but sometimes it failed instead.
  • Fix detection of old transaction IDs in XID status functions (Karina Litskevich). Transaction IDs more than 231 transactions in the past could be misidentified as recent, leading to misbehavior of pg_xact_status()  or txid_status() .

2522Release Notes:

  • Ensure that a table's freespace map won't return a page that's past the end of the table (Ronan Dunklau). Because the freespace map isn't WAL-logged, this was possible in edge cases involving an OS crash, a replica promote, or a PITR restore. The result would be a “could not read block”  error.
  • Fix file descriptor leakage when an error is thrown while waiting in WaitEventSetWait  (Etsuro Fujita)
  • Avoid corrupting exception stack if an FDW implements async append but doesn't configure any wait conditions for the Append plan node to wait for (Alexander Pyhalov)
  • Throw an error if an index is accessed while it is being reindexed (Tom Lane). Previously this was just an assertion check, but promote it into a regular runtime error. This will provide a more on-point error message when reindexing a user-defined index expression that attempts to access its own table.
  • Ensure that index-only scans on name columns return a fully-padded value (David Rowley). The value physically stored in the index is truncated, and previously a pointer to that value was returned to callers. This provoked complaints when testing under valgrind. In theory it could result in crashes, though none have been reported.
  • Fix crash with DSM allocations larger than 4GB (Heikki Linnakangas)
  • Disconnect if a new server session's client socket cannot be put into non-blocking mode (Heikki Linnakangas). It was once theoretically possible for us to operate with a socket that's in blocking mode; but that hasn't worked fully in a long time, so fail at connection start rather than misbehave later. Fix inadequate error reporting with OpenSSL 3.0.0 and later (Heikki Linnakangas, Tom Lane). System-reported errors passed through by OpenSSL were reported with a numeric error code rather than anything readable.
  • Avoid concurrent calls to bindtextdomain()  in libpq and ecpglib (Tom Lane). Although GNU gettext's implementation seems to be fine with concurrent calls, the version available on Windows is not.
  • Fix crash in ecpg's preprocessor if the program tries to redefine a macro that was defined on the preprocessor command line (Tom Lane)
  • In ecpg, avoid issuing false “unsupported feature will be passed to server”  warnings (Tom Lane)
  • Ensure that the string result of ecpg's intoasc()  function is correctly zero-terminated (Oleg Tselebrovskiy)
  • Fix pg_dumpall so that role comments, if present, will be dumped regardless of the setting of -- no-role-passwords  (Daniel Gustafsson, Álvaro Herrera)
  • Fix PL/pgSQL's parsing of single-line comments ( ---style comments) following expressions (Erik Wienhold, Tom Lane). This mistake caused parse errors if such a comment followed a WHEN expression in a PL/pgSQL CASE statement.
  • In contrib/amcheck , don't report false match failures due to short- versus long-header values (Andrey Borodin, Michael Zhilin)

2523Release Notes:

  • A variable-length datum in a heap tuple or index tuple could have either a short or a long header, depending on compression parameters that applied when it was made. Treat these cases as equivalent rather than complaining if there's a difference.
  • Fix bugs in BRIN output functions (Tomas Vondra). These output functions are only used for displaying index entries in contrib/pageinspect, so the errors are of limited practical concern.
  • In contrib/postgres_fdw , avoid emitting requests to sort by a constant (David Rowley). This could occur in cases involving UNION ALL  with constant-emitting subqueries. Sorting by a constant is useless of course, but it also risks being misinterpreted by the remote server, leading to “ORDER BY position N is not in select list”  errors.
  • Make contrib/postgres_fdw  set the remote session's time zone to GMT not UTC (Tom Lane). This should have the same results for practical purposes. However, GMT is recognized by hardwired code in the server, while UTC is looked up in the timezone database. So the old code could fail in the unlikely event that the remote server's timezone database is missing entries.
  • In contrib/xml2 , avoid use of library functions that have been deprecated in recent versions of libxml2 (Dmitry Koval)
  • Fix incompatibility with LLVM 18 (Thomas Munro, Dmitry Dolgov)
  • Allow make check  to work with the musl C library (Thomas Munro, Bruce Momjian, Tom Lane)

PostgreSQL REL_15_7
E.1. Release 15.7:

  • This release contains a variety of fixes from 15.6. For information about new features in major release 15, see Section E.8 .

E.1.1. Migration to Version 15.7:

  • A dump/restore is not required for those running 15.X. However, a security vulnerability was found in the system views pg_stats_ext  and pg_stats_ext_exprs , potentially allowing authenticated database users to see data they shouldn't. If this is of concern in your installation, follow the steps in the first changelog entry below to rectify it. Also, if you are upgrading from a version earlier than 15.6, see Section E.2 .

E.1.2. Changes:

  • Restrict visibility of pg_stats_ext  and pg_stats_ext_exprs  entries to the table owner (Nathan Bossart). These views failed to hide statistics for expressions that involve columns the accessing user does not have permission to read. View columns such as most_common_vals  might expose security-relevant data. The potential interactions here are not fully clear, so in the interest of erring on the side of safety, make rows in these views visible only to the owner of the associated table. The PostgreSQL Project thanks Lukas Fittl for reporting this problem. (CVE-2024-4317). By itself, this fix will only fix the behavior in newly initdb'd database clusters. If you wish to apply this change in an existing cluster, you will need to do the following:
  • 1.) Find the SQL script fix-CVE-2024-4317.sql  in the share directory of the PostgreSQL installation (typically located someplace like /usr/share/postgresql/ ). Be sure to use the script appropriate to your PostgreSQL major version. If you do not see this file, either your version is not vulnerable (only v14–v16 are affected) or your minor version is too old to have the fix.
  • 2.) In each database of the cluster, run the fix-CVE-2024-4317.sql  script as superuser. In psql this would look like

1.) https://www.postgresql.org/list/pgsql-committers/
2.) https://git.postgresql.org/gitweb/?p=postgresql.git;a=summary

2574Release Notes:

  • \i /usr/share/postgresql/fix-CVE-2024-4317.sql (adjust the file path as appropriate). Any error probably indicates that you've used the wrong script version. It will not hurt to run the script more than once.
  • Do not forget to include the template0  and template1  databases, or the vulnerability will still exist in databases you create later. To fix template0 , you'll need to temporarily make it accept connections. Do that with ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0 , undo it with ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
  • Fix INSERT from multiple VALUES rows into a target column that is a domain over an array or composite type (Tom Lane). Such cases would either fail with surprising complaints about mismatched datatypes, or insert unexpected coercions that could lead to odd results.
  • Require SELECT privilege on the target table for MERGE with a DO NOTHING  clause (Álvaro Herrera). SELECT privilege would be required in all practical cases anyway, but require it even if the query reads no columns of the target table. This avoids an edge case in which MERGE would require no privileges whatever, which seems undesirable even when it's a do-nothing command.
  • Fix handling of self-modified tuples in MERGE (Dean Rasheed). Throw an error if a target row joins to more than one source row, as required by the SQL standard. (The previous coding could silently ignore this condition if a concurrent update was involved.) Also, throw a non-misleading error if a target row is already updated by a later command in the current transaction, thanks to a BEFORE trigger or a volatile function used in the query.
  • Fix incorrect pruning of NULL partition when a table is partitioned on a boolean column and the query has a boolean IS NOT clause (David Rowley). A NULL value satisfies a clause such as boolcol  IS NOT FALSE , so pruning away a partition containing NULLs yielded incorrect answers.
  • Make ALTER FOREIGN TABLE SET SCHEMA  move any owned sequences into the new schema (Tom Lane). Moving a regular table to a new schema causes any sequences owned by the table to be moved to that schema too (along with indexes and constraints). This was overlooked for foreign tables, however.
  • Make ALTER TABLE ... ADD COLUMN  create identity/serial sequences with the same persistence as their owning tables (Peter Eisentraut). CREATE UNLOGGED TABLE  will make any owned sequences be unlogged too. ALTER TABLE missed that consideration, so that an added identity column would have a logged sequence, which seems pointless.
  • Improve ALTER TABLE ... ALTER COLUMN TYPE 's error message when there is a dependent function or publication (Tom Lane)
  • In CREATE DATABASE , recognize strategy keywords case-insensitively for consistency with other options (Tomas Vondra)

2575Release Notes:

  • Fix EXPLAIN 's counting of heap pages accessed by a bitmap heap scan (Melanie Plageman). Previously, heap pages that contain no visible tuples were not counted; but it seems more consistent to count all pages returned by the bitmap index scan.
  • Fix EXPLAIN 's output for subplans in MERGE (Dean Rasheed). EXPLAIN  would sometimes fail to properly display subplan Params referencing variables in other parts of the plan tree.
  • Avoid deadlock during removal of orphaned temporary tables (Mikhail Zhilin). If the session that creates a temporary table crashes without removing the table, autovacuum will eventually try to remove the orphaned table. However, an incoming session that's been assigned the same temporary namespace will do that too. If a temporary table has a dependency (such as an owned sequence) then a deadlock could result between these two cleanup attempts.
  • Avoid race condition while examining per-relation frozen-XID values (Noah Misch). VACUUM's computation of per-database frozen-XID values from per-relation values could get confused by a concurrent update of those values by another VACUUM.
  • Fix buffer usage reporting for parallel vacuuming (Anthonin Bonnefoy). Buffer accesses performed by parallel workers were not getting counted in the statistics reported in VERBOSE  mode.
  • Disallow converting a table to a view within an outer SQL command that is using that table (Tom Lane). This avoids possible crashes.
  • Ensure that join conditions generated from equivalence classes are applied at the correct plan level (Tom Lane). In versions before PostgreSQL 16, it was possible for generated conditions to be evaluated below outer joins when they should be evaluated above (after) the outer join, leading to incorrect query results. All versions have a similar hazard when considering joins to UNION ALL  trees that have constant outputs for the join column in some SELECT  arms.
  • Prevent potentially-incorrect optimization of some window functions (David Rowley). Disable “run condition”  optimization of ntile()  and count()  with non-constant arguments. This avoids possible misbehavior with sub-selects, typically leading to errors like “WindowFunc not found in subplan target lists”.
  • Avoid unnecessary use of moving-aggregate mode with a non-moving window frame (Vallimaharajan G) When a plain aggregate is used as a window function, and the window frame start is specified as UNBOUNDED PRECEDING, the frame's head cannot move so we do not need to use the special (and more expensive) moving-aggregate mode. This optimization was intended all along, but due to a coding error it never triggered.
  • Avoid use of already-freed data while planning partition-wise joins under GEQO (Tom Lane). This would typically end in a crash or unexpected error message.
  • Avoid freeing still-in-use data in Memoize (Tender Wang, Andrei Lepikhov). In production builds this error frequently didn't cause any problems, as the freed data would most likely not get overwritten before it was used.

2576Release Notes:

  • Fix incorrectly-reported statistics kind codes in “requested statistics kind X is not yet built”  error messages (David Rowley)
  • Be more careful with RECORD-returning functions in FROM (Tom Lane). The output columns of such a function call must be defined by an AS clause that specifies the column names and data types. If the actual function output value doesn't match that, an error is supposed to be thrown at runtime. However, some code paths would examine the actual value prematurely, and potentially issue strange errors or suffer assertion failures if it doesn't match expectations.
  • Fix confusion about the return rowtype of SQL-language procedures (Tom Lane). A procedure implemented in SQL language that returns a single composite-type column would cause an assertion failure or core dump.
  • Add protective stack depth checks to some recursive functions (Egor Chindyaskin)
  • Fix mis-rounding and overflow hazards in date_bin()  (Moaaz Assali). In the case where the source timestamp is before the origin timestamp and their difference is already an exact multiple of the stride, the code incorrectly subtracted the stride anyway. Also, detect some integer-overflow cases that would have produced incorrect results.
  • Detect integer overflow when adding or subtracting an interval  to/from a timestamp  (Joseph Koshakow). Some cases that should cause an out-of-range error produced an incorrect result instead.
  • Avoid race condition in pg_get_expr()  (Tom Lane). If the relation referenced by the argument is dropped concurrently, the function's intention is to return NULL, but sometimes it failed instead.
  • Fix detection of old transaction IDs in XID status functions (Karina Litskevich). Transaction IDs more than 231 transactions in the past could be misidentified as recent, leading to misbehavior of pg_xact_status()  or txid_status() .
  • Ensure that a table's freespace map won't return a page that's past the end of the table (Ronan Dunklau) Because the freespace map isn't WAL-logged, this was possible in edge cases involving an OS crash, a replica promote, or a PITR restore. The result would be a “could not read block”  error.
  • Fix file descriptor leakage when an error is thrown while waiting in WaitEventSetWait  (Etsuro Fujita)
  • Avoid corrupting exception stack if an FDW implements async append but doesn't configure any wait conditions for the Append plan node to wait for (Alexander Pyhalov)
  • Throw an error if an index is accessed while it is being reindexed (Tom Lane). Previously this was just an assertion check, but promote it into a regular runtime error. This will provide a more on-point error message when reindexing a user-defined index expression that attempts to access its own table.
  • Ensure that index-only scans on name columns return a fully-padded value (David Rowley). The value physically stored in the index is truncated, and previously a pointer to that value was returned to callers. This provoked complaints when testing under valgrind. In theory it could result in crashes, though none have been reported.

2577Release Notes:

  • Fix race condition in deciding whether a table sync operation is needed in logical replication (Vignesh C). An invalidation event arriving while a subscriber identifies which tables need to be synced would be forgotten about, so that any tables newly in need of syncing might not get processed in a timely fashion.
  • Fix crash with DSM allocations larger than 4GB (Heikki Linnakangas)
  • Disconnect if a new server session's client socket cannot be put into non-blocking mode (Heikki Linnakangas). It was once theoretically possible for us to operate with a socket that's in blocking mode; but that hasn't worked fully in a long time, so fail at connection start rather than misbehave later.
  • Fix inadequate error reporting with OpenSSL 3.0.0 and later (Heikki Linnakangas, Tom Lane). System-reported errors passed through by OpenSSL were reported with a numeric error code rather than anything readable.
  • Avoid concurrent calls to bindtextdomain()  in libpq and ecpglib (Tom Lane). Although GNU gettext's implementation seems to be fine with concurrent calls, the version available on Windows is not.
  • Fix crash in ecpg's preprocessor if the program tries to redefine a macro that was defined on the preprocessor command line (Tom Lane)
  • In ecpg, avoid issuing false “unsupported feature will be passed to server”  warnings (Tom Lane)
  • Ensure that the string result of ecpg's intoasc()  function is correctly zero-terminated (Oleg Tselebrovskiy)
  • In psql, avoid leaking a query result after the query is cancelled (Tom Lane). This happened only when cancelling a non-last query in a query string made with \; separators.
  • Fix pg_dumpall so that role comments, if present, will be dumped regardless of the setting of -- no-role-passwords  (Daniel Gustafsson, Álvaro Herrera)
  • Skip files named .DS_Store  in pg_basebackup, pg_checksums, and pg_rewind (Daniel Gustafsson) This avoids problems on macOS, where the Finder may create such files.
  • Fix PL/pgSQL's parsing of single-line comments ( ---style comments) following expressions (Erik Wienhold, Tom Lane). This mistake caused parse errors if such a comment followed a WHEN expression in a PL/pgSQL CASE statement.
  • In contrib/amcheck , don't report false match failures due to short- versus long-header values (Andrey Borodin, Michael Zhilin). A variable-length datum in a heap tuple or index tuple could have either a short or a long header, depending on compression parameters that applied when it was made. Treat these cases as equivalent rather than complaining if there's a difference.
  • Fix bugs in BRIN output functions (Tomas Vondra). These output functions are only used for displaying index entries in contrib/pageinspect , so the errors are of limited practical concern.

2578Release Notes:

  • In contrib/postgres_fdw , avoid emitting requests to sort by a constant (David Rowley). This could occur in cases involving UNION ALL  with constant-emitting subqueries. Sorting by a constant is useless of course, but it also risks being misinterpreted by the remote server, leading to “ORDER BY position N is not in select list”  errors.
  • Make contrib/postgres_fdw  set the remote session's time zone to GMT not UTC (Tom Lane). This should have the same results for practical purposes. However, GMT is recognized by hardwired code in the server, while UTC is looked up in the timezone database. So the old code could fail in the unlikely event that the remote server's timezone database is missing entries.
  • In contrib/xml2 , avoid use of library functions that have been deprecated in recent versions of libxml2 (Dmitry Koval)
  • Fix incompatibility with LLVM 18 (Thomas Munro, Dmitry Dolgov)
  • Allow make check  to work with the musl C library (Thomas Munro, Bruce Momjian, Tom Lane)

PostgreSQL REL_16_3
E.1. Release 16.3:

  • This release contains a variety of fixes from 16.2. For information about new features in major release 16, see Section E.4 .

E.1.1. Migration to Version 16.3:

  • A dump/restore is not required for those running 16.X. However, a security vulnerability was found in the system views pg_stats_ext  and pg_stats_ext_exprs , potentially allowing authenticated database users to see data they shouldn't. If this is of concern in your installation, follow the steps in the first changelog entry below to rectify it. Also, if you are upgrading from a version earlier than 16.2, see Section E.2 .

E.1.2. Changes:

  • Restrict visibility of pg_stats_ext  and pg_stats_ext_exprs  entries to the table owner (Nathan Bossart). These views failed to hide statistics for expressions that involve columns the accessing user does not have permission to read. View columns such as most_common_vals  might expose security-relevant data. The potential interactions here are not fully clear, so in the interest of erring on the side of safety, make rows in these views visible only to the owner of the associated table. The PostgreSQL Project thanks Lukas Fittl for reporting this problem. (CVE-2024-4317). By itself, this fix will only fix the behavior in newly initdb'd database clusters. If you wish to apply this change in an existing cluster, you will need to do the following:
  • 1.Find the SQL script fix-CVE-2024-4317.sql  in the share directory of the PostgreSQL installation (typically located someplace like /usr/share/postgresql/ ). Be sure to use the script appropriate to your PostgreSQL major version. If you do not see this file, either your version is not vulnerable (only v14–v16 are affected) or your minor version is too old to have the fix.
  • 2.) In each database of the cluster, run the fix-CVE-2024-4317.sql  script as superuser. In psql this would look like

1.) https://www.postgresql.org/list/pgsql-committers/
2.) https://git.postgresql.org/gitweb/?p=postgresql.git;a=summary

2627Release Notes:

  • \i /usr/share/postgresql/fix-CVE-2024-4317.sql (adjust the file path as appropriate). Any error probably indicates that you've used the wrong script version. It will not hurt to run the script more than once.
  •  Do not forget to include the template0  and template1  databases, or the vulnerability will still exist in databases you create later. To fix template0 , you'll need to temporarily make it accept connections. Do that with ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0 , undo it with ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
  • Fix INSERT from multiple VALUES rows into a target column that is a domain over an array or composite type (Tom Lane). Such cases would either fail with surprising complaints about mismatched datatypes, or insert unexpected coercions that could lead to odd results.
  • Require SELECT privilege on the target table for MERGE with a DO NOTHING  clause (Álvaro Herrera). SELECT privilege would be required in all practical cases anyway, but require it even if the query reads no columns of the target table. This avoids an edge case in which MERGE would require no privileges whatever, which seems undesirable even when it's a do-nothing command.
  • Fix handling of self-modified tuples in MERGE (Dean Rasheed). Throw an error if a target row joins to more than one source row, as required by the SQL standard. (The previous coding could silently ignore this condition if a concurrent update was involved.) Also, throw a non-misleading error if a target row is already updated by a later command in the current transaction, thanks to a BEFORE trigger or a volatile function used in the query.
  • Fix incorrect pruning of NULL partition when a table is partitioned on a boolean column and the query has a boolean IS NOT clause (David Rowley). A NULL value satisfies a clause such as boolcol  IS NOT FALSE , so pruning away a partition containing NULLs yielded incorrect answers.
  • Make ALTER FOREIGN TABLE SET SCHEMA  move any owned sequences into the new schema (Tom Lane). Moving a regular table to a new schema causes any sequences owned by the table to be moved to that schema too (along with indexes and constraints). This was overlooked for foreign tables, however.
  • Make ALTER TABLE ... ADD COLUMN  create identity/serial sequences with the same persistence as their owning tables (Peter Eisentraut). CREATE UNLOGGED TABLE  will make any owned sequences be unlogged too. ALTER TABLE missed that consideration, so that an added identity column would have a logged sequence, which seems pointless.
  • Improve ALTER TABLE ... ALTER COLUMN TYPE 's error message when there is a dependent function or publication (Tom Lane)
  • In CREATE DATABASE , recognize strategy keywords case-insensitively for consistency with other options (Tomas Vondra) 

2628Release Notes:

  • Fix EXPLAIN 's counting of heap pages accessed by a bitmap heap scan (Melanie Plageman). Previously, heap pages that contain no visible tuples were not counted; but it seems more consistent to count all pages returned by the bitmap index scan.
  • Fix EXPLAIN 's output for subplans in MERGE (Dean Rasheed). EXPLAIN  would sometimes fail to properly display subplan Params referencing variables in other parts of the plan tree.
  • Avoid deadlock during removal of orphaned temporary tables (Mikhail Zhilin). If the session that creates a temporary table crashes without removing the table, autovacuum will eventually try to remove the orphaned table. However, an incoming session that's been assigned the same temporary namespace will do that too. If a temporary table has a dependency (such as an owned sequence) then a deadlock could result between these two cleanup attempts.
  • Fix updating of visibility map state in VACUUM with the DISABLE_PAGE_SKIPPING option (Heikki Linnakangas). Due to an oversight, this mode caused all heap pages to be dirtied, resulting in excess I/O. Also, visibility map bits that were incorrectly set would not get cleared.
  • Avoid race condition while examining per-relation frozen-XID values (Noah Misch). VACUUM's computation of per-database frozen-XID values from per-relation values could get confused by a concurrent update of those values by another VACUUM.
  • Fix buffer usage reporting for parallel vacuuming (Anthonin Bonnefoy). Buffer accesses performed by parallel workers were not getting counted in the statistics reported in VERBOSE  mode.
  • Ensure that join conditions generated from equivalence classes are applied at the correct plan level (Tom Lane). In versions before PostgreSQL 16, it was possible for generated conditions to be evaluated below outer joins when they should be evaluated above (after) the outer join, leading to incorrect query results. All versions have a similar hazard when considering joins to UNION ALL trees that have constant outputs for the join column in some SELECT  arms.
  • Fix “could not find pathkey item to sort”  errors occurring while planning aggregate functions with ORDER BY  or DISTINCT  options (David Rowley). This is similar to a fix applied in 16.1, but it solves the problem for parallel plans.
  • Prevent potentially-incorrect optimization of some window functions (David Rowley). Disable “run condition”  optimization of ntile()  and count()  with non-constant arguments. This avoids possible misbehavior with sub-selects, typically leading to errors like “WindowFunc not found in subplan target lists”.
  • Avoid unnecessary use of moving-aggregate mode with a non-moving window frame (Vallimaharajan G) When a plain aggregate is used as a window function, and the window frame start is specified as UNBOUNDED PRECEDING , the frame's head cannot move so we do not need to use the special (and more expensive) moving-aggregate mode. This optimization was intended all along, but due to a coding error it never triggered.
  • Avoid use of already-freed data while planning partition-wise joins under GEQO (Tom Lane)

2629Release Notes: 

  • This would typically end in a crash or unexpected error message.
  • Avoid freeing still-in-use data in Memoize (Tender Wang, Andrei Lepikhov). In production builds this error frequently didn't cause any problems, as the freed data would most likely not get overwritten before it was used.
  • Fix incorrectly-reported statistics kind codes in “requested statistics kind X is not yet built”  error messages (David Rowley)
  • Use a hash table instead of linear search for “catcache list” objects (Tom Lane). This change solves performance problems that were reported for certain operations in installations with many thousands of roles.
  • Be more careful with RECORD-returning functions in FROM (Tom Lane). The output columns of such a function call must be defined by an AS clause that specifies the column names and data types. If the actual function output value doesn't match that, an error is supposed to be thrown at runtime. However, some code paths would examine the actual value prematurely, and potentially issue strange errors or suffer assertion failures if it doesn't match expectations.
  • Fix confusion about the return rowtype of SQL-language procedures (Tom Lane). A procedure implemented in SQL language that returns a single composite-type column would. cause an assertion failure or core dump.
  • Add protective stack depth checks to some recursive functions (Egor Chindyaskin)
  • Fix mis-rounding and overflow hazards in date_bin()  (Moaaz Assali). In the case where the source timestamp is before the origin timestamp and their difference is already an exact multiple of the stride, the code incorrectly subtracted the stride anyway. Also, detect some integer-overflow cases that would have produced incorrect results.
  • Detect integer overflow when adding or subtracting an interval  to/from a timestamp (Joseph Koshakow). Some cases that should cause an out-of-range error produced an incorrect result instead.
  • Avoid race condition in pg_get_expr()  (Tom Lane). If the relation referenced by the argument is dropped concurrently, the function's intention is to return NULL, but sometimes it failed instead.
  • Fix detection of old transaction IDs in XID status functions (Karina Litskevich). Transaction IDs more than 231 transactions in the past could be misidentified as recent, leading to misbehavior of pg_xact_status()  or txid_status() .
  • Ensure that a table's freespace map won't return a page that's past the end of the table (Ronan Dunklau). Because the freespace map isn't WAL-logged, this was possible in edge cases involving an OS crash, a replica promote, or a PITR restore. The result would be a “could not read block”  error.
  • Fix file descriptor leakage when an error is thrown while waiting in WaitEventSetWait (Etsuro Fujita)
  • Avoid corrupting exception stack if an FDW implements async append but doesn't configure any wait conditions for the Append plan node to wait for (Alexander Pyhalov)

2630Release Notes:

  • Throw an error if an index is accessed while it is being reindexed (Tom Lane). Previously this was just an assertion check, but promote it into a regular runtime error. This will provide a more on-point error message when reindexing a user-defined index expression that at- tempts to access its own table.
  • Ensure that index-only scans on name columns return a fully-padded value (David Rowley). The value physically stored in the index is truncated, and previously a pointer to that value was returned to callers. This provoked complaints when testing under valgrind. In theory it could result in crashes, though none have been reported.Fix race condition that could lead to reporting an incorrect conflict cause when invalidating a replication slot (Bertrand Drouvot)
  • Fix race condition in deciding whether a table sync operation is needed in logical replication (Vignesh C) An invalidation event arriving while a subscriber identifies which tables need to be synced would be forgotten about, so that any tables newly in need of syncing might not get processed in a timely fashion.
  • Fix crash with DSM allocations larger than 4GB (Heikki Linnakangas)
  • Disconnect if a new server session's client socket cannot be put into non-blocking mode (Heikki Linnakangas). It was once theoretically possible for us to operate with a socket that's in blocking mode; but that hasn't worked fully in a long time, so fail at connection start rather than misbehave later.
  • Fix inadequate error reporting with OpenSSL 3.0.0 and later (Heikki Linnakangas, Tom Lane). System-reported errors passed through by OpenSSL were reported with a numeric error code rather than anything readable.
  • Fix thread-safety of error reporting for getaddrinfo()  on Windows (Thomas Munro). A multi-threaded libpq client program could get an incorrect or corrupted error message after a network lookup failure.
  • Avoid concurrent calls to bindtextdomain()  in libpq and ecpglib (Tom Lane). Although GNU gettext's implementation seems to be fine with concurrent calls, the version available on Windows is not.
  • Fix crash in ecpg's preprocessor if the program tries to redefine a macro that was defined on the preprocessor command line (Tom Lane)
  • In ecpg, avoid issuing false “unsupported feature will be passed to server”  warnings (Tom Lane)
  • Ensure that the string result of ecpg's intoasc()  function is correctly zero-terminated (Oleg Tselebrovskiy)
  • In initdb's -c option, match parameter names case-insensitively (Tom Lane). The server treats parameter names case-insensitively, so this code should too. This avoids putting redundant entries into the generated postgresql.conf  file.
  • In psql, avoid leaking a query result after the query is cancelled (Tom Lane). This happened only when cancelling a non-last query in a query string made with \; separators.

2631Release Notes:

  • Fix pg_dumpall so that role comments, if present, will be dumped regardless of the setting of -- no-role-passwords  (Daniel Gustafsson, Álvaro Herrera)
  • Skip files named .DS_Store  in pg_basebackup, pg_checksums, and pg_rewind (Daniel Gustafs-son). This avoids problems on macOS, where the Finder may create such files.
  • Fix PL/pgSQL's parsing of single-line comments ( ---style comments) following expressions (Erik Wienhold, Tom Lane). This mistake caused parse errors if such a comment followed a WHEN expression in a PL/pgSQL CASE statement.
  • In contrib/amcheck , don't report false match failures due to short- versus long-header values (Andrey Borodin, Michael Zhilin). A variable-length datum in a heap tuple or index tuple could have either a short or a long header, depending on compression parameters that applied when it was made. Treat these cases as equivalent rather than complaining if there's a difference.
  • Fix bugs in BRIN output functions (Tomas Vondra). These output functions are only used for displaying index entries in contrib/pageinspect, so the errors are of limited practical concern.
  • In contrib/postgres_fdw , avoid emitting requests to sort by a constant (David Rowley). This could occur in cases involving UNION ALL  with constant-emitting subqueries. Sorting by a constant is useless of course, but it also risks being misinterpreted by the remote server, leading to “ORDER BY position N is not in select list”  errors.
  • Make contrib/postgres_fdw  set the remote session's time zone to GMT not UTC (Tom Lane)
  • This should have the same results for practical purposes. However, GMT is recognized by hard-wired code in the server, while UTC is looked up in the timezone database. So the old code could fail in the unlikely event that the remote server's timezone database is missing entries.
  • In contrib/xml2 , avoid use of library functions that have been deprecated in recent versions of libxml2 (Dmitry Koval)
  • Fix incompatibility with LLVM 18 (Thomas Munro, Dmitry Dolgov)
  • Allow make check  to work with the musl C library (Thomas Munro, Bruce Momjian, Tom Lane)

Prometheus 2.52.0
[CHANGE] TSDB: Fix the predicate checking for blocks which are beyond the retention period to include the ones right at the retention boundary.#9633
[FEATURE] Kubernetes SD: Add a new metricprometheus_sd_kubernetes_failures_totalto track failed requests to Kubernetes API.#13554
[FEATURE] Kubernetes SD: Add node and zone metadata labels when using the endpointslice role.#13935
[FEATURE] Azure SD/Remote Write: Allow usage of Azure authorization SDK.#13099
[FEATURE] Alerting: Support native histogram templating.#13731
[FEATURE] Linode SD: Support IPv6 range discovery and region filtering.#13774
[ENHANCEMENT] PromQL: Performance improvements for queries with regex matchers.#13461
[ENHANCEMENT] PromQL: Performance improvements when using aggregation operators.#13744
[ENHANCEMENT] PromQL: Validate label_join destination label.#13803
[ENHANCEMENT] Scrape: Incrementprometheus_target_scrapes_sample_duplicate_timestamp_totalmetric on duplicated series during one scrape.#12933
[ENHANCEMENT] TSDB: Many improvements in performance.#13742#13673#13782
[ENHANCEMENT] TSDB: Pause regular block compactions if the head needs to be compacted (prioritize head as it increases memory consumption).#13754
[ENHANCEMENT] Observability: Improved logging during signal handling termination.#13772
[ENHANCEMENT] Observability: All log lines for drop series use "num_dropped" key consistently.#13823
[ENHANCEMENT] Observability: Log chunk snapshot and mmaped chunk replay duration during WAL replay.#13838
[ENHANCEMENT] Observability: Log if the block is being created from WBL during compaction.#13846
[BUGFIX] PromQL: Fix inaccurate sample number statistic when querying histograms.#13667
[BUGFIX] PromQL: Fixhistogram_stddevandhistogram_stdvarfor cases where the histogram has negative buckets.#13852
[BUGFIX] PromQL: Fix possible duplicated label name and values in a metric result for specific queries.#13845
[BUGFIX] Scrape: Fix setting native histogram schema factor during scrape.#13846
[BUGFIX] TSDB: Fix counting of histogram samples when creating WAL checkpoint stats.#13776
[BUGFIX] TSDB: Fix cases of compacting empty heads.#13755
[BUGFIX] TSDB: Count float histograms in WAL checkpoint.#13844
[BUGFIX] Remote Read: Fix memory leak due to broken requests.#13777
[BUGFIX] API: Stop building response for/api/v1/series/when the API request was cancelled.#13766
[BUGFIX] promtool: Fix panic onpromtool tsdb analyze --extendedwhen no native histograms are present.#13976

View all OpenUpdate editions >