supported versions of our database system, including 9.6.5, 9.5.9,
9.4.14, 9.3.19, and 9.2.23.
This release includes fixes that prevent a crash in pg_restore when
using parallel mode. It also patches over a few other bugs reported
since the last releases in August.
Additionally, in 9.4.14 only, there is a fix to an issue with walsenders
preventing primary-server shutdown unless immediate shutdown mode is used.
Users should plan to update at the next convenient downtime.
Bug Fixes and Improvements
This update also fixes a number of bugs reported in the last few weeks.
Some of these issues affect only version 9.6, but many affect all
supported versions:
* Show foreign tables in information_schema.table_privileges view.
This fix applies to new databases, see the release notes for the
procedure to apply the fix to an existing database.
* Correctly identify columns that are of a range type or domain type
over a composite type or domain type being searched for
* Prevent crash when passing fixed-length pass-by-reference data types
to parallel worker processes
* Change ecpg’s parser to allow RETURNING clauses without attached C
variables
* Change ecpg’s parser to recognize backslash continuation of C
preprocessor command lines
* Improve selection of compiler flags for PL/Perl on Windows
pg_upgrade. Other where added in 9.5, but the port failed to install them.
Make sure they are properly installed by the correct port (-client or -server) [1]
Remove unused and hence confusing OSSP_UUID parameters from Makefile [2]
Add options to allow user to be set for the backup script in periodic.
Add this option only to 9.5 for now. It will be updated to other servers at
next regular patch release. [3]
The path to perl in hard coded into pgxs/src/Makefile.global which is
then installed. Hence, we must depend on perl when that file is installed.
Noticed by: Paul Guyot [1]
PR: 192387 [2]
PR: 172110 [3]
PR: 206046 [4]
Two security issues have been fixed in this release which affect users
of specific PostgreSQL features:
CVE-2015-5289: json or jsonb input values constructed from arbitrary
user input can crash the PostgreSQL server and cause a denial of
service.
CVE-2015-5288: The crypt( function included with the optional pgCrypto
extension could be exploited to read a few additional bytes of memory.
No working exploit for this issue has been developed.
This update will also disable SSL renegotiation by default;
previously, it was enabled by default. SSL renegotiation will be
removed entirely in PostgreSQL versions 9.5 and later.
URL: http://www.postgresql.org/about/news/1615/
Security: CVE-2015-5288 CVE-2015-5289
Data Corruption Fix
For users of PostgreSQL versions 9.3 or 9.4, this release fixes a problem where
the database will fail to protect against "multixact wraparound", resulting in
data corruption or loss. Users with a high transaction rate (1 million or more
per hour) in a database with many foreign keys are especially vulnerable. We
strongly urge all users of 9.4 and 9.3 to update their installations in the
next few days.
Users of versions 9.2 and earlier are not affected by this issue.
Security: fc38cd83-00b3-11e5-8ebd-0026551a22dc
This update fixes multiple security issues reported in PostgreSQL over the past
few months. All of these issues require prior authentication, and some require
additional conditions, and as such are not considered generally urgent.
However, users should examine the list of security holes patched below in case
they are particularly vulnerable.
Security: CVE-2015-0241,CVE-2015-0242,CVE-2015-0243,
CVE-2015-0244,CVE-2014-8161
PostgreSQL 9.2, which will include major increases in performance and
both vertical and horizontal scalability. The PostgreSQL Project asks
all users to download and begin testing 9.2 Beta as soon as possible.
Major performance and scalability advances in this version include:
* Index-only scans, allowing users to avoid inefficient scans of base
tables
* Enhanced read-only workload scaling to 64 cores and over 300,000
queries per second
* Improvements to data write speeds, including group commit
* Reductions in CPU power consumption
* Cascading replication, supporting geographically distributed standby
databases
PostgreSQL 9.2 will also offer many new features for application
developers, including:
* JSON data support, enabling hybrid document-relational databases
* Range types, supporting new types of calendar, time-series and
* analytic applications
* Multiple improvements to ALTER and other statements, easing runtime
* database updates
For a full listing of the features in version 9.2 Beta, please see the
release notes:
http://www.postgresql.org/docs/devel/static/release-9-2.html
We depend on our community to help test the next version in order to
guarantee that it is high-performance and bug-free. Please install
PostgreSQL 9.2 Beta and try it with your workloads and applications as
soon as you can, and give feedback to the PostgreSQL developers. More
information on how to test and report issues:
http://www.postgresql.org/developer/beta
