What's new in this version:
Certain host connection parameters defeat client-side security defenses:
- libpq, the client connection API for PostgreSQL that is also used by other connection libraries, had an internal issue where it did not reset all of its connection state variables when attempting to reconnect. In particular, the state variable that determined whether or not a password is needed for a connection would not be reset, which could allow users of features requiring libpq, such as the dblink or postgres_fdw extensions, to login to servers they should not be able to access.
- You can check if your database has either extension installed by running the following from your PostgreSQL shell: dx dblink|postgres_fdw
- Users are advised to upgrade their libpq installations as soon as possible.
- The PostgreSQL Global Development Group thanks Andrew Krasichkov for reporting this problem.
Memory disclosure and missing authorization in INSERT ... ON CONFLICT DO UPDATE:
- An attacker able to issue CREATE TABLE can read arbitrary bytes of server memory using an upsert (INSERT ... ON CONFLICT DO UPDATE) query. By default, any user can exploit that. A user that has specific INSERT privileges and an UPDATE privilege on at least one column in a given table can also update other columns using a view and an upsert query.
BUG FIXES AND IMPROVEMENTS:
- This update also fixes over 40 bugs reported in the last several months. Some of these issues affect only version 10, but many affect all supported versions.
These fixes include:
- Several fixes related to VACUUM, including an issue that could lead to data corruption in certain system catalog tables
- Several fixes for replaying write-ahead logs, including a case where a just-promoted standby server would not restart if it crashed before its first post-recovery checkpoint
- Several performance improvements for replaying write-ahead logs
- Several fixes for logical replication and logical decoding, including ensuring logical WAL senders are reporting the streaming state correctly
- Allow replication slots to be dropped in single-user mode
- Fix to have variance and similar aggregate functions return accurate results when executed using parallel query
- Fix SQL-standard FETCH FIRST syntax to allow parameters ($n), as the standard expects
- Fix to ensure that a process doing a parallel index scan will respond to signals, such as one to abort a query
- Fix EXPLAIN's accounting for resource usage, particularly buffer accesses, in parallel workers
- Several fixes for the query planner including improving the cost estimates for hash-joins and choosing to use indexes for mergejoins on composite type columns
- Fix performance regression related to POSIX semaphores for multi-CPU systems running Linux or FreeBSD
- Fix for GIN indexes that could lead to an assertion failure after a pg_upgrade from a version before PostgreSQL 9.4
- Fix for SHOW ALL to display superuser configuration settings to roles that are allowed to read all settings
- Fix issue where COPY FROM .. WITH HEADER would drop a line after every 4,294,967,296 lines processed
- Several fixes for XML support, including using the document node as the context for XPath queries as defined in the SQL standard, which affects the xpath and xpath_exists functions, as well as XMLTABLE
- Fix libpq for certain cases where hostaddr is used
- Fix password prompting in Windows client programs so that echo is properly disabled
- Several pg_dump fixes, including correctly outputting REPLICA IDENTITY properties for constraint indexes
- Make pg_upgrade check that the old server was shut down cleanly