메뉴 건너뛰기

Korea Oracle User Group

새소식

PostgreSQL 15.3, 14.8, 13.11, 12.15, and 11.20 Released!

 

URL : https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/

 

PostgreSQL DB가 모든 버전에 대한 업데이트를 릴리즈 했습니다. 15.3, 14.8, 13.11, 12.15, 11.20 버전 업데이트 입니다.

이번 릴리즈에는 보안 취약성에 대한 픽스와 직전 버전의 80여가지 이상의 버그의 픽스가 포함되었다고 합니다.

 

자세한 내용은 위 URL 참고하시거나 아래 원문을 참고하시기 바랍니다.

변경 사항은 release note 참고하시기 바랍니다.


PostgreSQL 15.3, 14.8, 13.11, 12.15, and 11.20 Released!

Posted on 2023-05-11 by PostgreSQL Global Development Group
 

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 15.3, 14.8, 13.11, 12.15, and 11.20. This release fixes two security vulnerabilities and over 80 bugs reported over the last several months.

For the full list of changes, please review the release notes.

PostgreSQL 11 EOL Notice

PostgreSQL 11 will stop receiving fixes on November 9, 2023. If you are running PostgreSQL 11 in a production environment, we suggest that you make plans to upgrade to a newer, supported version of PostgreSQL. Please see our versioning policy for more information.

Security Issues

CVE-2023-2454CREATE SCHEMA ... schema_element defeats protective search_path changes.

Versions Affected: 11 - 15. The security team typically does not test unsupported versions, but this problem is quite old.

This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users.

The PostgreSQL project thanks Alexander Lakhin for reporting this problem.

CVE-2023-2455: Row security policies disregard user ID changes after inlining.

Versions Affected: 11 - 15. The security team typically does not test unsupported versions, but this problem is quite old.

While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.

The PostgreSQL project thanks Wolfgang Walther for reporting this problem.

Bug Fixes and Improvements

This update fixes over 80 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 15. Some of these issues may also affect other supported versions of PostgreSQL.

Included in this release:

  • Several fixes for CREATE DATABASE when using the STRATEGY = WAL_LOG, including a potential corruption that could lose modifications to a template/source database.
  • Fix crash with CREATE SCHEMA AUTHORIZATION.
  • Several fixes for MERGE.
  • Several fixes for triggers in partitioned tables.
  • Disallow altering composite types that are stored in indexes.
  • Ensure that COPY TO from a parent table with row-level security enabled does not copy any rows from child tables.
  • Adjust text-search-related character classification logic to correctly detect whether the prevailing locale is C when the default collation of a database uses the ICU provider.
  • Re-allow exponential notation in ISO-8601 interval fields.
  • Improve error reporting for various invalid JSON string literals.
  • Fix data corruption due to vacuum_defer_cleanup_age being larger than the current 64-bit xid.
  • Several fixes for the query parser and planner, including better detection of improperly-nested aggregates.
  • Fix partition pruning bug with the boolean IS NOT TRUE and IS NOT FALSE conditions. Prior to this, NULL partitions were accidentally pruned.
  • Fix memory leak in memoize plan execution.
  • Fix buffer refcount leak on foreign tables using partitions when performing batched inserts.
  • Restore support for sub-millisecond vacuum_cost_delay settings.
  • Several fixes for views and rules.
  • Avoid unnecessary work while scanning a multi-column BRIN index with multiple scan keys.
  • Ignore dropped columns and generated columns during logical replication of an UPDATE or DELETE action.
  • Several fixes for naming and availability of wait events.
  • Support RSA-PSS certificates with SCRAM-SHA-256 channel binding. This feature requires building with OpenSSL 1.1.1 or newer.
  • Avoid race condition with process ID tracking on Windows.
  • Fix memory leak within a session for PL/pgSQL DO blocks that use cast expressions.
  • Tighten array dimensionality checks from PL/Perl and PL/Python when converting list structures to multi-dimensional SQL arrays.
  • Fix pg_dump so that partitioned tables that are hash-partitioned on an enumerated type column can be restored successfully.
  • Fix for pg_trgm where an unsatisfiable regular expression could lead to a crash when using a GiST or GIN index.
  • Limit memory usage of pg_get_wal_records_info() in pg_walinspect.

This release also updates time zone data files to tzdata release 2023c for DST law changes in Egypt, Greenland, Morocco, and Palestine. When observing Moscow time, Europe/Kirov and Europe/Volgograd now use the abbreviations MSK/MSD instead of numeric abbreviations, for consistency with other timezones observing Moscow time. Also, America/Yellowknife is no longer distinct from America/Edmonton; this affects some pre-1948 timestamps in that area.

For the full list of changes available, please review the release notes.

Updating

All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shutdown PostgreSQL and update its binaries.

Users who have skipped one or more update releases may need to run additional, post-update steps; please see the release notes for earlier versions for details.

For more details, please see the release notes.

Links

번호 제목 글쓴이 날짜 조회 수 추천 수
158 MariaDB Enterprise 10.6.12-8 now available 명품관 2023.05.25 947 0
157 Oracle Linux and Unbreakable Enterprise Kernel (UEK) Releases 명품관 2023.05.24 5100 0
156 ODA 19.19 Release is Now Available! 명품관 2023.05.24 1090 0
» PostgreSQL 15.3, 14.8, 13.11, 12.15, and 11.20 Released! 명품관 2023.05.18 7332 0
154 PgBouncer 1.19.0 released 명품관 2023.05.18 4512 0
153 MariaDB 10.11.3, 10.10.4, 10.9.6, 10.8.8, 10.6.13, 10.5.20, 10.4.29 and 10.3.39 now available 명품관 2023.05.18 949 0
152 MariaDB Node.js Connector 3.1.2 now available 명품관 2023.05.04 2741 0
151 Oracle Spatial Studio 23.1 Free 릴리즈 명품관 2023.05.04 6301 0
150 Exadata System Software Updates - April 2023 명품관 2023.05.03 806 0
149 MariaDB Java Connector 3.1.4 now available 명품관 2023.05.03 817 0
148 Oracle GoldenGate Free 21c now available! 명품관 2023.05.03 4342 0
147 Oracle Database World 2023 - Watch the Replays 명품관 2023.04.28 917 0
146 ACE Blog Posts and Podcasts April 10 – April 19, 2023: Oracle 23c Free Developer Release, APEX, Database, OCI, SQL, Analytics and More 명품관 2023.04.21 1126 0
145 MySQL 8.0.33 GA(General Availability) 릴리즈(2023-04-18) 명품관 2023.04.20 1403 0
144 오라클 April 2023 Critical Patch Update Released 명품관 2023.04.19 1009 0
143 Oracle Database Monthly News - March 2023 - Quick Links 명품관 2023.04.18 5741 0
142 pgAdmin 4 v7.0 Released 명품관 2023.04.18 730 0
141 MariaDB ODBC Connector 3.1.18 now available 명품관 2023.04.18 893 0
140 Oracle Database 23c Free Developer Release - 10 features you should know 명품관 2023.04.13 777 0
139 Oracle Enterprise Manager 13c Release 5 Update 14 (13.5.0.14) is now available 명품관 2023.04.11 1259 0
위로