2022-08-11 This release contains a variety of fixes from 14.4. For information about new features in major release 14, see . A dump/restore is not required for those running 14.X. However, if you are upgrading from a version earlier than 14.4, see . Do not let extension scripts replace objects not already belonging to the extension (Tom Lane) This change prevents extension scripts from doing CREATE OR REPLACE if there is an existing object that does not belong to the extension. It also prevents CREATE IF NOT EXISTS in the same situation. This prevents a form of trojan-horse attack in which a hostile database user could become the owner of an extension object and then modify it to compromise future uses of the object by other users. As a side benefit, it also reduces the risk of accidentally replacing objects one did not mean to. The PostgreSQL Project thanks Sven Klemm for reporting this problem. (CVE-2022-2625) Fix replay of CREATE DATABASE WAL records on standby servers (Kyotaro Horiguchi, Asim R Praveen, Paul Guo) Standby servers may encounter missing tablespace directories when replaying database-creation WAL records. Prior to this patch, a standby would fail to recover in such a case; however, such directories could be legitimately missing. Create the tablespace (as a plain directory), then check that it has been dropped again once replay reaches a consistent state. Support in place tablespaces (Thomas Munro, Michael Paquier, Álvaro Herrera) Normally a Postgres tablespace is a symbolic link to a directory on some other filesystem. This change allows it to just be a plain directory. While this has no use for separating tables onto different filesystems, it is a convenient setup for testing. Moreover, it is necessary to support the CREATE DATABASE replay fix, which transiently creates a missing tablespace as an in place tablespace. Fix permissions checks in CREATE INDEX (Nathan Bossart, Noah Misch) The fix for CVE-2022-1552 caused CREATE INDEX to apply the table owner's permissions while performing lookups of operator classes and other objects, where formerly the calling user's permissions were used. This broke dump/restore scenarios, because pg_dump issues CREATE INDEX before re-granting permissions. In extended query protocol, force an immediate commit after CREATE DATABASE and other commands that can't run in a transaction block (Tom Lane) If the client does not send a Sync message immediately after such a command, but instead sends another command, any failure in that command would lead to rolling back the preceding command, typically leaving inconsistent state on-disk (such as a missing or extra database directory). The mechanisms intended to prevent that situation turn out to work for multiple commands in a simple-Query message, but not for a series of extended-protocol messages. To prevent inconsistency without breaking use-cases that work today, force an implicit commit after such commands. Fix race condition when checking transaction visibility (Simon Riggs) TransactionIdIsInProgress could report false before the subject transaction is considered visible, leading to various misbehaviors. The race condition window is normally very narrow, but use of synchronous replication makes it much wider, because the wait for a synchronous replica happens in that window. Fix incorrect plans when sorting by an expression that contains a non-top-level set-returning function (Richard Guo, Tom Lane) Fix incorrect permissions-checking code for extended statistics (Richard Guo) If there are extended statistics on a table that the user has only partial SELECT permissions on, some queries would fail with unrecognized node type errors. Fix extended statistics machinery to handle MCV-type statistics on boolean-valued expressions (Tom Lane) Statistics collection worked fine, but a query containing such an expression in WHERE would fail with unknown clause type. Avoid planner core dump with constant = ANY(array) clauses when there are MCV-type extended statistics on the array variable (Tom Lane) Fix ALTER TABLE ... ENABLE/DISABLE TRIGGER to handle recursion correctly for triggers on partitioned tables (Álvaro Herrera, Amit Langote) In certain cases, a trigger does not exist failure would occur because the command would try to adjust the trigger on a child partition that doesn't have it. Allow cancellation of ANALYZE while it is computing extended statistics (Tom Lane, Justin Pryzby) In some scenarios with high statistics targets, it was possible to spend many seconds in an un-cancellable sort operation. Improve syntax error messages for type jsonpath (Andrew Dunstan) Ensure that pg_stop_backup() cleans up session state properly (Fujii Masao) This omission could lead to assertion failures or crashes later in the session. Fix trim_array() to handle a zero-dimensional array argument sanely (Martin Kalcher) Fix join alias matching in FOR [KEY] UPDATE/SHARE clauses (Dean Rasheed) In corner cases, a misleading error could be reported. Reject ROW() expressions and functions in FROM that have too many columns (Tom Lane) Cases with more than about 1600 columns are unsupported, and have always failed at execution. However, it emerges that some earlier code could be driven to assertion failures or crashes by queries with more than 32K columns. Add a parse-time check to prevent that. Fix dumping of a view using a function in FROM that returns a composite type, when column(s) of the composite type have been dropped since the view was made (Tom Lane) This oversight could lead to dump/reload or pg_upgrade failures, as the dumped view would have too many column aliases for the function. Disallow nested backup operations in logical replication walsenders (Fujii Masao) Fix memory leak in logical replication subscribers (Hou Zhijie) Fix logical replication's checking of replica identity when the target table is partitioned (Shi Yu, Hou Zhijie) The replica identity columns have to be re-identified for the child partition. Fix failures to update cached schema data in a logical replication subscriber after a schema change on the publisher (Shi Yu, Hou Zhijie) Fix WAL consistency checking logic to correctly handle BRIN_EVACUATE_PAGE flags (Haiyang Wang) Fix erroneous assertion checks in shared hashtable management (Thomas Munro) Avoid assertion failure when min_dynamic_shared_memory is set to a non-default value (Thomas Munro) Arrange to clean up after commit-time errors within SPI_commit(), rather than expecting callers to do that (Peter Eisentraut, Tom Lane) Proper cleanup is complicated and requires use of low-level facilities, so it's not surprising that no known caller got it right. This led to misbehaviors when a PL procedure issued COMMIT but a failure occurred (such as a deferred constraint check). To improve matters, redefine SPI_commit() as starting a new transaction, so that it becomes equivalent to SPI_commit_and_chain() except that you get default transaction characteristics instead of preserving the prior transaction's characteristics. To make this somewhat transparent API-wise, redefine SPI_start_transaction() as a no-op. All known callers of SPI_commit() immediately call SPI_start_transaction(), so they will not notice any change. Similar remarks apply to SPI_rollback(). Also fix PL/Python, which omitted any handling of such errors at all, resulting in jumping out of the Python interpreter. This is reported to crash Python 3.11. Older Python releases leak some memory but seem okay with it otherwise. Improve libpq's handling of idle states in pipeline mode (Álvaro Herrera, Kyotaro Horiguchi) This fixes message type 0x33 arrived from server while idle warnings, as well as possible loss of end-of-query NULL results from PQgetResult(). Avoid core dump in ecpglib with unexpected orders of operations (Tom Lane) Certain operations such as EXEC SQL PREPARE would crash (rather than reporting an error as expected) if called before establishing any database connection. In ecpglib, avoid redundant newlocale() calls (Noah Misch) Allocate a C locale object once per process when first connecting, rather than creating and freeing locale objects once per query. This mitigates a libc memory leak on AIX, and may offer some performance benefit everywhere. In psql's \watch command, echo a newline after cancellation with control-C (Pavel Stehule) This prevents libedit (and possibly also libreadline) from becoming confused about which column the cursor is in. Fix pg_upgrade to detect non-upgradable usages of functions taking anyarray (Justin Pryzby) Version 14 changed some built-in functions to take type anycompatiblearray instead of anyarray. While this is mostly transparent, user-defined aggregates and operators built atop these functions have to be declared with exactly matching types. The presence of an object referencing the old signature will cause pg_upgrade to fail, so change it to detect and report such cases before beginning the upgrade. Fix possible report of wrong error condition after clone() failure in pg_upgrade with --clone option (Justin Pryzby) Fix contrib/pg_stat_statements to avoid problems with very large query-text files on 32-bit platforms (Tom Lane) In contrib/postgres_fdw, prevent batch insertion when there are WITH CHECK OPTION constraints (Etsuro Fujita) Such constraints cannot be checked properly if more than one row is inserted at a time. Fix contrib/postgres_fdw to detect failure to send an asynchronous data fetch query (Fujii Masao) Ensure that contrib/postgres_fdw sends constants of regconfig and other reg* types with proper schema qualification (Tom Lane) Block signals while allocating dynamic shared memory on Linux (Thomas Munro) This avoids problems when a signal interrupts posix_fallocate(). Detect unexpected EEXIST error from shm_open() (Thomas Munro) This avoids a possible crash on Solaris. Avoid using signalfd() on illumos systems (Thomas Munro) This appears to trigger hangs and kernel panics, so avoid the function until a fix is available. 2022-06-16 This release contains a variety of fixes from 14.3. For information about new features in major release 14, see . A dump/restore is not required for those running 14.X. However, if you have any indexes that were created using the CONCURRENTLY option under 14.X, you should re-index them after updating. See the first changelog entry below. Also, if you are upgrading from a version earlier than 14.3, see . Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (Álvaro Herrera) An optimization added in v14 caused CREATE INDEX ... CONCURRENTLY and REINDEX ... CONCURRENTLY to sometimes miss indexing rows that were updated during the index build. Revert that optimization. It is recommended that any indexes made with the CONCURRENTLY option be rebuilt after installing this update. (Alternatively, rebuild them without CONCURRENTLY.) Harden Memoize plan node against non-deterministic equality functions (David Rowley) Memoize could crash if a data type's equality or hash functions gave inconsistent results across different calls. Throw a runtime error instead. Fix incorrect cost estimates for Memoize plans (David Rowley) This mistake could lead to Memoize being used when it isn't really the best plan, or to very long executor startup times due to initializing an overly-large hash table for a Memoize node. Fix queries in which a whole-row variable references the result of a function that returns a domain over composite type (Tom Lane) Fix variable not found in subplan target list planner error when pulling up a sub-SELECT that's referenced in a GROUPING function (Richard Guo) Prevent pg_stat_get_subscription() from possibly returning an extra row containing garbage values (Kuntal Ghosh) Fix COPY FROM's error checking in the case where the database encoding is SQL_ASCII while the client's encoding is a multi-byte encoding (Heikki Linnakangas) This mistake could lead to false complaints of invalidly-encoded input data. Avoid crashing if too many column aliases are attached to an XMLTABLE or JSON_TABLE construct (Álvaro Herrera) When decompiling a view or rule, show a SELECT output column's AS "?column?" alias clause if it could be referenced elsewhere (Tom Lane) Previously, this auto-generated alias was always hidden; but there are corner cases where doing so results in a non-restorable view or rule definition. Report implicitly-created operator families to event triggers (Masahiko Sawada) If CREATE OPERATOR CLASS results in the implicit creation of an operator family, that object was not reported to event triggers that should capture such events. Fix control file updates made when a restartpoint is running during promotion of a standby server (Kyotaro Horiguchi) Previously, when the restartpoint completed it could incorrectly update the last-checkpoint fields of the control file, potentially leading to PANIC and failure to restart if the server crashes before the next normal checkpoint completes. Prevent triggering of standby's wal_receiver_timeout during logical replication of large transactions (Wang Wei, Amit Kapila) If a large transaction on the primary server sends no data to the standby (perhaps because no table it changes is published), it was possible for the standby to timeout. Fix that by ensuring we send keepalive messages periodically in such situations. Prevent open-file leak when reading an invalid timezone abbreviation file (Kyotaro Horiguchi) Such cases could result in harmless warning messages. Allow custom server parameters to have short descriptions that are NULL (Steve Chavez) Previously, although extensions could choose to create such settings, some code paths would crash while processing them. Remove misguided SSL key file ownership check in libpq (Tom Lane) In the previous minor releases, we copied the server's permission checking rules for SSL private key files into libpq. But we should not have also copied the server's file-ownership check. While that works in normal use-cases, it can result in an unexpected failure for clients running as root, and perhaps in other cases. Ensure ecpg reports server connection loss sanely (Tom Lane) Misprocessing of a libpq-generated error result, such as a report of lost connection, would lead to printing (null) instead of a useful error message; or in older releases it would lead to a crash. Prevent crash after server connection loss in pg_amcheck (Tom Lane) Misprocessing of a libpq-generated error result, such as a report of lost connection, would lead to a crash. Adjust PL/Perl test case so it will work under Perl 5.36 (Dagfinn Ilmari Mannsåker) Avoid incorrectly using an out-of-date libldap_r library when multiple OpenLDAP installations are present while building PostgreSQL (Tom Lane) 2022-05-12 This release contains a variety of fixes from 14.2. For information about new features in major release 14, see . A dump/restore is not required for those running 14.X. However, if you have any GiST indexes on columns of type ltree (supplied by the contrib/ltree extension), you should re-index them after updating. See the second changelog entry below. Also, if you are upgrading from a version earlier than 14.2, see . Confine additional operations within security restricted operation sandboxes (Sergey Shinderuk, Noah Misch) Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW, and pg_amcheck activated the security restricted operation protection mechanism too late, or even not at all in some code paths. A user having permission to create non-temporary objects within a database could define an object that would execute arbitrary SQL code with superuser permissions the next time that autovacuum processed the object, or that some superuser ran one of the affected commands against it. The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. (CVE-2022-1552) Fix default signature length for gist_ltree_ops indexes (Tomas Vondra, Alexander Korotkov) The default signature length (hash size) for GiST indexes on ltree columns was accidentally changed while upgrading that operator class to support operator class parameters. If any operations had been done on such an index without first upgrading the ltree extension to version 1.2, they were done assuming that the signature length was 28 bytes rather than the intended 8. This means it is very likely that such indexes are now corrupt. For safety we recommend re-indexing all GiST indexes on ltree columns after installing this update. (Note that GiST indexes on ltree[] columns, that is arrays of ltree, are not affected.) Stop using query-provided column aliases for the columns of whole-row variables that refer to plain tables (Tom Lane) The column names in tuples produced by a whole-row variable (such as tbl.* in contexts other than the top level of a SELECT list) are now always those of the associated named composite type, if there is one. We'd previously attempted to make them track any column aliases that had been applied to the FROM entry the variable refers to. But that's semantically dubious, because really then the output of the variable is not at all of the composite type it claims to be. Previous attempts to deal with that inconsistency had bad results up to and including storing unreadable data on disk, so just give up on the whole idea. In cases where it's important to be able to relabel such columns, a workaround is to introduce an extra level of sub-SELECT, so that the whole-row variable is referring to the sub-SELECT's output and not to a plain table. Then the variable is of type record to begin with and there's no issue. Fix incorrect roundoff when extracting epoch values from intervals (Peter Eisentraut) The new numeric-based code for EXTRACT() failed to yield results equivalent to the old float-based code, as a result of accidentally truncating the DAYS_PER_YEAR value to an integer. Defend against pg_stat_get_replication_slot(NULL) (Andres Freund) This function should be marked strict in the catalog data, but it was not in v14, so add a run-time check instead. Fix incorrect output for types timestamptz and timetz in table_to_xmlschema() and allied functions (Renan Soares Lopes) The xmlschema output for these types included a malformed regular expression. Avoid core dump in parser for a VALUES clause with zero columns (Tom Lane) Fix planner failure when a Result plan node appears immediately underneath an Append node (Etsuro Fujita) Recently-added code to support asynchronous remote queries failed to handle this case, leading to crashes or errors about unrecognized node types. Fix planner failure if a query using SEARCH or CYCLE features contains a duplicate CTE name (Tom Lane, Kyotaro Horiguchi) When the name of the recursive WITH query is re-used within itself, the planner could crash or report odd errors such as could not find attribute 2 in subquery targetlist. Fix planner errors for GROUPING() constructs that reference outer query levels (Richard Guo, Tom Lane) Fix plan generation for index-only scans on indexes with both returnable and non-returnable columns (Tom Lane) The previous coding could try to read non-returnable columns in addition to the returnable ones. This was fairly harmless because it didn't actually do anything with the bogus values, but it fell foul of a recently-added error check that rejected such a plan. Avoid accessing a no-longer-pinned shared buffer while attempting to lock an outdated tuple during EvalPlanQual (Tom Lane) The code would touch the buffer a couple more times after releasing its pin. In theory another process could recycle the buffer (or more likely, try to defragment its free space) as soon as the pin is gone, probably leading to failure to find the newer version of the tuple. Fix query-lifespan memory leak in an IndexScan node that is performing reordering (Aliaksandr Kalenik) Fix ALTER FUNCTION to support changing a function's parallelism property and its SET-variable list in the same command (Tom Lane) The parallelism property change was lost if the same command also updated the function's SET clause. Tighten lookup of the index owned by a constraint (Tom Lane, Japin Li) Some code paths mistook the index depended on by a foreign key constraint for one owned by a unique or primary key constraint, resulting in odd errors during certain ALTER TABLE operations on tables having foreign key constraints. Fix bogus errors from attempts to alter system columns of tables (Tom Lane) The system should just tell you that you can't do it, but sometimes it would report no owned sequence found instead. Fix mis-sorting of table rows when CLUSTERing using an index whose leading key is an expression (Peter Geoghegan, Thomas Munro) The table would be rebuilt with the correct data, but in an order having little to do with the index order. Prevent data loss if a system crash occurs shortly after a sorted GiST index build (Heikki Linnakangas) The code path for building GiST indexes using sorting neglected to fsync the file upon completion. This could result in a corrupted index if the operating system crashed shortly later. Fix risk of deadlock failures while dropping a partitioned index (Jimmy Yih, Gaurab Dey, Tom Lane) Ensure that the required table and index locks are taken in the standard order (parents before children, tables before indexes). The previous coding for DROP INDEX did it differently, and so could deadlock against concurrent queries taking these locks in the standard order. Fix race condition between DROP TABLESPACE and checkpointing (Nathan Bossart) The checkpoint forced by DROP TABLESPACE could sometimes fail to remove all dead files from the tablespace's directory, leading to a bogus tablespace is not empty error. Fix possible trouble in crash recovery after a TRUNCATE command that overlaps a checkpoint (Kyotaro Horiguchi, Heikki Linnakangas, Robert Haas) TRUNCATE must ensure that the table's disk file is truncated before the checkpoint is allowed to complete. Otherwise, replay starting from that checkpoint might find unexpected data in the supposedly-removed pages, possibly causing replay failure. Fix unsafe toast-data accesses during temporary object cleanup (Andres Freund) Temporary-object deletion during server process exit could fail with FATAL: cannot fetch toast data without an active snapshot. This was usually harmless since the next use of that temporary schema would clean up successfully. Re-allow underscore as the first character in a custom parameter name (Japin Li) Such names were unintentionally disallowed in v14. Add regress option for the compute_query_id parameter (Michael Paquier) This is intended to facilitate testing, by allowing query IDs to be computed but not shown in EXPLAIN output. Improve wait logic in RegisterSyncRequest (Thomas Munro) If we run out of space in the checkpointer sync request queue (which is hopefully rare on real systems, but is common when testing with a very small buffer pool), we wait for it to drain. While waiting, we should report that as a wait event so that users know what is going on, and also watch for postmaster death, since otherwise the loop might never terminate if the checkpointer has already exited. Wake up for latch events when the checkpointer is waiting between writes (Thomas Munro) This improves responsiveness to backends sending sync requests. The change also creates a proper wait event class for these waits. Fix PANIC: xlog flush request is not satisfied failure during standby promotion when there is a missing WAL continuation record (Sami Imseih) Fix possibility of self-deadlock in hot standby conflict handling (Andres Freund) With unlucky timing, the WAL-applying process could get stuck while waiting for some other process to release a buffer lock. Fix possible mis-identification of the correct ancestor relation to publish logical replication changes through (Tomas Vondra, Hou zj, Amit Kapila) If publish_via_partition_root is enabled, and there are multiple publications naming different ancestors of the currently-modified relation, the wrong ancestor might be chosen for reporting the change. Ensure that logical replication apply workers can be restarted even when we're up against the max_sync_workers_per_subscription limit (Amit Kapila) Faulty coding of the limit check caused a restarted worker to exit immediately, leaving fewer workers than there should be. Include unchanged replica identity key columns in the WAL log for an update, if they are stored out-of-line (Dilip Kumar, Amit Kapila) Otherwise subscribers cannot see the values and will fail to replicate the update. Cope correctly with platforms that have no support for altering the server process's display in ps(1) (Andrew Dunstan) Few platforms are like this (the only supported one is Cygwin), so we'd managed not to notice that refactoring introduced a potential memory clobber. Make the server more robust against missed timer interrupts (Michael Harris, Tom Lane) An optimization added in v14 meant that if a server process somehow missed a timer interrupt, it would never again ask the kernel for another one, thus breaking timeout detection for the remainder of the session. This seems unduly fragile, so add a recovery path. Disallow execution of SPI functions during PL/Perl function compilation (Tom Lane) Perl can be convinced to execute user-defined code during compilation of a PL/Perl function. However, it's not okay for such code to try to invoke SQL operations via SPI. That results in a crash, and if it didn't crash it would be a security hazard, because we really don't want code execution during function validation. Put in a check to give a friendlier error message instead. Make libpq accept root-owned SSL private key files (David Steele) This change synchronizes libpq's rules for safe ownership and permissions of SSL key files with the rules the server has used since release 9.6. Namely, in addition to the current rules, allow the case where the key file is owned by root and has permissions rw-r----- or less. This is helpful for system-wide management of key files. Fix behavior of libpq's PQisBusy() function after a connection failure (Tom Lane) If we'd detected a write failure, PQisBusy() would always return true, which is the wrong thing: we want input processing to carry on normally until we've read whatever is available from the server. The practical effect of this error is that applications using libpq's async-query API would typically detect connection loss only when PQconsumeInput() returns a hard failure. With this fix, a connection loss will normally be reported via an error PGresult object, which is a much cleaner behavior for most applications. Re-allow database.schema.table patterns in psql, pg_dump, and pg_amcheck (Mark Dilger) Versions before v14 silently ignored all but the schema and table fragments of a pattern containing more than one dot. Refactoring in v14 accidentally broke that use-case. Reinstate it, but now complain if the first fragment is not the name of the current database. Make pg_ctl recheck postmaster aliveness while waiting for stop/restart/promote actions (Tom Lane) pg_ctl would verify that the postmaster is alive as a side-effect of sending the stop or promote signal, but then it just naively waited to see the on-disk state change. If the postmaster died uncleanly without having removed its PID file or updated the control file, pg_ctl would wait until timeout. Instead make it recheck every so often that the postmaster process is still there. Fix error handling in pg_waldump (Kyotaro Horiguchi, Andres Freund) While trying to read a WAL file to determine the WAL segment size, pg_waldump would report an incorrect error for the case of a too-short file. In addition, the file name reported in this and related error messages could be garbage. Ensure that contrib/pageinspect functions cope with all-zero pages (Michael Paquier) This is a legitimate edge case, but the module was mostly unprepared for it. Arrange to return nulls, or no rows, as appropriate; that seems more useful than raising an error. In contrib/pageinspect, add defenses against incorrect page special space contents, tighten checks for correct page size, and add some missing checks that an index is of the expected type (Michael Paquier, Justin Pryzby, Julien Rouhaud) These changes make it less likely that the module will crash on bad data. In contrib/postgres_fdw, disable batch insertion when BEFORE INSERT ... FOR EACH ROW triggers exist on the foreign table (Etsuro Fujita) Such a trigger might query the table it's on and expect to see previously-inserted rows. With batch insertion, those rows might not be visible yet, so disable the feature to avoid unexpected behavior. In contrib/postgres_fdw, verify that ORDER BY clauses are safe to ship before requesting a remotely-ordered query, and include a USING clause if necessary (Ronan Dunklau) This fix prevents situations where the remote server might sort in a different order than we intend. While sometimes that would be only cosmetic, it could produce thoroughly wrong results if the remote data is used as input for a locally-performed merge join. Fix configure to handle platforms that have sys/epoll.h but not sys/signalfd.h (Tom Lane) Update JIT code to work with LLVM 14 (Thomas Munro) Clean up assorted failures under clang's -fsanitize=undefined checks (Tom Lane, Andres Freund, Zhihong Yu) Most of these changes are just for pro-forma compliance with the letter of the C and POSIX standards, and are unlikely to have any effect on production builds. Do not add OpenSSL dependencies to libpq's pkg-config file when building without OpenSSL (Fabrice Fontaine) Fix PL/Perl so it builds on C compilers that don't support statements nested within expressions (Tom Lane) Fix possible build failure of pg_dumpall on Windows, when not using MSVC to build (Andres Freund) In Windows builds, use gendef instead of pexports to build DEF files (Andrew Dunstan) This adapts the build process to work on recent MSys tool chains. Prevent extra expansion of shell wildcard patterns in programs built under MinGW (Andrew Dunstan) For some reason the C library provided by MinGW will expand shell wildcard characters in a program's command-line arguments by default. This is confusing, not least because it doesn't happen under MSVC, so turn it off. Update time zone data files to tzdata release 2022a for DST law changes in Palestine, plus historical corrections for Chile and Ukraine. 2022-02-10 This release contains a variety of fixes from 14.1. For information about new features in major release 14, see . A dump/restore is not required for those running 14.X. However, some bugs have been found that may have resulted in corrupted indexes, as explained in the first two changelog entries. If any of those cases apply to you, it's recommended to reindex possibly-affected indexes after updating. Also, if you are upgrading from a version earlier than 14.1, see . Enforce standard locking protocol for TOAST table updates, to prevent problems with REINDEX CONCURRENTLY (Michael Paquier) If applied to a TOAST table or TOAST table's index, REINDEX CONCURRENTLY tended to produce a corrupted index. This happened because sessions updating TOAST entries released their ROW EXCLUSIVE locks immediately, rather than holding them until transaction commit as all other updates do. The fix is to make TOAST updates hold the table lock according to the normal rule. Any existing corrupted indexes can be repaired by reindexing again. Fix corruption of HOT chains when a RECENTLY_DEAD tuple changes state to fully DEAD during page pruning (Andres Freund) It was possible for VACUUM to remove a recently-dead tuple while leaving behind a redirect item that pointed to it. When the tuple's item slot is later re-used by some new tuple, that tuple would be seen as part of the pre-existing HOT chain, creating a form of index corruption. If this has happened, reindexing the table should repair the damage. However, this is an extremely low-probability scenario, so we do not recommend reindexing just on the chance that it might have happened. Fix crash in EvalPlanQual rechecks for tables with a mix of local and foreign partitions (Etsuro Fujita) Fix dangling pointer in COPY TO (Bharath Rupireddy) This oversight could cause an incorrect error message or a crash after an error in COPY. Avoid null-pointer crash in ALTER STATISTICS when the statistics object is dropped concurrently (Tomas Vondra) Correctly handle alignment padding when extracting a range from a multirange (Alexander Korotkov) This error could cause crashes when handling multiranges over variable-length data types. Fix over-optimistic use of hashing for anonymous RECORD data types (Tom Lane) This prevents some cases of could not identify a hash function for type record errors. Fix incorrect plan creation for parallel single-child Append nodes (David Rowley) In some cases the Append would be simplified away when it should not be, leading to wrong query results (duplicated rows). Fix index-only scan plans for cases where not all index columns can be returned (Tom Lane) If an index has both returnable and non-returnable columns, and one of the non-returnable columns is an expression using a table column that appears in a returnable index column, then a query using that expression could result in an index-only scan plan that attempts to read the non-returnable column, instead of recomputing the expression from the returnable column as intended. The non-returnable column would read as NULL, resulting in wrong query results. Fix Memoize plan nodes to handle subplans that use parameters coming from above the Memoize (David Rowley) Fix Memoize plan nodes to work correctly with non-hashable join operators (David Rowley) Ensure that casting to an unspecified typmod generates a RelabelType node rather than a length-coercion function call (Tom Lane) While the coercion function should do the right thing (nothing), this translation is undesirably inefficient. Fix checking of anycompatible-family data type matches (Tom Lane) In some cases the parser would think that a function or operator with anycompatible-family polymorphic parameters matches a set of arguments that it really shouldn't match. In reported cases, that led to matching more than one operator to a call, leading to ambiguous-operator errors; but a failure later on is also possible. Fix WAL replay failure when database consistency is reached exactly at a WAL page boundary (Álvaro Herrera) Fix startup of a physical replica to tolerate transaction ID wraparound (Abhijit Menon-Sen, Tomas Vondra) If a replica server is started while the set of active transactions on the primary crosses a wraparound boundary (so that there are some newer transactions with smaller XIDs than older ones), the replica would fail with out-of-order XID insertion in KnownAssignedXids. The replica would retry, but could never get past that error. In logical replication, avoid double transmission of a child table's data (Hou Zhijie) If a publication includes both child and parent tables, and has the publish_via_partition_root option set, subscribers uselessly initiated synchronization on both child and parent tables. Ensure that only the parent table is synchronized in such cases. Remove lexical limitations for SQL commands issued on a logical replication connection (Tom Lane) The walsender process would fail for a SQL command containing an unquoted semicolon, or with dollar-quoted literals containing odd numbers of single or double quote marks, or when the SQL command starts with a comment. Moreover, faulty error recovery could lead to unexpected errors in later commands too. Ensure that replication origin timestamp is set while replicating a ROLLBACK PREPARED operation (Masahiko Sawada) Fix possible loss of the commit timestamp for the last subtransaction of a transaction (Alex Kingsborough, Kyotaro Horiguchi) Be sure to fsync the pg_logical/mappings subdirectory during checkpoints (Nathan Bossart) On some filesystems this oversight could lead to losing logical rewrite status files after a system crash. Build extended statistics for partitioned tables (Justin Pryzby) A previous bug fix disabled building of extended statistics for old-style inheritance trees, but it also prevented building them for partitioned tables, which was an unnecessary restriction. This change allows ANALYZE to compute values for statistics objects for partitioned tables. (But note that autovacuum does not process partitioned tables as such, so you must periodically issue manual ANALYZE on the partitioned table if you want to maintain such statistics.) Ignore extended statistics for inheritance trees (Justin Pryzby) Currently, extended statistics values are only computed locally for each table, not for entire inheritance trees. However the values were mistakenly consulted when planning queries across inheritance trees, possibly resulting in worse-than-default estimates. Disallow altering data type of a partitioned table's columns when the partitioned table's row type is used as a composite type elsewhere (Tom Lane) This restriction has long existed for regular tables, but through an oversight it was not checked for partitioned tables. Disallow ALTER TABLE ... DROP NOT NULL for a column that is part of a replica identity index (Haiying Tang, Hou Zhijie) The same prohibition already existed for primary key indexes. Correctly update cached table state during ALTER TABLE ADD PRIMARY KEY USING INDEX (Hou Zhijie) Concurrent sessions failed to update their opinion of whether the table has a primary key, possibly causing incorrect logical replication behavior. Correctly update cached table state when switching REPLICA IDENTITY index (Tang Haiying, Hou Zhijie) Concurrent sessions failed to update their opinion of which index is the replica identity one, possibly causing incorrect logical replication behavior. Fix failure of SP-GiST indexes when the indexed column's data type is binary-compatible with the declared input type of the operator class (Tom Lane) Such cases should work, but failed with compress method must be defined when leaf type is different from input type. Allow parallel vacuuming and concurrent index building to be ignored while computing oldest xmin (Masahiko Sawada) Non-parallelized instances of these operations were already ignored, but the logic did not work for parallelized cases. Holding back the xmin horizon has undesirable effects such as delaying vacuum cleanup. Fix memory leak when updating expression indexes (Peter Geoghegan) An UPDATE affecting many rows could consume significant amounts of memory. Avoid leaking memory during REASSIGN OWNED BY operations that reassign ownership of many objects (Justin Pryzby) Improve performance of walsenders sending logical changes by avoiding unnecessary cache accesses (Hou Zhijie) Fix display of cert authentication method's options in pg_hba_file_rules view (Magnus Hagander) The cert authentication method implies clientcert=verify-full, but the pg_hba_file_rules view incorrectly reported clientcert=verify-ca. Ensure that the session targeted by pg_log_backend_memory_contexts() sends its results only to the server's log (Fujii Masao) Previously, a sufficiently high setting of client_min_messages could result in the log message also being sent to the connected client. Since that client hadn't requested it, that would be surprising (and possibly a wire protocol violation). Fix display of whole-row variables appearing in INSERT ... VALUES rules (Tom Lane) A whole-row variable would be printed as var.*, but that allows it to be expanded to individual columns when the rule is reloaded, resulting in different semantics. Attach an explicit cast to prevent that, as we do elsewhere. When reverse-listing a SQL-standard function body, display function parameters appropriately within INSERT ... SELECT (Tom Lane) Previously, they'd come out as $N even when the parameter had a name. Fix one-byte buffer overrun when applying Unicode string normalization to an empty string (Michael Paquier) The practical impact of this is limited thanks to alignment considerations; but in debug builds, a warning was raised. Fix or remove some incorrect assertions (Simon Riggs, Michael Paquier, Alexander Lakhin) These errors should affect only debug builds, not production. Fix race condition that could lead to failure to localize error messages that are reported early in multi-threaded use of libpq or ecpglib (Tom Lane) Avoid calling strerror from libpq's PQcancel function (Tom Lane) PQcancel is supposed to be safe to call from a signal handler, but strerror is not safe. The faulty usage only occurred in the unlikely event of failure to send the cancel message to the server, perhaps explaining the lack of reports. Make psql's \password command default to setting the password for CURRENT_USER, not the connection's original user name (Tom Lane) This agrees with the documented behavior, and avoids probable permissions failure if SET ROLE or SET SESSION AUTHORIZATION has been done since the session began. To prevent confusion, the role name to be acted on is now included in the password prompt. Fix psql \d command's query for identifying parent triggers (Justin Pryzby) The previous coding failed with more than one row returned by a subquery used as an expression if a partition had triggers and there were unrelated statement-level triggers of the same name on some parent partitioned table. Make psql's \d command sort a table's extended statistics objects by name not OID (Justin Pryzby) Fix psql's tab-completion of label values for enum types (Tom Lane) Fix failures on Windows when using the terminal as data source or destination (Dmitry Koval, Juan José Santamaría Flecha, Michael Paquier) This affects psql's \copy command, as well as pg_recvlogical with -f -. In psql and some other client programs, avoid trying to invoke gettext() from a control-C signal handler (Tom Lane) While no reported failures have been traced to this mistake, it seems highly unlikely to be a safe thing to do. Allow canceling the initial password prompt in pg_receivewal and pg_recvlogical (Tom Lane, Nathan Bossart) Previously it was impossible to terminate these programs via control-C while they were prompting for a password. Fix pg_dump's dump ordering for user-defined casts (Tom Lane) In rare cases, the output script might refer to a user-defined cast before it had been created. Fix pg_dump's --inserts and --column-inserts modes to handle tables containing both generated columns and dropped columns (Tom Lane) Fix possible mis-reporting of errors in pg_dump and pg_basebackup (Tom Lane) The previous code failed to check for errors from some kernel calls, and could report the wrong errno values in other cases. Fix results of index-only scans on contrib/btree_gist indexes on char(N) columns (Tom Lane) Index-only scans returned column values with trailing spaces removed, which is not the expected behavior. That happened because that's how the data was stored in the index. This fix changes the code to store char(N) values with the expected amount of space padding. The behavior of such an index will not change immediately unless you REINDEX it; otherwise space-stripped values will be gradually replaced over time during updates. Queries that do not use index-only scan plans will be unaffected in any case. Fix edge cases in postgres_fdw's handling of asynchronous queries (Etsuro Fujita) These errors could lead to crashes or incorrect results when attempting to parallelize scans of foreign tables. Change configure to use Python's sysconfig module, rather than the deprecated distutils module, to determine how to build PL/Python (Peter Eisentraut, Tom Lane, Andres Freund) With Python 3.10, this avoids configure-time warnings about distutils being deprecated and scheduled for removal in Python 3.12. Presumably, once 3.12 is out, configure --with-python would fail altogether. This future-proofing does come at a cost: sysconfig did not exist before Python 2.7, nor before 3.2 in the Python 3 branch, so it is no longer possible to build PL/Python against long-dead Python versions. Re-allow cross-compilation without OpenSSL (Tom Lane) configure should assume that /dev/urandom will be available on the target system, but it failed instead. Fix PL/Perl compile failure on Windows with Perl 5.28 and later (Victor Wagner) Fix PL/Python compile failure with Python 3.11 and later (Peter Eisentraut) Add support for building with Visual Studio 2022 (Hans Buschmann) Allow the .bat wrapper scripts in our MSVC build system to be called without first changing into their directory (Anton Voloshin, Andrew Dunstan) 2021-11-11 This release contains a variety of fixes from 14.0. For information about new features in major release 14, see . A dump/restore is not required for those running 14.X. However, note that installations using physical replication should update standby servers before the primary server, as explained in the third changelog entry below. Also, several bugs have been found that may have resulted in corrupted indexes, as explained in the next several changelog entries. If any of those cases apply to you, it's recommended to reindex possibly-affected indexes after updating. Make the server reject extraneous data after an SSL or GSS encryption handshake (Tom Lane) A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could be abused to send faked SQL commands to the server, although that would only work if the server did not demand any authentication data. (However, a server relying on SSL certificate authentication might well not do so.) The PostgreSQL Project thanks Jacob Champion for reporting this problem. (CVE-2021-23214) Make libpq reject extraneous data after an SSL or GSS encryption handshake (Tom Lane) A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could probably be abused to inject faked responses to the client's first few queries, although other details of libpq's behavior make that harder than it sounds. A different line of attack is to exfiltrate the client's password, or other sensitive data that might be sent early in the session. That has been shown to be possible with a server vulnerable to CVE-2021-23214. The PostgreSQL Project thanks Jacob Champion for reporting this problem. (CVE-2021-23222) Fix physical replication for cases where the primary crashes after shipping a WAL segment that ends with a partial WAL record (Álvaro Herrera) If the primary did not survive long enough to finish writing the rest of the incomplete WAL record, then the previous crash-recovery logic had it back up and overwrite WAL starting from the beginning of the incomplete WAL record. This is problematic since standby servers may already have copies of that WAL segment. They will then see an inconsistent next segment, and will not be able to recover without manual intervention. To fix, do not back up over a WAL segment boundary when restarting after a crash. Instead write a new type of WAL record at the start of the next WAL segment, informing readers that the incomplete WAL record will never be finished and must be disregarded. When applying this update, it's best to update standby servers before the primary, so that they will be ready to handle this new WAL record type if the primary happens to crash. Ensure that parallel VACUUM doesn't miss any indexes (Peter Geoghegan, Masahiko Sawada) A parallel VACUUM would fail to process indexes that are below the min_parallel_index_scan_size cutoff, if the table also has at least two indexes that are above that size. This could result in those indexes becoming corrupt, since they'd still contain references to any heap entries removed by the VACUUM; subsequent queries using such indexes would be likely to return rows they shouldn't. This problem does not affect autovacuum, since it doesn't use parallel vacuuming. However, it is advisable to reindex any manually-vacuumed tables that have the right mix of index sizes. Fix CREATE INDEX CONCURRENTLY to wait for the latest prepared transactions (Andrey Borodin) Rows inserted by just-prepared transactions might be omitted from the new index, causing queries relying on the index to miss such rows. The previous fix for this type of problem failed to account for PREPARE TRANSACTION commands that were still in progress when CREATE INDEX CONCURRENTLY checked for them. As before, in installations that have enabled prepared transactions (max_prepared_transactions > 0), it's recommended to reindex any concurrently-built indexes in case this problem occurred when they were built. Avoid race condition that can cause backends to fail to add entries for new rows to an index being built concurrently (Noah Misch, Andrey Borodin) While it's apparently rare in the field, this case could potentially affect any index built or reindexed with the CONCURRENTLY option. It is recommended to reindex any such indexes to make sure they are correct. Fix REINDEX CONCURRENTLY to preserve operator class parameters that were attached to the target index (Michael Paquier) Fix incorrect creation of shared dependencies when cloning a database that contains non-builtin objects (Aleksander Alekseev) The effects of this error are probably limited in practice. In principle, it could allow a role to be dropped while it still owns objects; but most installations would never want to drop a role that had been used for objects they'd added to template1. Ensure that the relation cache is invalidated for a table being attached to or detached from a partitioned table (Amit Langote, Álvaro Herrera) This oversight could allow misbehavior of subsequent inserts/updates addressed directly to the partition, but only in currently-existing sessions. Fix corruption of parse tree while creating a range type (Alex Kozhemyakin, Sergey Shinderuk) CREATE TYPE incorrectly freed an element of the parse tree, which could cause problems for a later event trigger, or if the CREATE TYPE command was stored in the plan cache and used again later. Fix updates of element fields in arrays of domain over composite (Tom Lane) A command such as UPDATE tab SET fld[1].subfld = val failed if the array's elements were domains rather than plain composites. Disallow the combination of FETCH FIRST WITH TIES and FOR UPDATE SKIP LOCKED (David Christensen) FETCH FIRST WITH TIES necessarily fetches one more row than requested, since it cannot stop until it finds a row that is not a tie. In our current implementation, if FOR UPDATE is used then that row will also get locked even though it is not returned. That results in undesirable behavior if the SKIP LOCKED option is specified. It's difficult to change this without introducing a different set of undesirable behaviors, so for now, forbid the combination. Disallow ALTER INDEX index ALTER COLUMN col SET (options) (Nathan Bossart, Michael Paquier) While the parser accepted this, it's undocumented and doesn't actually work. Fix corner-case loss of precision in numeric power() (Dean Rasheed) The result could be inaccurate when the first argument is very close to 1. Avoid choosing the wrong hash equality operator for Memoize plans (David Rowley) This error could result in crashes or incorrect query results. Fix planner error with pulling up subquery expressions into function rangetable entries (Tom Lane) If a function in FROM laterally references the output of some sub-SELECT earlier in the FROM clause, and we are able to flatten that sub-SELECT into the outer query, the expression(s) copied into the function expression were not fully processed. This could lead to crashes at execution. Avoid using MCV-only statistics to estimate the range of a column (Tom Lane) There are corner cases in which ANALYZE will build a most-common-values (MCV) list but not a histogram, even though the MCV list does not account for all the observed values. In such cases, keep the planner from using the MCV list alone to estimate the range of column values. Fix restoration of a Portal's snapshot inside a subtransaction (Bertrand Drouvot) If a procedure commits or rolls back a transaction, and then its next significant action is inside a new subtransaction, snapshot management went wrong, leading to a dangling pointer and probable crash. A typical example in PL/pgSQL is a COMMIT immediately followed by a BEGIN ... EXCEPTION block that performs a query. Clean up correctly if a transaction fails after exporting its snapshot (Dilip Kumar) This oversight would only cause a problem if the same session attempted to export a snapshot again. The most likely scenario for that is creation of a replication slot (followed by rollback) and then creation of another replication slot. Prevent wraparound of overflowed-subtransaction tracking on standby servers (Kyotaro Horiguchi, Alexander Korotkov) This oversight could cause significant performance degradation (manifesting as excessive SubtransSLRU traffic) on standby servers. Ensure that prepared transactions are properly accounted for during promotion of a standby server (Michael Paquier, Andres Freund) There was a narrow window where a prepared transaction could be omitted from a snapshot taken by a concurrently-running session. If that session then used the snapshot to perform data updates, erroneous results or data corruption could occur. Fix could not find RecursiveUnion error when EXPLAIN tries to print a filter condition attached to a WorkTableScan node (Tom Lane) Ensure that the correct lock level is used when renaming a table (Nathan Bossart, Álvaro Herrera) For historical reasons, ALTER INDEX ... RENAME can be applied to any sort of relation. The lock level required to rename an index is lower than that required to rename a table or other kind of relation, but the code got this wrong and would use the weaker lock level whenever the command is spelled ALTER INDEX. Avoid null-pointer-dereference crash when dropping a role that owns objects being dropped concurrently (Álvaro Herrera) Prevent snapshot reference leak warning when lo_export() or a related function fails (Heikki Linnakangas) Fix inefficient code generation for CoerceToDomain expression nodes (Ranier Vilela) Avoid O(N^2) behavior in some list-manipulation operations (Nathan Bossart, Tom Lane) These changes fix slow processing in several scenarios, including: when a standby replays a transaction that held many exclusive locks on the primary; when many files are due to be unlinked after a checkpoint; when hash aggregation involves many batches; and when pg_trgm extracts indexable conditions from a complex regular expression. Only the first of these scenarios has actually been reported from the field, but they all seem like plausible consequences of inefficient list deletions. Add more defensive checks around B-tree posting list splits (Peter Geoghegan) This change should help detect index corruption involving duplicate table TIDs. Avoid assertion failure when inserting NaN into a BRIN float8 or float4 minmax_multi_ops index (Tomas Vondra) In production builds, such cases would result in a somewhat inefficient, but not actually incorrect, index. Allow the autovacuum launcher process to respond to pg_log_backend_memory_contexts() requests more quickly (Koyu Tanigawa) Fix memory leak in HMAC hash calculations (Sergey Shinderuk) Disallow setting huge_pages to on when shared_memory_type is sysv (Thomas Munro) Previously, this setting was accepted, but it did nothing for lack of any implementation. Fix checking of query type in PL/pgSQL's RETURN QUERY statement (Tom Lane) RETURN QUERY should accept any query that can return tuples, e.g. UPDATE RETURNING. v14 accidentally disallowed anything but SELECT; moreover, the RETURN QUERY EXECUTE variant failed to apply any query-type check at all. Fix pg_dump to dump non-global default privileges correctly (Neil Chen, Masahiko Sawada) If a global (unrestricted) ALTER DEFAULT PRIVILEGES command revoked some present-by-default privilege, for example EXECUTE for functions, and then a restricted ALTER DEFAULT PRIVILEGES command granted that privilege again for a selected role or schema, pg_dump failed to dump the restricted privilege grant correctly. Make pg_dump acquire shared lock on partitioned tables that are to be dumped (Tom Lane) This oversight was usually pretty harmless, since once pg_dump has locked any of the leaf partitions, that would suffice to prevent significant DDL on the partitioned table itself. However problems could ensue when dumping a childless partitioned table, since no relevant lock would be held. Fix crash in pg_dump when attempting to dump trigger definitions from a pre-8.3 server (Tom Lane) Fix incorrect filename in pg_restore's error message about an invalid large object TOC file (Daniel Gustafsson) Ensure that pgbench exits with non-zero status after a socket-level failure (Yugo Nagata, Fabien Coelho) The desired behavior is to finish out the run but then exit with status 2. Also, fix the reporting of such errors. Prevent pg_amcheck from checking temporary relations, as well as indexes that are invalid or not ready (Mark Dilger) This avoids unhelpful checks of relations that will almost certainly appear inconsistent. Make contrib/amcheck skip unlogged tables when running on a standby server (Mark Dilger) It's appropriate to do this since such tables will be empty, and unlogged indexes were already handled similarly. Change contrib/pg_stat_statements to read its query texts file in units of at most 1GB (Tom Lane) Such large query text files are very unusual, but if they do occur, the previous coding would fail on Windows 64 (which rejects individual read requests of more than 2GB). Fix null-pointer crash when contrib/postgres_fdw tries to report a data conversion error (Tom Lane) Ensure that GetSharedSecurityLabel() can be used in a newly-started session that has not yet built its critical relation cache entries (Jeff Davis) When running a TAP test, include the module's own directory in PATH (Andrew Dunstan) This allows tests to find built programs that are not installed, such as custom test drivers. Use the CLDR project's data to map Windows time zone names to IANA time zones (Tom Lane) When running on Windows, initdb attempts to set the new cluster's timezone parameter to the IANA time zone matching the system's prevailing time zone. We were using a mapping table that we'd generated years ago and updated only fitfully; unsurprisingly, it contained a number of errors as well as omissions of recently-added zones. It turns out that CLDR has been tracking the most appropriate mappings, so start using their data. This change will not affect any existing installation, only newly-initialized clusters. Update time zone data files to tzdata release 2021e for DST law changes in Fiji, Jordan, Palestine, and Samoa, plus historical corrections for Barbados, Cook Islands, Guyana, Niue, Portugal, and Tonga. Also, the Pacific/Enderbury zone has been renamed to Pacific/Kanton. Also, the following zones have been merged into nearby, more-populous zones whose clocks have agreed with them since 1970: Africa/Accra, America/Atikokan, America/Blanc-Sablon, America/Creston, America/Curacao, America/Nassau, America/Port_of_Spain, Antarctica/DumontDUrville, and Antarctica/Syowa. In all these cases, the previous zone name remains as an alias. 2021-09-30 PostgreSQL 14 contains many new features and enhancements, including: Stored procedures can now return data via OUT parameters. The SQL-standard SEARCH and CYCLE options for common table expressions have been implemented. Subscripting can now be applied to any data type for which it is a useful notation, not only arrays. In this release, the jsonb and hstore types have gained subscripting operators. Range types have been extended by adding multiranges, allowing representation of noncontiguous data ranges. Numerous performance improvements have been made for parallel queries, heavily-concurrent workloads, partitioned tables, logical replication, and vacuuming. B-tree index updates are managed more efficiently, reducing index bloat. VACUUM automatically becomes more aggressive, and skips inessential cleanup, if the database starts to approach a transaction ID wraparound condition. Extended statistics can now be collected on expressions, allowing better planning results for complex queries. libpq now has the ability to pipeline multiple queries, which can boost throughput over high-latency connections. The above items and other new features of PostgreSQL 14 are explained in more detail in the sections below. A dump/restore using or use of or logical replication is required for those wishing to migrate data from any previous release. See for general information on migrating to new major releases. Version 14 contains a number of changes that may affect compatibility with previous releases. Observe the following incompatibilities: User-defined objects that reference certain built-in array functions along with their argument types must be recreated (Tom Lane) Specifically, array_append(), array_prepend(), array_cat(), array_position(), array_positions(), array_remove(), array_replace(), and width_bucket() used to take anyarray arguments but now take anycompatiblearray. Therefore, user-defined objects like aggregates and operators that reference those array function signatures must be dropped before upgrading, and recreated once the upgrade completes. Remove deprecated containment operators @ and ~ for built-in geometric data types and contrib modules , , , and (Justin Pryzby) The more consistently named <@ and @> have been recommended for many years. Fix to_tsquery() and websearch_to_tsquery() to properly parse query text containing discarded tokens (Alexander Korotkov) Certain discarded tokens, like underscore, caused the output of these functions to produce incorrect tsquery output, e.g., both websearch_to_tsquery('"pg_class pg"') and to_tsquery('pg_class <-> pg') used to output ( 'pg' & 'class' ) <-> 'pg', but now both output 'pg' <-> 'class' <-> 'pg'. Fix websearch_to_tsquery() to properly parse multiple adjacent discarded tokens in quotes (Alexander Korotkov) Previously, quoted text that contained multiple adjacent discarded tokens was treated as multiple tokens, causing incorrect tsquery output, e.g., websearch_to_tsquery('"aaa: bbb"') used to output 'aaa' <2> 'bbb', but now outputs 'aaa' <-> 'bbb'. Change EXTRACT() to return type numeric instead of float8 (Peter Eisentraut) This avoids loss-of-precision issues in some usages. The old behavior can still be obtained by using the old underlying function date_part(). Also, EXTRACT(date) now throws an error for units that are not part of the date data type. Change var_samp() and stddev_samp() with numeric parameters to return NULL when the input is a single NaN value (Tom Lane) Previously NaN was returned. Return false for has_column_privilege() checks on non-existent or dropped columns when using attribute numbers (Joe Conway) Previously such attribute numbers returned an invalid-column error. Fix handling of infinite window function ranges (Tom Lane) Previously window frame clauses like 'inf' PRECEDING AND 'inf' FOLLOWING returned incorrect results. Remove factorial operators ! and !!, as well as function numeric_fac() (Mark Dilger) The factorial() function is still supported. Disallow factorial() of negative numbers (Peter Eisentraut) Previously such cases returned 1. Remove support for postfix (right-unary) operators (Mark Dilger) pg_dump and pg_upgrade will warn if postfix operators are being dumped. Allow \D and \W shorthands to match newlines in regular expression newline-sensitive mode (Tom Lane) Previously they did not match newlines in this mode, but that disagrees with the behavior of other common regular expression engines. [^[:digit:]] or [^[:word:]] can be used to get the old behavior. Disregard constraints when matching regular expression back-references (Tom Lane) For example, in (^\d+).*\1, the ^ constraint should be applied at the start of the string, but not when matching \1. Disallow \w as a range start or end in regular expression character classes (Tom Lane) This previously was allowed but produced unexpected results. Require custom server parameter names to use only characters that are valid in unquoted SQL identifiers (Tom Lane) Change the default of the server parameter to scram-sha-256 (Peter Eisentraut) Previously it was md5. All new passwords will be stored as SHA256 unless this server setting is changed or the password is specified in MD5 format. Also, the legacy (and undocumented) Boolean-like values which were previously synonyms for md5 are no longer accepted. Remove server parameter vacuum_cleanup_index_scale_factor (Peter Geoghegan) This setting was ignored starting in PostgreSQL version 13.3. Remove server parameter operator_precedence_warning (Tom Lane) This setting was used for warning applications about PostgreSQL 9.5 changes. Overhaul the specification of clientcert in pg_hba.conf (Kyotaro Horiguchi) Values 1/0/no-verify are no longer supported; only the strings verify-ca and verify-full can be used. Also, disallow verify-ca if cert authentication is enabled since cert requires verify-full checking. Remove support for SSL compression (Daniel Gustafsson, Michael Paquier) This was already disabled by default in previous PostgreSQL releases, and most modern OpenSSL and TLS versions no longer support it. Remove server and libpq support for the version 2 wire protocol (Heikki Linnakangas) This was last used as the default in PostgreSQL 7.3 (released in 2002). Disallow single-quoting of the language name in the CREATE/DROP LANGUAGE command (Peter Eisentraut) Remove the composite types that were formerly created for sequences and toast tables (Tom Lane) Process doubled quote marks in ecpg SQL command strings correctly (Tom Lane) Previously 'abc''def' was passed to the server as 'abc'def', and "abc""def" was passed as "abc"def", causing syntax errors. Prevent the containment operators (<@ and @>) for from using GiST indexes (Tom Lane) Previously a full GiST index scan was required, so just avoid that and scan the heap, which is faster. Indexes created for this purpose should be removed. Remove contrib program pg_standby (Justin Pryzby) Prevent 's function normal_rand() from accepting negative values (Ashutosh Bapat) Negative values produced undesirable results. Below you will find a detailed account of the changes between PostgreSQL 14 and the previous major release. Add predefined roles pg_read_all_data and pg_write_all_data (Stephen Frost) These non-login roles can be used to give read or write permission to all tables, views, and sequences. Add predefined role pg_database_owner that contains only the current database's owner (Noah Misch) This is especially useful in template databases. Remove temporary files after backend crashes (Euler Taveira) Previously, such files were retained for debugging purposes. If necessary, deletion can be disabled with the new server parameter . Allow long-running queries to be canceled if the client disconnects (Sergey Cherkashin, Thomas Munro) The server parameter allows control over whether loss of connection is checked for intra-query. (This is supported on Linux and a few other operating systems.) Add an optional timeout parameter to pg_terminate_backend() (Magnus Hagander) Allow wide tuples to be always added to almost-empty heap pages (John Naylor, Floris van Nee) Previously tuples whose insertion would have exceeded the page's fill factor were instead added to new pages. Add Server Name Indication (SNI) in SSL connection packets (Peter Eisentraut) This can be disabled by turning off client connection option sslsni. Allow vacuum to skip index vacuuming when the number of removable index entries is insignificant (Masahiko Sawada, Peter Geoghegan) The vacuum parameter INDEX_CLEANUP has a new default of auto that enables this optimization. Allow vacuum to more eagerly add deleted btree pages to the free space map (Peter Geoghegan) Previously vacuum could only add pages to the free space map that were marked as deleted by previous vacuums. Allow vacuum to reclaim space used by unused trailing heap line pointers (Matthias van de Meent, Peter Geoghegan) Allow vacuum to be more aggressive in removing dead rows during minimal-locking index operations (Álvaro Herrera) Specifically, CREATE INDEX CONCURRENTLY and REINDEX CONCURRENTLY no longer limit the dead row removal of other relations. Speed up vacuuming of databases with many relations (Tatsuhito Kasahara) Reduce the default value of to better reflect current hardware capabilities (Peter Geoghegan) Add ability to skip vacuuming of TOAST tables (Nathan Bossart) VACUUM now has a PROCESS_TOAST option which can be set to false to disable TOAST processing, and vacuumdb has a --no-process-toast option. Have COPY FREEZE appropriately update page visibility bits (Anastasia Lubennikova, Pavan Deolasee, Jeff Janes) Cause vacuum operations to be more aggressive if the table is near xid or multixact wraparound (Masahiko Sawada, Peter Geoghegan) This is controlled by and . Increase warning time and hard limit before transaction id and multi-transaction wraparound (Noah Misch) This should reduce the possibility of failures that occur without having issued warnings about wraparound. Add per-index information to autovacuum logging output (Masahiko Sawada) Improve the performance of updates and deletes on partitioned tables with many partitions (Amit Langote, Tom Lane) This change greatly reduces the planner's overhead for such cases, and also allows updates/deletes on partitioned tables to use execution-time partition pruning. Allow partitions to be detached in a non-blocking manner (Álvaro Herrera) The syntax is ALTER TABLE ... DETACH PARTITION ... CONCURRENTLY, and FINALIZE. Ignore COLLATE clauses in partition boundary values (Tom Lane) Previously any such clause had to match the collation of the partition key; but it's more consistent to consider that it's automatically coerced to the collation of the partition key. Allow btree index additions to remove expired index entries to prevent page splits (Peter Geoghegan) This is particularly helpful for reducing index bloat on tables whose indexed columns are frequently updated. Allow BRIN indexes to record multiple min/max values per range (Tomas Vondra) This is useful if there are groups of values in each page range. Allow BRIN indexes to use bloom filters (Tomas Vondra) This allows BRIN indexes to be used effectively with data that is not well-localized in the heap. Allow some GiST indexes to be built by presorting the data (Andrey Borodin) Presorting happens automatically and allows for faster index creation and smaller indexes. Allow SP-GiST indexes to contain INCLUDE'd columns (Pavel Borisov) Allow hash lookup for IN clauses with many constants (James Coleman, David Rowley) Previously the code always sequentially scanned the list of values. Increase the number of places extended statistics can be used for OR clause estimation (Tomas Vondra, Dean Rasheed) Allow extended statistics on expressions (Tomas Vondra) This allows statistics on a group of expressions and columns, rather than only columns like previously. System view pg_stats_ext_exprs reports such statistics. Allow efficient heap scanning of a range of TIDs (Edmund Horner, David Rowley) Previously a sequential scan was required for non-equality TID specifications. Fix EXPLAIN CREATE TABLE AS and EXPLAIN CREATE MATERIALIZED VIEW to honor IF NOT EXISTS (Bharath Rupireddy) Previously, if the object already existed, EXPLAIN would fail. Improve the speed of computing MVCC visibility snapshots on systems with many CPUs and high session counts (Andres Freund) This also improves performance when there are many idle sessions. Add executor method to memoize results from the inner side of a nested-loop join (David Rowley) This is useful if only a small percentage of rows is checked on the inner side. It can be disabled via server parameter . Allow window functions to perform incremental sorts (David Rowley) Improve the I/O performance of parallel sequential scans (Thomas Munro, David Rowley) This was done by allocating blocks in groups to parallel workers. Allow a query referencing multiple foreign tables to perform foreign table scans in parallel (Robert Haas, Kyotaro Horiguchi, Thomas Munro, Etsuro Fujita) postgres_fdw supports this type of scan if async_capable is set. Allow analyze to do page prefetching (Stephen Frost) This is controlled by . Improve performance of regular expression searches (Tom Lane) Dramatically improve Unicode normalization performance (John Naylor) This speeds normalize() and IS NORMALIZED. Add ability to use LZ4 compression on TOAST data (Dilip Kumar) This can be set at the column level, or set as a default via server parameter . The server must be compiled with --with-lz4 to support this feature. The default setting is still pglz. If server parameter is enabled, display the query id in pg_stat_activity, EXPLAIN VERBOSE, csvlog, and optionally in (Julien Rouhaud) A query id computed by an extension will also be displayed. Improve logging of auto-vacuum and auto-analyze (Stephen Frost, Jakub Wartak) This reports I/O timings for auto-vacuum and auto-analyze if is enabled. Also, report buffer read and dirty rates for auto-analyze. Add information about the original user name supplied by the client to the output of (Jacob Champion) Add system view pg_stat_progress_copy to report COPY progress (Josef Šimánek, Matthias van de Meent) Add system view pg_stat_wal to report WAL activity (Masahiro Ikeda) Add system view pg_stat_replication_slots to report replication slot activity (Masahiko Sawada, Amit Kapila, Vignesh C) The function pg_stat_reset_replication_slot() resets slot statistics. Add system view pg_backend_memory_contexts to report session memory usage (Atsushi Torikoshi, Fujii Masao) Add function pg_log_backend_memory_contexts() to output the memory contexts of arbitrary backends (Atsushi Torikoshi) Add session statistics to the pg_stat_database system view (Laurenz Albe) Add columns to pg_prepared_statements to report generic and custom plan counts (Atsushi Torikoshi, Kyotaro Horiguchi) Add lock wait start time to pg_locks (Atsushi Torikoshi) Make the archiver process visible in pg_stat_activity (Kyotaro Horiguchi) Add wait event WalReceiverExit to report WAL receiver exit wait time (Fujii Masao) Implement information schema view routine_column_usage to track columns referenced by function and procedure default expressions (Peter Eisentraut) Allow an SSL certificate's distinguished name (DN) to be matched for client certificate authentication (Andrew Dunstan) The new pg_hba.conf option clientname=DN allows comparison with certificate attributes beyond the CN and can be combined with ident maps. Allow pg_hba.conf and pg_ident.conf records to span multiple lines (Fabien Coelho) A backslash at the end of a line allows record contents to be continued on the next line. Allow the specification of a certificate revocation list (CRL) directory (Kyotaro Horiguchi) This is controlled by server parameter and libpq connection option . Previously only single CRL files could be specified. Allow passwords of an arbitrary length (Tom Lane, Nathan Bossart) Add server parameter to close idle sessions (Li Japin) This is similar to . Change default to 0.9 (Stephen Frost) The previous default was 0.5. Allow %P in to report the parallel group leader's PID for a parallel worker (Justin Pryzby) Allow to specify paths as individual, comma-separated quoted strings (Ian Lawrence Barwick) Previously all the paths had to be in a single quoted string. Allow startup allocation of dynamic shared memory (Thomas Munro) This is controlled by . This allows more use of huge pages. Add server parameter to control the size of huge pages used on Linux (Odin Ugedal) Allow standby servers to be rewound via pg_rewind (Heikki Linnakangas) Allow the setting to be changed during a server reload (Sergei Kornilov) You can also set restore_command to an empty string and reload to force recovery to only read from the pg_wal directory. Add server parameter to report long recovery conflict wait times (Bertrand Drouvot, Masahiko Sawada) Pause recovery on a hot standby server if the primary changes its parameters in a way that prevents replay on the standby (Peter Eisentraut) Previously the standby would shut down immediately. Add function pg_get_wal_replay_pause_state() to report the recovery state (Dilip Kumar) It gives more detailed information than pg_is_wal_replay_paused(), which still exists. Add new read-only server parameter (Haribabu Kommi, Greg Nancarrow, Tom Lane) This allows clients to easily detect whether they are connected to a hot standby server. Speed truncation of small tables during recovery on clusters with a large number of shared buffers (Kirk Jamison) Allow file system sync at the start of crash recovery on Linux (Thomas Munro) By default, PostgreSQL opens and fsyncs each data file in the database cluster at the start of crash recovery. A new setting, =syncfs, instead syncs each filesystem used by the cluster. This allows for faster recovery on systems with many database files. Add function pg_xact_commit_timestamp_origin() to return the commit timestamp and replication origin of the specified transaction (Movead Li) Add the replication origin to the record returned by pg_last_committed_xact() (Movead Li) Allow replication origin functions to be controlled using standard function permission controls (Martín Marqués) Previously these functions could only be executed by superusers, and this is still the default. Allow logical replication to stream long in-progress transactions to subscribers (Dilip Kumar, Amit Kapila, Ajin Cherian, Tomas Vondra, Nikhil Sontakke, Stas Kelvich) Previously transactions that exceeded were written to disk until the transaction completed. Enhance the logical replication API to allow streaming large in-progress transactions (Tomas Vondra, Dilip Kumar, Amit Kapila) The output functions begin with stream. test_decoding also supports these. Allow multiple transactions during table sync in logical replication (Peter Smith, Amit Kapila, Takamichi Osumi) Immediately WAL-log subtransaction and top-level XID association (Tomas Vondra, Dilip Kumar, Amit Kapila) This is useful for logical decoding. Enhance logical decoding APIs to handle two-phase commits (Ajin Cherian, Amit Kapila, Nikhil Sontakke, Stas Kelvich) This is controlled via pg_create_logical_replication_slot(). Add cache invalidation messages to the WAL during command completion when using logical replication (Dilip Kumar, Tomas Vondra, Amit Kapila) This allows logical streaming of in-progress transactions. When logical replication is disabled, invalidation messages are generated only at transaction completion. Allow logical decoding to more efficiently process cache invalidation messages (Dilip Kumar) This allows logical decoding to work efficiently in presence of a large amount of DDL. Allow control over whether logical decoding messages are sent to the replication stream (David Pirotte, Euler Taveira) Allow logical replication subscriptions to use binary transfer mode (Dave Cramer) This is faster than text mode, but slightly less robust. Allow logical decoding to be filtered by xid (Markus Wanner) Reduce the number of keywords that can't be used as column labels without AS (Mark Dilger) There are now 90% fewer restricted keywords. Allow an alias to be specified for JOIN's USING clause (Peter Eisentraut) The alias is created by writing AS after the USING clause. It can be used as a table qualification for the merged USING columns. Allow DISTINCT to be added to GROUP BY to remove duplicate GROUPING SET combinations (Vik Fearing) For example, GROUP BY CUBE (a,b), CUBE (b,c) will generate duplicate grouping combinations without DISTINCT. Properly handle DEFAULT entries in multi-row VALUES lists in INSERT (Dean Rasheed) Such cases used to throw an error. Add SQL-standard SEARCH and CYCLE clauses for common table expressions (Peter Eisentraut) The same results could be accomplished using existing syntax, but much less conveniently. Allow column names in the WHERE clause of ON CONFLICT to be table-qualified (Tom Lane) Only the target table can be referenced, however. Allow REFRESH MATERIALIZED VIEW to use parallelism (Bharath Rupireddy) Allow REINDEX to change the tablespace of the new index (Alexey Kondratov, Michael Paquier, Justin Pryzby) This is done by specifying a TABLESPACE clause. A --tablespace option was also added to reindexdb to control this. Allow REINDEX to process all child tables or indexes of a partitioned relation (Justin Pryzby, Michael Paquier) Allow index commands using CONCURRENTLY to avoid waiting for the completion of other operations using CONCURRENTLY (Álvaro Herrera) Improve the performance of COPY FROM in binary mode (Bharath Rupireddy, Amit Langote) Preserve SQL standard syntax for SQL-defined functions in view definitions (Tom Lane) Previously, calls to SQL-standard functions such as EXTRACT() were shown in plain function-call syntax. The original syntax is now preserved when displaying a view or rule. Add the SQL-standard clause GRANTED BY to GRANT and REVOKE (Peter Eisentraut) Add OR REPLACE option for CREATE TRIGGER (Takamichi Osumi) This allows pre-existing triggers to be conditionally replaced. Allow TRUNCATE to operate on foreign tables (Kazutaka Onishi, Kohei KaiGai) The postgres_fdw module also now supports this. Allow publications to be more easily added to and removed from a subscription (Japin Li) The new syntax is ALTER SUBSCRIPTION ... ADD/DROP PUBLICATION. This avoids having to specify all publications to add/remove entries. Add primary keys, unique constraints, and foreign keys to system catalogs (Peter Eisentraut) These changes help GUI tools analyze the system catalogs. The existing unique indexes of catalogs now have associated UNIQUE or PRIMARY KEY constraints. Foreign key relationships are not actually stored or implemented as constraints, but can be obtained for display from the function pg_get_catalog_foreign_keys(). Allow CURRENT_ROLE every place CURRENT_USER is accepted (Peter Eisentraut) Allow extensions and built-in data types to implement subscripting (Dmitry Dolgov) Previously subscript handling was hard-coded into the server, so that subscripting could only be applied to array types. This change allows subscript notation to be used to extract or assign portions of a value of any type for which the concept makes sense. Allow subscripting of JSONB (Dmitry Dolgov) JSONB subscripting can be used to extract and assign to portions of JSONB documents. Add support for multirange data types (Paul Jungwirth, Alexander Korotkov) These are like range data types, but they allow the specification of multiple, ordered, non-overlapping ranges. An associated multirange type is automatically created for every range type. Add support for the stemming of languages Armenian, Basque, Catalan, Hindi, Serbian, and Yiddish (Peter Eisentraut) Allow tsearch data files to have unlimited line lengths (Tom Lane) The previous limit was 4K bytes. Also remove function t_readline(). Add support for Infinity and -Infinity values in the numeric data type (Tom Lane) Floating-point data types already supported these. Add point operators <<| and |>> representing strictly above/below tests (Emre Hasegeli) Previously these were called >^ and <^, but that naming is inconsistent with other geometric data types. The old names remain available, but may someday be removed. Add operators to add and subtract LSN and numeric (byte) values (Fujii Masao) Allow binary data transfer to be more forgiving of array and record OID mismatches (Tom Lane) Create composite array types for system catalogs (Wenjing Zeng) User-defined relations have long had composite types associated with them, and also array types over those composite types. System catalogs now do as well. This change also fixes an inconsistency that creating a user-defined table in single-user mode would fail to create a composite array type. Allow SQL-language functions and procedures to use SQL-standard function bodies (Peter Eisentraut) Previously only string-literal function bodies were supported. When writing a function or procedure in SQL-standard syntax, the body is parsed immediately and stored as a parse tree. This allows better tracking of function dependencies, and can have security benefits. Allow procedures to have OUT parameters (Peter Eisentraut) Allow some array functions to operate on a mix of compatible data types (Tom Lane) The functions array_append(), array_prepend(), array_cat(), array_position(), array_positions(), array_remove(), array_replace(), and width_bucket() now take anycompatiblearray instead of anyarray arguments. This makes them less fussy about exact matches of argument types. Add SQL-standard trim_array() function (Vik Fearing) This could already be done with array slices, but less easily. Add bytea equivalents of ltrim() and rtrim() (Joel Jacobson) Support negative indexes in split_part() (Nikhil Benesch) Negative values start from the last field and count backward. Add string_to_table() function to split a string on delimiters (Pavel Stehule) This is similar to the regexp_split_to_table() function. Add unistr() function to allow Unicode characters to be specified as backslash-hex escapes in strings (Pavel Stehule) This is similar to how Unicode can be specified in literal strings. Add bit_xor() XOR aggregate function (Alexey Bashtanov) Add function bit_count() to return the number of bits set in a bit or byte string (David Fetter) Add date_bin() function (John Naylor) This function bins input timestamps, grouping them into intervals of a uniform length aligned with a specified origin. Allow make_timestamp()/make_timestamptz() to accept negative years (Peter Eisentraut) Negative values are interpreted as BC years. Add newer regular expression substring() syntax (Peter Eisentraut) The new SQL-standard syntax is SUBSTRING(text SIMILAR pattern ESCAPE escapechar). The previous standard syntax was SUBSTRING(text FROM pattern FOR escapechar), which is still accepted by PostgreSQL. Allow complemented character class escapes \D, \S, and \W within regular expression brackets (Tom Lane) Add [[:word:]] as a regular expression character class, equivalent to \w (Tom Lane) Allow more flexible data types for default values of lead() and lag() window functions (Vik Fearing) Make non-zero floating-point values divided by infinity return zero (Kyotaro Horiguchi) Previously such operations produced underflow errors. Make floating-point division of NaN by zero return NaN (Tom Lane) Previously this returned an error. Cause exp() and power() for negative-infinity exponents to return zero (Tom Lane) Previously they often returned underflow errors. Improve the accuracy of geometric computations involving infinity (Tom Lane) Mark built-in type coercion functions as leakproof where possible (Tom Lane) This allows more use of functions that require type conversion in security-sensitive situations. Change pg_describe_object(), pg_identify_object(), and pg_identify_object_as_address() to always report helpful error messages for non-existent objects (Michael Paquier) Improve PL/pgSQL's expression and assignment parsing (Tom Lane) This change allows assignment to array slices and nested record fields. Allow plpgsql's RETURN QUERY to execute its query using parallelism (Tom Lane) Improve performance of repeated CALLs within plpgsql procedures (Pavel Stehule, Tom Lane) Add pipeline mode to libpq (Craig Ringer, Matthieu Garrigues, Álvaro Herrera) This allows multiple queries to be sent, only waiting for completion when a specific synchronization message is sent. Enhance libpq's target_session_attrs parameter options (Haribabu Kommi, Greg Nancarrow, Vignesh C, Tom Lane) The new options are read-only, primary, standby, and prefer-standby. Improve the output format of libpq's PQtrace() (Aya Iwata, Álvaro Herrera) Allow an ECPG SQL identifier to be linked to a specific connection (Hayato Kuroda) This is done via DECLARE ... STATEMENT. Allow vacuumdb to skip index cleanup and truncation (Nathan Bossart) The options are --no-index-cleanup and --no-truncate. Allow pg_dump to dump only certain extensions (Guillaume Lelarge) This is controlled by option --extension. Add pgbench permute() function to randomly shuffle values (Fabien Coelho, Hironobu Suzuki, Dean Rasheed) Include disconnection times in the reconnection overhead measured by pgbench with -C (Yugo Nagata) Allow multiple verbose option specifications (-v) to increase the logging verbosity (Tom Lane) This behavior is supported by pg_dump, pg_dumpall, and pg_restore. Allow psql's \df and \do commands to specify function and operator argument types (Greg Sabino Mullane, Tom Lane) This helps reduce the number of matches printed for overloaded names. Add an access method column to psql's \d[i|m|t]+ output (Georgios Kokolatos) Allow psql's \dt and \di to show TOAST tables and their indexes (Justin Pryzby) Add psql command \dX to list extended statistics objects (Tatsuro Yamada) Fix psql's \dT to understand array syntax and backend grammar aliases, like int for integer (Greg Sabino Mullane, Tom Lane) When editing the previous query or a file with psql's \e, or using \ef and \ev, ignore the results if the editor exits without saving (Laurenz Albe) Previously, such edits would load the previous query into the query buffer, and typically execute it immediately. This was deemed to be probably not what the user wants. Improve tab completion (Vignesh C, Michael Paquier, Justin Pryzby, Georgios Kokolatos, Julien Rouhaud) Add command-line utility pg_amcheck to simplify running contrib/amcheck tests on many relations (Mark Dilger) Add --no-instructions option to initdb (Magnus Hagander) This suppresses the server startup instructions that are normally printed. Stop pg_upgrade from creating analyze_new_cluster script (Magnus Hagander) Instead, give comparable vacuumdb instructions. Remove support for the postmaster -o option (Magnus Hagander) This option was unnecessary since all passed options could already be specified directly. Rename "Default Roles" to "Predefined Roles" (Bruce Momjian, Stephen Frost) Add documentation for the factorial() function (Peter Eisentraut) With the removal of the ! operator in this release, factorial() is the only built-in way to compute a factorial. Add configure option --with-ssl={openssl} to allow future choice of the SSL library to use (Daniel Gustafsson, Michael Paquier) The spelling --with-openssl is kept for compatibility. Add support for abstract Unix-domain sockets (Peter Eisentraut) This is currently supported on Linux and Windows. Allow Windows to properly handle files larger than four gigabytes (Juan José Santamaría Flecha) For example this allows COPY, WAL files, and relation segment files to be larger than four gigabytes. Add server parameter to control cache flushing for test purposes (Craig Ringer) Previously this behavior could only be set at compile time. To invoke it during initdb, use the new option --discard-caches. Various improvements in valgrind error detection ability (Álvaro Herrera, Peter Geoghegan) Add a test module for the regular expression package (Tom Lane) Add support for LLVM version 12 (Andres Freund) Change SHA1, SHA2, and MD5 hash computations to use the OpenSSL EVP API (Michael Paquier) This is more modern and supports FIPS mode. Remove separate build-time control over the choice of random number generator (Daniel Gustafsson) This is now always determined by the choice of SSL library. Add direct conversion routines between EUC_TW and Big5 encodings (Heikki Linnakangas) Add collation version support for FreeBSD (Thomas Munro) Add amadjustmembers to the index access method API (Tom Lane) This allows an index access method to provide validity checking during creation of a new operator class or family. Provide feature-test macros in libpq-fe.h for recently-added libpq features (Tom Lane, Álvaro Herrera) Historically, applications have usually used compile-time checks of PG_VERSION_NUM to test whether a feature is available. But that's normally the server version, which might not be a good guide to libpq's version. libpq-fe.h now offers #define symbols denoting application-visible features added in v14; the intent is to keep adding symbols for such features in future versions. Allow subscripting of hstore values (Tom Lane, Dmitry Dolgov) Allow GiST/GIN pg_trgm indexes to do equality lookups (Julien Rouhaud) This is similar to LIKE except no wildcards are honored. Allow the cube data type to be transferred in binary mode (KaiGai Kohei) Allow pgstattuple_approx() to report on TOAST tables (Peter Eisentraut) Add contrib module pg_surgery which allows changes to row visibility (Ashutosh Sharma) This is useful for correcting database corruption. Add contrib module old_snapshot to report the XID/time mapping used by an active (Robert Haas) Allow amcheck to also check heap pages (Mark Dilger) Previously it only checked B-Tree index pages. Allow pageinspect to inspect GiST indexes (Andrey Borodin, Heikki Linnakangas) Change pageinspect block numbers to be bigints (Peter Eisentraut) Mark btree_gist functions as parallel safe (Steven Winfield) Move query hash computation from pg_stat_statements to the core server (Julien Rouhaud) The new server parameter 's default of auto will automatically enable query id computation when this extension is loaded. Cause pg_stat_statements to track top and nested statements separately (Julien Rohaud) Previously, when tracking all statements, identical top and nested statements were tracked as a single entry; but it seems more useful to separate such usages. Add row counts for utility commands to pg_stat_statements (Fujii Masao, Katsuragi Yuta, Seino Yuki) Add pg_stat_statements_info system view to show pg_stat_statements activity (Katsuragi Yuta, Yuki Seino, Naoki Nakamichi) Allow postgres_fdw to INSERT rows in bulk (Takayuki Tsunakawa, Tomas Vondra, Amit Langote) Allow postgres_fdw to import table partitions if specified by IMPORT FOREIGN SCHEMA ... LIMIT TO (Matthias van de Meent) By default, only the root of a partitioned table is imported. Add postgres_fdw function postgres_fdw_get_connections() to report open foreign server connections (Bharath Rupireddy) Allow control over whether foreign servers keep connections open after transaction completion (Bharath Rupireddy) This is controlled by keep_connections and defaults to on. Allow postgres_fdw to reestablish foreign server connections if necessary (Bharath Rupireddy) Previously foreign server restarts could cause foreign table access errors. Add postgres_fdw functions to discard cached connections (Bharath Rupireddy) The following individuals (in alphabetical order) have contributed to this release as patch authors, committers, reviewers, testers, or reporters of issues. Abhijit Menon-Sen Ádám Balogh Adrian Ho Ahsan Hadi Ajin Cherian Aleksander Alekseev Alessandro Gherardi Alex Kozhemyakin Alexander Korotkov Alexander Lakhin Alexander Nawratil Alexander Pyhalov Alexandra Wang Alexey Bashtanov Alexey Bulgakov Alexey Kondratov Álvaro Herrera Amit Kapila Amit Khandekar Amit Langote Amul Sul Anastasia Lubennikova Andreas Grob Andreas Kretschmer Andreas Seltenreich Andreas Wicht Andres Freund Andrew Bille Andrew Dunstan Andrew Gierth Andrey Borodin Andrey Lepikhov Andy Fan Anton Voloshin Antonin Houska Arne Roland Arseny Sher Arthur Nascimento Arthur Zakirov Ashutosh Bapat Ashutosh Sharma Ashwin Agrawal Asif Rehman Asim Praveen Atsushi Torikoshi Aya Iwata Barry Pederson Bas Poot Bauyrzhan Sakhariyev Beena Emerson Benoît Lobréau Bernd Helmle Bernhard M. Wiedemann Bertrand Drouvot Bharath Rupireddy Boris Kolpackov Brar Piening Brian Ye Bruce Momjian Bryn Llewellyn Cameron Daniel Chapman Flack Charles Samborski Charlie Hornsby Chen Jiaoqian Chris Wilson Christian Quest Christoph Berg Christophe Courtois Corey Huinker Craig Ringer Dagfinn Ilmari Mannsåker Dana Burd Daniel Cherniy Daniel Gustafsson Daniel Vérité Daniel Westermann Daniele Varrazzo Dar Alathar-Yemen Darafei Praliaskouski Dave Cramer David Christensen David Fetter David G. Johnston David Geier David Gilman David Pirotte David Rowley David Steele David Turon David Zhang Dean Rasheed Denis Patron Dian Fay Dilip Kumar Dimitri Nüscheler Dmitriy Kuzmin Dmitry Dolgov Dmitry Marakasov Domagoj Smoljanovic Dong Wook Douglas Doole Duncan Sands Edmund Horner Edson Richter Egor Rogov Ekaterina Kiryanova Elena Indrupskaya Emil Iggland Emre Hasegeli Eric Thinnes Erik Rijkers Erwin Brandstetter Etienne Stalmans Etsuro Fujita Eugen Konkov Euler Taveira Fabien Coelho Fabrízio de Royes Mello Federico Caselli Felix Lechner Filip Gospodinov Floris Van Nee Frank Gagnepain Frits Jalvingh Georgios Kokolatos Greg Nancarrow Greg Rychlewski Greg Sabino Mullane Gregory Smith Grigory Smolkin Guillaume Lelarge Guy Burgess Guyren Howe Haiying Tang Hamid Akhtar Hans Buschmann Hao Wu Haribabu Kommi Harisai Hari Hayato Kuroda Heath Lord Heikki Linnakangas Henry Hinze Herwig Goemans Himanshu Upadhyaya Hironobu Suzuki Hiroshi Inoue Hisanori Kobayashi Honza Horak Hou Zhijie Hubert Lubaczewski Hubert Zhang Ian Barwick Ibrar Ahmed Ildus Kurbangaliev Isaac Morland Israel Barth Itamar Gafni Jacob Champion Jaime Casanova Jaime Soler Jakub Wartak James Coleman James Hilliard James Hunter James Inform Jan Mussler Japin Li Jasen Betts Jason Harvey Jason Kim Jeevan Ladhe Jeff Davis Jeff Janes Jelte Fennema Jeremy Evans Jeremy Finzel Jeremy Smith Jesse Kinkead Jesse Zhang Jie Zhang Jim Doty Jim Nasby Jimmy Angelakos Jimmy Yih Jiri Fejfar Joe Conway Joel Jacobson John Naylor John Thompson Jonathan Katz Josef Šimánek Joseph Nahmias Josh Berkus Juan José Santamaría Flecha Julien Rouhaud Junfeng Yang Jürgen Purtz Justin Pryzby Kazutaka Onishi Keisuke Kuroda Kelly Min Kensuke Okamura Kevin Sweet Kevin Yeap Kirk Jamison Kohei KaiGai Konstantin Knizhnik Kota Miyake Krzysztof Gradek Kuntal Ghosh Kyle Kingsbury Kyotaro Horiguchi Laurent Hasson Laurenz Albe Lee Dong Wook Li Japin Liu Huailing Luc Vlaming Ludovic Kuty Luis Roberto Lukas Eder Ma Liangzhu Maciek Sakrejda Madan Kumar Magnus Hagander Mahendra Singh Thalor Maksim Milyutin Marc Boeren Marcin Krupowicz Marco Atzeri Marek Szuba Marina Polyakova Mario Emmenlauer Mark Dilger Mark Wong Mark Zhao Markus Wanner Martín Marqués Martin Visser Masahiko Sawada Masahiro Ikeda Masao Fujii Mathis Rudolf Matthias van de Meent Matthieu Garrigues Matthijs van der Vleuten Maxim Orlov Melanie Plageman Merlin Moncure Michael Banck Michael Brown Michael Meskes Michael Paquier Michael Paul Killian Michael Powers Michael Vastola Michail Nikolaev Michal Albrycht Mikael Gustavsson Movead Li Muhammad Usama Nagaraj Raj Naoki Nakamichi Nathan Bossart Nathan Long Nazli Ugur Koyluoglu Neha Sharma Neil Chen Nick Cleaton Nico Williams Nikhil Benesch Nikhil Sontakke Nikita Glukhov Nikita Konev Nikolai Berkoff Nikolay Samokhvalov Nikolay Shaplov Nitin Jadhav Noah Misch Noriyoshi Shinoda Odin Ugedal Oleg Bartunov Oleg Samoilov Önder Kalaci Pascal Legrand Paul Förster Paul Guo Paul Jungwirth Paul Martinez Paul Sivash Pavan Deolasee Pavel Boev Pavel Borisov Pavel Luzanov Pavel Stehule Pengcheng Liu Peter Eisentraut Peter Geoghegan Peter Smith Peter Vandivier Petr Fedorov Petr Jelínek Phil Krylov Philipp Gramzow Philippe Beaudoin Phillip Menke Pierre Giraud Prabhat Sahu Quan Zongliang Rafi Shamim Rahila Syed Rajkumar Raghuwanshi Ranier Vilela Regina Obe Rémi Lapeyre Robert Foggia Robert Grange Robert Haas Robert Kahlert Robert Sosinski Robert Treat Robin Abbi Robins Tharakan Roger Mason Rohit Bhogate Roman Zharkov Ron L. Johnson Ronan Dunklau Ryan Lambert Ryo Matsumura Saeed Hubaishan Sait Talha Nisanci Sandro Mani Santosh Udupi Scott Ribe Sehrope Sarkuni Sergei Kornilov Sergey Bernikov Sergey Cherkashin Sergey Koposov Sergey Shinderuk Sergey Zubkovsky Shawn Wang Shay Rojansky Shi Yu Shinya Kato Shinya Okano Sigrid Ehrenreich Simon Norris Simon Riggs Sofoklis Papasofokli Soumyadeep Chakraborty Stas Kelvich Stephan Springl Stéphane Lorek Stephen Frost Steven Winfield Surafel Temesgen Suraj Kharage Sven Klemm Takamichi Osumi Takashi Menjo Takayuki Tsunakawa Tang Haiying Tatsuhito Kasahara Tatsuo Ishii Tatsuro Yamada Theodor Arsenij Larionov-Trichkin Thomas Kellerer Thomas Munro Thomas Trenz Tijs van Dam Tom Ellis Tom Gottfried Tom Lane Tom Vijlbrief Tomas Barton Tomas Vondra Tomohiro Hiramitsu Tony Reix Vaishnavi Prabakaran Valentin Gatien-Baron Victor Wagner Victor Yegorov Vignesh C Vik Fearing Vitaly Ustinov Vladimir Sitnikov Vyacheslav Shablistyy Wang Shenhao Wei Wang Wells Oliver Wenjing Zeng Wolfgang Walther Yang Lin Yanliang Lei Yaoguang Chen Yaroslav Pashinsky Yaroslav Schekin Yasushi Yamashita Yoran Heling YoungHwan Joo Yugo Nagata Yuki Seino Yukun Wang Yulin Pei Yura Sokolov Yuta Katsuragi Yuta Kondo Yuzuko Hosoya Zhihong Yu Zhiyong Wu Zsolt Ero