summaryrefslogtreecommitdiffstats
path: root/doc/src/sgml/html/release-15-4.html
blob: a891e2af7dd127790ab144f431df996122e4ab3d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>E.1. Release 15.4</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot" /><link rel="prev" href="release.html" title="Appendix E. Release Notes" /><link rel="next" href="release-15-3.html" title="E.2. Release 15.3" /></head><body id="docContent" class="container-fluid col-10"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">E.1. Release 15.4</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="release.html" title="Appendix E. Release Notes">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="release.html" title="Appendix E. Release Notes">Up</a></td><th width="60%" align="center">Appendix E. Release Notes</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 15.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="release-15-3.html" title="E.2. Release 15.3">Next</a></td></tr></table><hr /></div><div class="sect1" id="RELEASE-15-4"><div class="titlepage"><div><div><h2 class="title" style="clear: both">E.1. Release 15.4</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="sect2"><a href="release-15-4.html#id-1.11.6.5.4">E.1.1. Migration to Version 15.4</a></span></dt><dt><span class="sect2"><a href="release-15-4.html#id-1.11.6.5.5">E.1.2. Changes</a></span></dt></dl></div><p><strong>Release date: </strong>2023-08-10</p><p>
   This release contains a variety of fixes from 15.3.
   For information about new features in major release 15, see
   <a class="xref" href="release-15.html" title="E.5. Release 15">Section E.5</a>.
  </p><div class="sect2" id="id-1.11.6.5.4"><div class="titlepage"><div><div><h3 class="title">E.1.1. Migration to Version 15.4</h3></div></div></div><p>
    A dump/restore is not required for those running 15.X.
   </p><p>
    However, if you use BRIN indexes, it may be advisable to reindex them;
    see the third changelog entry below.
   </p><p>
    Also, if you are upgrading from a version earlier than 15.1,
    see <a class="xref" href="release-15-1.html" title="E.4. Release 15.1">Section E.4</a>.
   </p></div><div class="sect2" id="id-1.11.6.5.5"><div class="titlepage"><div><div><h3 class="title">E.1.2. Changes</h3></div></div></div><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
      Disallow substituting a schema or owner name into an extension script
      if the name contains a quote, backslash, or dollar sign (Noah Misch)
     </p><p>
      This restriction guards against SQL-injection hazards for trusted
      extensions.
     </p><p>
      The <span class="productname">PostgreSQL</span> Project thanks Micah Gate,
      Valerie Woolard, Tim Carey-Smith, and Christoph Berg for reporting
      this problem.
      (CVE-2023-39417)
     </p></li><li class="listitem"><p>
      Fix <code class="command">MERGE</code> to enforce row security policies
      properly (Dean Rasheed)
     </p><p>
      When <code class="command">MERGE</code> performs an <code class="literal">UPDATE</code>
      action, it should enforce any <code class="literal">UPDATE</code> or
      <code class="literal">SELECT</code> RLS policies defined on the target table,
      to be consistent with the way that a plain <code class="command">UPDATE</code>
      with a <code class="literal">WHERE</code> clause works.  Instead it was
      enforcing <code class="literal">INSERT</code> RLS policies for both
      <code class="literal">INSERT</code> and <code class="literal">UPDATE</code> actions.
     </p><p>
      In addition, when <code class="command">MERGE</code> performs a <code class="literal">DO
      NOTHING</code> action, it applied the target table's
      <code class="literal">DELETE</code> RLS policies to existing rows, even though
      those rows are not being deleted.  While it's not a security
      problem, this could result in unwanted errors.
     </p><p>
      The <span class="productname">PostgreSQL</span> Project thanks
      Dean Rasheed for reporting this problem.
      (CVE-2023-39418)
     </p></li><li class="listitem"><p>
      Fix confusion between empty (no rows) ranges and all-NULL ranges in
      BRIN indexes, as well as incorrect merging of all-NULL summaries
      (Tomas Vondra)
     </p><p>
      Each of these oversights could result in forgetting that a BRIN
      index range contains any NULL values, potentially allowing
      subsequent queries that should return NULL values to miss doing so.
     </p><p>
      This fix will not in itself correct faulty BRIN entries.
      It's recommended to <code class="command">REINDEX</code> any BRIN indexes that
      may be used to search for nulls.
     </p></li><li class="listitem"><p>
      Avoid leaving a corrupted database behind when <code class="command">DROP
      DATABASE</code> is interrupted (Andres Freund)
     </p><p>
      If <code class="command">DROP DATABASE</code> was interrupted after it had
      already begun taking irreversible steps, the target database
      remained accessible (because the removal of
      its <code class="structname">pg_database</code> row would roll back),
      but it would have corrupt contents.  Fix by marking the database
      as inaccessible before we begin to perform irreversible operations.
      A failure after that will leave the database still partially
      present, but nothing can be done with it except to issue
      another <code class="command">DROP DATABASE</code>.
     </p></li><li class="listitem"><p>
      Ensure that partitioned indexes are correctly marked as valid or not
      at creation (Michael Paquier)
     </p><p>
      If a new partitioned index matches an existing but invalid index on
      one of the partitions, the partitioned index could end up being
      marked valid prematurely.  This could lead to misbehavior or
      assertion failures in subsequent queries on the partitioned table.
     </p></li><li class="listitem"><p>
      Ignore invalid child indexes when matching partitioned indexes to
      child indexes during <code class="command">ALTER TABLE ATTACH PARTITION</code>
      (Michael Paquier)
     </p><p>
      Such an index will now be ignored, and a new child index created
      instead.
     </p></li><li class="listitem"><p>
      Fix possible failure when marking a partitioned index valid after
      all of its partitions have been attached (Michael Paquier)
     </p><p>
      The update of the index's <code class="structname">pg_index</code> entry
      could use stale data for other columns.  One reported symptom is
      an <span class="quote"><span class="quote">attempted to update invisible tuple</span></span> error.
     </p></li><li class="listitem"><p>
      Fix <code class="command">ALTER EXTENSION SET SCHEMA</code> to complain if the
      extension contains any objects outside the extension's schema
      (Michael Paquier, Heikki Linnakangas)
     </p><p>
      Erroring out if the extension contains objects in multiple schemas
      was always intended; but the check was mis-coded so that it would
      fail to detect some cases, leading to surprising behavior.
     </p></li><li class="listitem"><p>
      Fix tracking of tables' access method dependencies (Michael Paquier)
     </p><p>
      <code class="command">ALTER TABLE ... SET ACCESS METHOD</code> failed to
      update relevant <code class="structname">pg_depend</code> entries when
      changing a table's access method.  When using non-built-in access
      methods, this creates a risk that an access method could be dropped
      even though tables still depend on it.  This fix corrects the logic
      in <code class="command">ALTER TABLE</code>, but it will not adjust any
      already-missing <code class="structname">pg_depend</code> entries.
     </p></li><li class="listitem"><p>
      Don't use partial unique indexes for uniqueness proofs in the
      planner (David Rowley)
     </p><p>
      This could give rise to incorrect plans, since the presumed
      uniqueness of rows read from a table might not hold if the index in
      question isn't used to scan the table.
     </p></li><li class="listitem"><p>
      Don't Memoize lateral joins with volatile join conditions
      (Richard Guo)
     </p><p>
      Applying Memoize to a sub-plan that contains volatile filter
      conditions is likely to lead to wrong answers.  The check to avoid
      doing this missed some cases that can arise when
      using <code class="literal">LATERAL</code>.
     </p></li><li class="listitem"><p>
      Avoid producing incorrect plans for foreign joins with
      pseudoconstant join clauses (Etsuro Fujita)
     </p><p>
      The planner currently lacks support for attaching pseudoconstant
      join clauses to a pushed-down remote join, so disable generation
      of remote joins in such cases.  (A better solution will require
      ABI-breaking changes of planner data structures, so it will have to
      wait for a future major release.)
     </p></li><li class="listitem"><p>
      Correctly handle sub-SELECTs in RLS policy expressions and
      security-barrier views when expanding rule actions (Tom Lane)
     </p></li><li class="listitem"><p>
      Fix race conditions in conflict detection
      for <code class="literal">SERIALIZABLE</code> isolation mode
      (Thomas Munro)
     </p><p>
      Conflicts could be missed when using bitmap heap scans, when using
      GIN indexes, and when examining an initially-empty btree index.
      All these cases could lead to serializability failures due to
      improperly allowing conflicting transactions to commit.
     </p></li><li class="listitem"><p>
      Fix misbehavior of EvalPlanQual checks with inherited or partitioned
      target tables (Tom Lane)
     </p><p>
      This oversight could lead to update or delete actions
      in <code class="literal">READ COMMITTED</code> isolation mode getting
      performed when they should have been skipped because of a
      conflicting concurrent update.
     </p></li><li class="listitem"><p>
      Fix hash join with an inner-side hash key that contains Params
      coming from an outer nested loop (Tom Lane)
     </p><p>
      When rescanning the join after the values of such Params have
      changed, we must rebuild the hash table, but neglected to do so.
      This could result in missing join output rows.
     </p></li><li class="listitem"><p>
      Fix intermittent failures when trying to update a field of a
      composite column (Tom Lane)
     </p><p>
      If the overall value of the composite column is wide enough to
      require out-of-line toasting, then an unluckily-timed cache flush
      could cause errors or server crashes.
     </p></li><li class="listitem"><p>
      Prevent query-lifespan memory leaks in some <code class="command">UPDATE</code>
      queries with triggers (Tomas Vondra)
     </p></li><li class="listitem"><p>
      Prevent query-lifespan memory leaks when an Incremental Sort plan
      node is rescanned (James Coleman, Laurenz Albe, Tom Lane)
     </p></li><li class="listitem"><p>
      Accept fractional seconds in the input to <code class="type">jsonpath</code>'s
      <code class="function">datetime()</code> method (Tom Lane)
     </p></li><li class="listitem"><p>
      Prevent stack-overflow crashes with very complex text search
      patterns (Tom Lane)
     </p></li><li class="listitem"><p>
      Allow tokens up to 10240 bytes long
      in <code class="filename">pg_hba.conf</code>
      and <code class="filename">pg_ident.conf</code> (Tom Lane)
     </p><p>
      The previous limit of 256 bytes has been found insufficient for some
      use-cases.
     </p></li><li class="listitem"><p>
      Ensure that all existing placeholders are checked for matches when
      an extension declares its GUC prefix to be reserved (Karina
      Litskevich, Ekaterina Sokolova)
     </p><p>
      Faulty loop logic could cause some entries to be skipped.
     </p></li><li class="listitem"><p>
      Fix mishandling of C++ out-of-memory conditions (Heikki Linnakangas)
     </p><p>
      If JIT is in use, running out of memory in a
      C++ <code class="function">new</code> call would lead to
      a <span class="productname">PostgreSQL</span> FATAL error, instead of the
      expected C++ exception.
     </p></li><li class="listitem"><p>
      Fix rare null-pointer crash in <code class="filename">plancache.c</code>
      (Tom Lane)
     </p></li><li class="listitem"><p>
      Avoid leaking a stats entry for a subscription when it is dropped
      (Masahiko Sawada)
     </p></li><li class="listitem"><p>
      Avoid losing track of possibly-useful shared memory segments when a
      page free results in coalescing ranges of free space (Dongming Liu)
     </p><p>
      Ensure that the segment is moved into the
      appropriate <span class="quote"><span class="quote">bin</span></span> for its new amount of free space, so
      that it will be found by subsequent searches.
     </p></li><li class="listitem"><p>
      Allow <code class="command">VACUUM</code> to continue after detecting certain
      types of b-tree index corruption (Peter Geoghegan)
     </p><p>
      If an invalid sibling-page link is detected, log the issue and press
      on, rather than throwing an error as before.  Nothing short
      of <code class="command">REINDEX</code> will fix the broken index, but
      preventing <code class="command">VACUUM</code> from completing until that is
      done risks making matters far worse.
     </p></li><li class="listitem"><p>
      Ensure that <code class="varname">WrapLimitsVacuumLock</code> is released
      after <code class="command">VACUUM</code> detects invalid data
      in <code class="structname">pg_database</code>.<code class="structfield">datfrozenxid</code>
      or <code class="structname">pg_database</code>.<code class="structfield">datminmxid</code>
      (Andres Freund)
     </p><p>
      Failure to release this lock could lead to a deadlock later,
      although the lock would be cleaned up if the session exits or
      encounters some other error.
     </p></li><li class="listitem"><p>
      Avoid double replay of prepared transactions during crash
      recovery (suyu.cmj, Michael Paquier)
     </p><p>
      After a crash partway through a checkpoint with some two-phase
      transaction state data already flushed to disk by this checkpoint,
      crash recovery could attempt to replay the prepared transaction(s)
      twice, leading to a fatal error such as <span class="quote"><span class="quote">lock is already
      held</span></span> in the startup process.
     </p></li><li class="listitem"><p>
      Ensure that a newly created, but still empty table
      is <code class="function">fsync</code>'ed at the next checkpoint (Heikki
      Linnakangas)
     </p><p>
      Without this, if there is an operating system crash causing the
      empty file to disappear, subsequent operations on the table might
      fail with <span class="quote"><span class="quote">could not open file</span></span> errors.
     </p></li><li class="listitem"><p>
      Ensure that creation of the init fork of an unlogged index is
      WAL-logged (Heikki Linnakangas)
     </p><p>
      While an unlogged index's main data fork is not WAL-logged, its init
      fork should be, to ensure that we have a consistent state to restore
      the index to after a crash.  This step was missed if the init fork
      contains no data, which is a case not used by any standard index AM;
      but perhaps some extension behaves that way.
     </p></li><li class="listitem"><p>
      Silence bogus <span class="quote"><span class="quote">missing contrecord</span></span> errors (Thomas Munro)
     </p><p>
      Treat this case as plain end-of-WAL to avoid logging inaccurate
      complaints from <span class="application">pg_waldump</span>
      and <span class="application">walsender</span>.
     </p></li><li class="listitem"><p>
      Fix overly strict assertion in <code class="type">jsonpath</code> code
      (David Rowley)
     </p><p>
      This assertion failed if a query applied
      the <code class="literal">.type()</code> operator to
      a <code class="literal">like_regex</code> result.
      There was no bug in non-assert builds.
     </p></li><li class="listitem"><p>
      Avoid assertion failure when processing an empty statement via the
      extended query protocol in an already-aborted transaction (Tom Lane)
     </p></li><li class="listitem"><p>
      Avoid assertion failure when
      the <code class="varname">stats_fetch_consistency</code> setting is changed
      intra-transaction (Kyotaro Horiguchi)
     </p></li><li class="listitem"><p>
      Fix <code class="filename">contrib/fuzzystrmatch</code>'s
      Soundex <code class="function">difference()</code> function to handle empty
      input sanely (Alexander Lakhin, Tom Lane)
     </p><p>
      An input string containing no alphabetic characters resulted in
      unpredictable output.
     </p></li><li class="listitem"><p>
      Tighten whitespace checks in <code class="filename">contrib/hstore</code>
      input (Evan Jones)
     </p><p>
      In some cases, characters would be falsely recognized as whitespace
      and hence discarded.
     </p></li><li class="listitem"><p>
      Disallow oversize input arrays
      with <code class="filename">contrib/intarray</code>'s
      <code class="literal">gist__int_ops</code> index opclass (Ankit Kumar Pandey,
      Alexander Lakhin)
     </p><p>
      Previously this code would report a <code class="literal">NOTICE</code> but
      press on anyway, creating an invalid index entry that presents a
      risk of crashes when the index is read.
     </p></li><li class="listitem"><p>
      Avoid useless double decompression of GiST index entries
      in <code class="filename">contrib/intarray</code> (Konstantin Knizhnik,
      Matthias van de Meent, Tom Lane)
     </p></li><li class="listitem"><p>
      Fix <code class="filename">contrib/pageinspect</code>'s
      <code class="function">gist_page_items()</code> function to work when there
      are included index columns (Alexander Lakhin, Michael Paquier)
     </p><p>
      Previously, if the index has included
      columns, <code class="function">gist_page_items()</code> would fail to
      display those values on index leaf pages, or crash outright on
      non-leaf pages.
     </p></li><li class="listitem"><p>
      In <span class="application">psql</span>, ignore
      the <code class="envar">PSQL_WATCH_PAGER</code> environment variable when
      stdin/stdout are not a terminal (Tom Lane)
     </p><p>
      This corresponds to the treatment of <code class="envar">PSQL_PAGER</code> in
      commands besides <code class="command">\watch</code>.
     </p></li><li class="listitem"><p>
      Fix <span class="application">pg_dump</span> to correctly handle new-style
      SQL-language functions whose bodies require parse-time dependencies
      on unique indexes (Tom Lane)
     </p><p>
      Such cases can arise from <code class="literal">GROUP BY</code>
      and <code class="literal">ON CONFLICT</code> clauses, for example.  The
      function must then be postponed until after the unique index in the
      dump output, but <span class="application">pg_dump</span> did not do that
      and instead printed a warning about <span class="quote"><span class="quote">could not resolve
      dependency loop</span></span>.
     </p></li><li class="listitem"><p>
      Improve <span class="application">pg_dump</span>'s display of details
      about dependency-loop problems (Tom Lane)
     </p></li><li class="listitem"><p>
      Avoid crash in <span class="application">pgbench</span> with an empty
      pipeline and prepared mode (Álvaro Herrera)
     </p></li><li class="listitem"><p>
      Ensure
      that <code class="structname">pg_index</code>.<code class="structfield">indisreplident</code>
      is kept up-to-date in relation cache entries (Shruthi Gowda)
     </p><p>
      This value could be stale in some cases.  There is no core code that
      relies on the relation cache's copy, so this is only a latent bug as
      far as Postgres itself is concerned; but there may be extensions for
      which it is a live bug.
     </p></li><li class="listitem"><p>
      Fix <span class="application">make_etags</span> script to work with
      non-Exuberant <span class="application">ctags</span> (Masahiko Sawada)
     </p></li></ul></div></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="release.html" title="Appendix E. Release Notes">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="release.html" title="Appendix E. Release Notes">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="release-15-3.html" title="E.2. Release 15.3">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Appendix E. Release Notes </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 15.4 Documentation">Home</a></td><td width="40%" align="right" valign="top"> E.2. Release 15.3</td></tr></table></div></body></html>