diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2023-08-07 12:50:15 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2023-08-07 12:50:15 -0400 |
| commit | 93eb661713338b2b51f36ec397e42397b5e441e2 (patch) | |
| tree | 4c95ea128abb74ee6257c3e36309ec5791f0ced8 | |
| parent | d4648a74be07bfb23b449c722303c320297c0327 (diff) | |
| download | postgresql-93eb661713338b2b51f36ec397e42397b5e441e2.tar.gz postgresql-93eb661713338b2b51f36ec397e42397b5e441e2.zip | |
Last-minute updates for release notes.
Security: CVE-2023-39417, CVE-2023-39418
| -rw-r--r-- | doc/src/sgml/release-14.sgml | 52 |
1 files changed, 51 insertions, 1 deletions
diff --git a/doc/src/sgml/release-14.sgml b/doc/src/sgml/release-14.sgml index 76102e88aae..f32f4d5f0d4 100644 --- a/doc/src/sgml/release-14.sgml +++ b/doc/src/sgml/release-14.sgml @@ -24,7 +24,7 @@ <para> However, if you use BRIN indexes, it may be advisable to reindex them; - see the first changelog entry below. + see the second changelog entry below. </para> <para> @@ -40,6 +40,35 @@ <listitem> <!-- +Author: Noah Misch <noah@leadboat.com> +Branch: master [cd5f2a357] 2023-08-07 06:05:56 -0700 +Branch: REL_16_STABLE [f53511010] 2023-08-07 06:05:59 -0700 +Branch: REL_15_STABLE [de494ec14] 2023-08-07 06:06:00 -0700 +Branch: REL_14_STABLE [d4648a74b] 2023-08-07 06:06:00 -0700 +Branch: REL_13_STABLE [b1b585e0f] 2023-08-07 06:06:00 -0700 +Branch: REL_12_STABLE [eb044d8f0] 2023-08-07 06:06:00 -0700 +Branch: REL_11_STABLE [919ebb023] 2023-08-07 06:06:01 -0700 +--> + <para> + Disallow substituting a schema or owner name into an extension script + if the name contains a quote, backslash, or dollar sign (Noah Misch) + </para> + + <para> + This restriction guards against SQL-injection hazards for trusted + extensions. + </para> + + <para> + The <productname>PostgreSQL</productname> Project thanks Micah Gate, + Valerie Woolard, Tim Carey-Smith, and Christoph Berg for reporting + this problem. + (CVE-2023-39417) + </para> + </listitem> + + <listitem> +<!-- Author: Tomas Vondra <tomas.vondra@postgresql.org> Branch: master Release: REL_16_BR [3581cbdcd] 2023-05-19 01:29:44 +0200 Branch: REL_15_STABLE [e18769323] 2023-05-19 00:15:13 +0200 @@ -219,6 +248,27 @@ Branch: REL_11_STABLE [f6345f03f] 2023-06-19 13:03:17 +1200 <listitem> <!-- +Author: David Rowley <drowley@postgresql.org> +Branch: master [990c3650c] 2023-08-07 22:14:21 +1200 +Branch: REL_16_STABLE [ae89129aa] 2023-08-07 22:14:54 +1200 +Branch: REL_15_STABLE [71662373b] 2023-08-07 22:15:23 +1200 +Branch: REL_14_STABLE [bf315354e] 2023-08-07 22:15:50 +1200 +--> + <para> + Don't Memoize lateral joins with volatile join conditions + (Richard Guo) + </para> + + <para> + Applying Memoize to a sub-plan that contains volatile filter + conditions is likely to lead to wrong answers. The check to avoid + doing this missed some cases that can arise when + using <literal>LATERAL</literal>. + </para> + </listitem> + + <listitem> +<!-- Author: Etsuro Fujita <efujita@postgresql.org> Branch: master [6f80a8d9c] 2023-07-28 15:45:00 +0900 Branch: REL_16_STABLE [695f5deb7] 2023-07-28 15:45:01 +0900 |