2020-05-14 This release contains a variety of fixes from 11.7. For information about new features in major release 11, see . A dump/restore is not required for those running 11.X. However, if you are upgrading from a version earlier than 11.6, see . Propagate ALTER TABLE ... SET STORAGE to indexes (Peter Eisentraut) Non-expression index columns have always copied the attstorage property of their table column at creation. Update them when ALTER TABLE ... SET STORAGE is done, to maintain consistency. Preserve the indisclustered setting of indexes rewritten by ALTER TABLE (Amit Langote, Justin Pryzby) Previously, ALTER TABLE lost track of which index had been used for CLUSTER. Preserve the replica identity properties of indexes rewritten by ALTER TABLE (Quan Zongliang, Peter Eisentraut) Lock objects sooner during DROP OWNED BY (Álvaro Herrera) This avoids failures in race-condition cases where another session is deleting some of the same objects. Fix error-case processing for CREATE ROLE ... IN ROLE (Andrew Gierth) Some error cases would be reported as unexpected node type or the like, instead of the intended message. Ensure that when a partition is detached, any triggers cloned from its formerly-parent table are removed (Justin Pryzby) Ensure that unique indexes over partitioned tables match the equality semantics of the partitioning key (Guancheng Luo) This would only be an issue with index opclasses that have unusual notions of equality, but it's wrong in theory, so check. Ensure that members of the pg_read_all_stats role can read all statistics views, as expected (Magnus Hagander) The functions underlying the pg_stat_progress_* views had not gotten this memo. Repair performance regression in information_schema.triggers view (Tom Lane) This patch redefines that view so that an outer WHERE clause constraining the table name can be pushed down into the view, allowing its calculations to be done only for triggers belonging to the table of interest rather than all triggers in the database. In a database with many triggers this would make a significant speed difference for queries of that form. Since things worked that way before v11, this is a potential performance regression. Users who find this to be a problem can fix it by replacing the view definition (or, perhaps, just deleting and reinstalling the whole information_schema schema). Fix full text search to handle NOT above a phrase search correctly (Tom Lane) Queries such as !(foo<->bar) failed to find matching rows when implemented as a GiST or GIN index search. Fix full text search for cases where a phrase search includes an item with both prefix matching and a weight restriction (Tom Lane) Fix ts_headline() to make better headline selections when working with phrase queries (Tom Lane) Fix bugs in gin_fuzzy_search_limit processing (Adé Heyward, Tom Lane) A small value of gin_fuzzy_search_limit could result in unexpected slowness due to unintentionally rescanning the same index page many times. Another code path failed to apply the intended filtering at all, possibly returning too many values. Allow input of type circle to accept the format (x,y),r as the documentation says it does (David Zhang) Make the get_bit() and set_bit() functions cope with bytea strings longer than 256MB (Movead Li) Since the bit number argument is only int4, it's impossible to use these functions to access bits beyond the first 256MB of a long bytea. We'll widen the argument to int8 in v13, but in the meantime, allow these functions to work on the initial substring of a long bytea. Ignore file-not-found errors in pg_ls_waldir() and allied functions (Tom Lane) This prevents a race condition failure if a file is removed between when we see its directory entry and when we attempt to stat() it. Avoid possibly leaking an open-file descriptor for a directory in pg_ls_dir(), pg_timezone_names(), pg_tablespace_databases(), and allied functions (Justin Pryzby) Fix polymorphic-function type resolution to correctly infer the actual type of an anyarray output when given only an anyrange input (Tom Lane) Avoid leakage of a hashed subplan's hash tables across multiple executions (Andreas Karlsson, Tom Lane) This mistake could result in severe memory bloat if a query re-executed a hashed subplan enough times. Avoid unlikely crash when REINDEX is terminated by a session-shutdown signal (Tom Lane) Fix low-probability crash after constraint violation errors in partitioned tables (Andres Freund) Prevent printout of possibly-incorrect hash join table statistics in EXPLAIN (Konstantin Knizhnik, Tom Lane, Thomas Munro) Fix reporting of elapsed time for heap truncation steps in VACUUM VERBOSE (Tatsuhito Kasahara) Fix possible undercounting of deleted B-tree index pages in VACUUM VERBOSE output (Peter Geoghegan) Fix wrong bookkeeping for oldest deleted page in a B-tree index (Peter Geoghegan) This could cause subtly wrong decisions about when VACUUM can skip an index cleanup scan; although it appears there may be no significant user-visible effects from that. Ensure that TimelineHistoryRead and TimelineHistoryWrite wait states are reported in all code paths that read or write timeline history files (Masahiro Ikeda) Avoid possibly showing waiting twice in a process's PS status (Masahiko Sawada) Avoid failure if autovacuum tries to access a just-dropped temporary schema (Tom Lane) This hazard only arises if a superuser manually drops a temporary schema; which isn't normal practice, but should work. Avoid premature recycling of WAL segments during crash recovery (Jehan-Guillaume de Rorthais) WAL segments that become ready to be archived during crash recovery were potentially recycled without being archived. Avoid scanning irrelevant timelines during archive recovery (Kyotaro Horiguchi) This can eliminate many attempts to fetch non-existent WAL files from archive storage, which is helpful if archive access is slow. Remove bogus subtransaction logged without previous top-level txn record error check in logical decoding (Arseny Sher, Amit Kapila) This condition is legitimately reachable in various scenarios, so remove the check. Ensure that a replication slot's io_in_progress_lock is released in failure code paths (Pavan Deolasee) This could result in a walsender later becoming stuck waiting for the lock. Fix race conditions in synchronous standby management (Tom Lane) During a change in the synchronous_standby_names setting, there was a window in which wrong decisions could be made about whether it is OK to release transactions that are waiting for synchronous commit. Another hazard for similarly wrong decisions existed if a walsender process exited and was immediately replaced by another. Ensure nextXid can't go backwards on a standby server (Eka Palamadai) This race condition could allow incorrect hot standby feedback messages to be sent back to the primary server, potentially allowing VACUUM to run too soon on the primary. Add missing SQLSTATE values to a few error reports (Sawada Masahiko) Fix PL/pgSQL to reliably refuse to execute an event trigger function as a plain function (Tom Lane) Fix memory leak in libpq when using sslmode=verify-full (Roman Peshkurov) Certificate verification during connection startup could leak some memory. This would become an issue if a client process opened many database connections during its lifetime. Fix ecpg to treat an argument of just - as meaning read from stdin on all platforms (Tom Lane) Allow tab-completion of the filename argument to psql's \gx command (Vik Fearing) Add pg_dump support for ALTER ... DEPENDS ON EXTENSION (Álvaro Herrera) pg_dump previously ignored dependencies added this way, causing them to be forgotten during dump/restore or pg_upgrade. Fix pg_dump to dump comments on RLS policy objects (Tom Lane) In pg_dump, postpone restore of event triggers till the end (Fabrízio de Royes Mello, Hamid Akhtar, Tom Lane) This minimizes the risk that an event trigger could interfere with the restoration of other objects. Make pg_verify_checksums skip tablespace subdirectories that belong to a different PostgreSQL major version (Michael Banck, Bernd Helmle) Such subdirectories don't really belong to our database cluster, and so must not be processed. Ignore temporary copies of pg_internal.init in pg_verify_checksums and related programs (Michael Paquier) Fix quoting of --encoding, --lc-ctype and --lc-collate values in createdb utility (Michael Paquier) contrib/lo's lo_manage() function crashed if called directly rather than as a trigger (Tom Lane) In contrib/ltree, protect against overflow of ltree and lquery length fields (Nikita Glukhov) Work around failure in contrib/pageinspect's bt_metap() function when an oldest_xact value exceeds 2^31-1 (Peter Geoghegan) Such XIDs will now be reported as negative integers, which isn't great but it beats throwing an error. v13 will widen the output argument to int8 to provide saner reporting. Fix cache reference leak in contrib/sepgsql (Michael Luo) Avoid failures when dealing with Unix-style locale names on Windows (Juan José Santamaría Flecha) Use pkg-config, if available, to locate libxml2 during configure (Hugh McMaster, Tom Lane, Peter Eisentraut) If pkg-config is not present or lacks knowledge of libxml2, we still query xml2-config as before. This change could break build processes that try to make PostgreSQL use a non-default version of libxml2 by putting that version's xml2-config into the PATH. Instead, set XML2_CONFIG to point to the non-default xml2-config. That method will work with either older or newer PostgreSQL releases. In MSVC builds, cope with spaces in the path name for Python (Victor Wagner) In MSVC builds, fix detection of Visual Studio version to work with more language settings (Andrew Dunstan) In MSVC builds, use -Wno-deprecated with bison versions newer than 3.0, as non-Windows builds already do (Andrew Dunstan) Update time zone data files to tzdata release 2020a for DST law changes in Morocco and the Canadian Yukon, plus historical corrections for Shanghai. The America/Godthab zone has been renamed to America/Nuuk to reflect current English usage; however, the old name remains available as a compatibility link. Also, update initdb's list of known Windows time zone names to include recent additions, improving the odds that it will correctly translate the system time zone setting on that platform. 2020-02-13 This release contains a variety of fixes from 11.6. For information about new features in major release 11, see . A dump/restore is not required for those running 11.X. However, if you are upgrading from a version earlier than 11.6, see . Add missing permissions checks for ALTER ... DEPENDS ON EXTENSION (Álvaro Herrera) Marking an object as dependent on an extension did not have any privilege check whatsoever. This oversight allowed any user to mark routines, triggers, materialized views, or indexes as droppable by anyone able to drop an extension. Require that the calling user own the specified object (and hence have privilege to drop it). (CVE-2020-1720) Ensure that row triggers on partitioned tables are correctly cloned to sub-partitions when appropriate (Álvaro Herrera) User-defined triggers (but not triggers for foreign key or deferred unique constraints) might be missed when creating or attaching a partition. Fix logical replication subscriber code to execute per-column UPDATE triggers when appropriate (Peter Eisentraut) Avoid failure in logical decoding when a large transaction must be spilled into many separate temporary files (Amit Khandekar) Fix possible crash or data corruption when a logical replication subscriber processes a row update (Tom Lane, Tomas Vondra) This bug caused visible problems only if the subscriber's table contained columns that were not being copied from the publisher and had pass-by-reference data types. Fix crash in logical replication subscriber after DDL changes on a subscribed relation (Jehan-Guillaume de Rorthais, Vignesh C) Fix failure in logical replication publisher after a database crash and restart (Vignesh C) Ensure that the effect of pg_replication_slot_advance() on a physical replication slot will persist across restarts (Alexey Kondratov, Michael Paquier) Improve efficiency of logical replication with REPLICA IDENTITY FULL (Konstantin Knizhnik) When searching for an existing tuple during an update or delete operation, return the first matching tuple not the last one. Ensure parallel plans are always shut down at the correct time (Kyotaro Horiguchi) This oversight is known to result in temporary file leak warnings from multi-batch parallel hash joins. Prevent premature shutdown of a Gather or GatherMerge plan node that is underneath a Limit node (Amit Kapila) This avoids failure if such a plan node needs to be scanned more than once, as for instance if it is on the inside of a nestloop. Improve efficiency of parallel hash join on CPUs with many cores (Gang Deng, Thomas Munro) Avoid crash in parallel CREATE INDEX when there are no free dynamic shared memory slots (Thomas Munro) Fall back to a non-parallel index build, instead. Avoid memory leak when there are no free dynamic shared memory slots (Thomas Munro) Ignore the CONCURRENTLY option when performing an index creation, drop, or rebuild on a temporary table (Michael Paquier, Heikki Linnakangas, Andres Freund) This avoids strange failures if the temporary table has an ON COMMIT action. There is no benefit in using CONCURRENTLY for a temporary table anyway, since other sessions cannot access the table, making the extra processing pointless. Fix possible failure when resetting expression indexes on temporary tables that are marked ON COMMIT DELETE ROWS (Tom Lane) Fix possible crash in BRIN index operations with box, range and inet data types (Heikki Linnakangas) Fix handling of deleted pages in GIN indexes (Alexander Korotkov) Avoid possible deadlocks, incorrect updates of a deleted page's state, and failure to traverse through a recently-deleted page. Fix possible crash with a SubPlan (sub-SELECT) within a multi-row VALUES list (Tom Lane) Fix failure to insert default values for missing attributes during tuple conversion (Vik Fearing, Andrew Gierth) This could result in values incorrectly reading as NULL, when they come from columns that had been added by ALTER TABLE ADD COLUMN with a constant default. Fix crash after FileClose() failure (Noah Misch) This issue could only be observed with data_sync_retry enabled, since otherwise FileClose() failure would be reported as a PANIC. Fix unlikely crash with pass-by-reference aggregate transition states (Andres Freund, Teodor Sigaev) Improve error reporting in to_date() and to_timestamp() (Tom Lane, Álvaro Herrera) Reports about incorrect month or day names in input strings could truncate the input in the middle of a multi-byte character, leading to an improperly encoded error message that could cause follow-on failures. Truncate at the next whitespace instead. Fix off-by-one result for EXTRACT(ISOYEAR FROM timestamp) for BC dates (Tom Lane) Avoid stack overflow in information_schema views when a self-referential view exists in the system catalogs (Tom Lane) A self-referential view can't work; it will always result in infinite recursion. We handled that situation correctly when trying to execute the view, but not when inquiring whether it is automatically updatable. Ensure that walsender processes always show NULL for transaction start time in pg_stat_activity (Álvaro Herrera) Previously, the xact_start column would sometimes show the process start time. Improve performance of hash joins with very large inner relations (Thomas Munro) Fix placement of Subplans Removed field in EXPLAIN output (Daniel Gustafsson, Tom Lane) In non-text output formats, this field was emitted inside the Plans sub-group, resulting in syntactically invalid output. Attach it to the parent Append or MergeAppend plan node as intended. This causes the field to change position in text output format too: if there are any InitPlans attached to the same plan node, Subplans Removed will now appear before those. Allow the planner to apply potentially-leaky tests to child-table statistics, if the user can read the corresponding column of the table that's actually named in the query (Dilip Kumar, Amit Langote) This change fixes a performance problem for partitioned tables that was created by the fix for CVE-2017-7484. That security fix disallowed applying leaky operators to statistics for columns that the current user doesn't have permission to read directly. However, it's somewhat common to grant permissions only on the parent partitioned table and not bother to do so on individual partitions. In such cases, the user can read the column via the parent, so there's no point in this security restriction; it only results in poorer planner estimates than necessary. Fix edge-case crashes and misestimations in selectivity calculations for the <@ and @> range operators (Michael Paquier, Andrey Borodin, Tom Lane) Ignore system columns when applying most-common-value extended statistics (Tomas Vondra) This prevents negative bitmapset member not allowed planner errors for affected queries. Fix BRIN index logic to support hypothetical BRIN indexes (Julien Rouhaud, Heikki Linnakangas) Previously, if an index adviser extension tried to get the planner to produce a plan involving a hypothetical BRIN index, that would fail, because the BRIN cost estimation code would always try to physically access the index's metapage. Now it checks to see if the index is only hypothetical, and uses default assumptions about the index parameters if so. Improve error reporting for attempts to use automatic updating of views with conditional INSTEAD rules (Dean Rasheed) This has never been supported, but previously the error was thrown only at execution time, so that it could be masked by planner errors. Prevent a composite type from being included in itself indirectly via a range type (Tom Lane, Julien Rouhaud) Disallow partition key expressions that return pseudo-types, such as record (Tom Lane) Fix error reporting for index expressions of prohibited types (Amit Langote) Fix dumping of views that contain only a VALUES list to handle cases where a view output column has been renamed (Tom Lane) Ensure that data types and collations used in XMLTABLE constructs are accounted for when computing dependencies of a view or rule (Tom Lane) Previously it was possible to break a view using XMLTABLE by dropping a type, if the type was not otherwise referenced in the view. This fix does not correct the dependencies already recorded for existing views, only for newly-created ones. Prevent unwanted downcasing and truncation of RADIUS authentication parameters (Marcos David) The pg_hba.conf parser mistakenly treated these fields as SQL identifiers, which in general they aren't. Transmit incoming NOTIFY messages to the client before sending ReadyForQuery, rather than after (Tom Lane) This change ensures that, with libpq and other client libraries that act similarly to it, any notifications received during a transaction will be available by the time the client thinks the transaction is complete. This probably makes no difference in practical applications (which would need to cope with asynchronous notifications in any case); but it makes it easier to build test cases with reproducible behavior. Allow libpq to parse all GSS-related connection parameters even when the GSSAPI code hasn't been compiled in (Tom Lane) This makes the behavior similar to our SSL support, where it was long ago deemed to be a good idea to always accept all the related parameters, even if some are ignored or restricted due to lack of the feature in a particular build. Fix incorrect handling of %b and %B format codes in ecpg's PGTYPEStimestamp_fmt_asc() function (Tomas Vondra) Due to an off-by-one error, these codes would print the wrong month name, or possibly crash. Fix parallel pg_dump/pg_restore to more gracefully handle failure to create worker processes (Tom Lane) Prevent possible crash or lockup when attempting to terminate a parallel pg_dump/pg_restore run via a signal (Tom Lane) In pg_upgrade, look inside arrays and ranges while searching for non-upgradable data types in tables (Tom Lane) Apply more thorough syntax checking to createuser's --connection-limit option (Álvaro Herrera) Cope with changes of the specific type referenced by a PL/pgSQL composite-type variable in more cases (Ashutosh Sharma, Tom Lane) Dropping and re-creating the composite type referenced by a PL/pgSQL variable could lead to could not open relation with OID NNNN errors. Avoid crash in postgres_fdw when trying to send a command like UPDATE remote_tab SET (x,y) = (SELECT ...) to the remote server (Tom Lane) In contrib/dict_int, reject maxlen settings less than one (Tomas Vondra) This prevents a possible crash with silly settings for that parameter. Disallow NULL category values in contrib/tablefunc's crosstab() function (Joe Conway) This case never worked usefully, and it would crash on some platforms. Fix configure's probe for OpenSSL's SSL_clear_options() function so that it works with OpenSSL versions before 1.1.0 (Michael Paquier, Daniel Gustafsson) This problem could lead to failure to set the SSL compression option as desired, when PostgreSQL is built against an old version of OpenSSL. Mark some timeout and statistics-tracking GUC variables as PGDLLIMPORT, to allow extensions to access them on Windows (Pascal Legrand) This applies to idle_in_transaction_session_timeout, lock_timeout, statement_timeout, track_activities, track_counts, and track_functions. Avoid memory leak in sanity checks for slab memory contexts (Tomas Vondra) This isn't an issue for production builds, since they wouldn't ordinarily have memory context checking enabled; but the leak could be quite severe in a debug build. Fix multiple statistics entries reported by the LWLock statistics mechanism (Fujii Masao) The LWLock statistics code (which is not built by default; it requires compiling with -DLWLOCK_STATS) could report multiple entries for the same LWLock and backend process, as a result of faulty hashtable key creation. Fix race condition that led to delayed delivery of interprocess signals on Windows (Amit Kapila) This caused visible timing oddities in NOTIFY, and perhaps other misbehavior. On Windows, retry a few times after an ERROR_ACCESS_DENIED file access failure (Alexander Lakhin, Tom Lane) This helps cope with cases where a file open attempt fails because the targeted file is flagged for deletion but not yet actually gone. pg_ctl, for example, frequently failed with such an error when probing to see if the postmaster had shut down yet. 2019-11-14 This release contains a variety of fixes from 11.5. For information about new features in major release 11, see . A dump/restore is not required for those running 11.X. However, if you use the contrib/intarray extension with a GiST index, and you rely on indexed searches for the <@ operator, see the entry below about that. Also, if you are upgrading from a version earlier than 11.1, see . Fix failure of ALTER TABLE SET with a custom relation option (Michael Paquier) Disallow changing a multiply-inherited column's type if not all parent tables were changed (Tom Lane) Previously, this was allowed, whereupon queries on the now-out-of-sync parent would fail. Avoid failure if the same target table is specified twice in an ANALYZE command inside a transaction block (Tom Lane) Prevent VACUUM from trying to freeze an old multixact ID involving a still-running transaction (Nathan Bossart, Jeremy Schneider) This case would lead to VACUUM failing until the old transaction terminates. SET CONSTRAINTS ... DEFERRED failed on partitioned tables, incorrectly complaining about lack of triggers (Álvaro Herrera) Fix failure when creating indexes for a partition, if the parent partitioned table contains any dropped columns (Michael Paquier) Fix planner's test for case-foldable characters in ILIKE with an ICU collation (Tom Lane) This mistake caused the planner to treat too much of the pattern as being a fixed prefix, so that indexscans derived from an ILIKE clause might miss entries that they should find. Ensure that offset expressions in WINDOW clauses are processed when a query's expressions are manipulated (Andrew Gierth) This oversight could result in assorted failures when the offsets are nontrivial expressions. One example is that a function parameter reference in such an expression would fail if the function was inlined. Fix handling of whole-row variables in WITH CHECK OPTION expressions and row-level-security policy expressions (Andres Freund) Previously, such usage might result in bogus errors about row type mismatches. Avoid postmaster failure if a parallel query requests a background worker when no postmaster child process array slots remain free (Tom Lane) Prevent possible double-free if a BEFORE UPDATE trigger returns the old tuple as-is, and it is not the last such trigger (Thomas Munro) Fix crash if x = ANY (array), or related operations, contains a constant-null array (Tom Lane) Fix unexpected relkind error when a query tries to access a TOAST table (John Hsu, Michael Paquier, Tom Lane) The error should say that permission is denied, but this case got broken during code refactoring. Provide a relevant error context line when an error occurs while setting GUC parameters during parallel worker startup (Thomas Munro) In serializable mode, ensure that row-level predicate locks are acquired on the correct version of the row (Thomas Munro, Heikki Linnakangas) If the visible version of the row is HOT-updated, the lock might be taken on its now-dead predecessor, resulting in subtle failures to guarantee serialization. Ensure that fsync() is applied only to files that are opened read/write (Andres Freund, Michael Paquier) Some code paths tried to do this after opening a file read-only, but on some platforms that causes bad file descriptor or similar errors. Allow encoding conversion to succeed on longer strings than before (Álvaro Herrera, Tom Lane) Previously, there was a hard limit of 0.25GB on the input string, but now it will work as long as the converted output is not over 1GB. Avoid an unnecessary catalog lookup during heap page pruning (Thomas Munro) It's no longer necessary to check for unlogged indexes here, and the check caused significant performance problems in some workloads. There was also at least a theoretical possibility of deadlock. Avoid creating unnecessarily-bulky tuple stores for window functions (Andrew Gierth) In some cases the tuple storage would include all columns of the source table(s), not just the ones that are needed by the query. Fix failure to JIT-compile equality comparisons for grouping hash tables, leading to performance loss (Andres Freund) Allow repalloc() to give back space when a large chunk is reduced in size (Tom Lane) Ensure that temporary WAL and history files are removed at the end of archive recovery (Sawada Masahiko) Avoid failure in archive recovery if recovery_min_apply_delay is enabled (Fujii Masao) recovery_min_apply_delay is not typically used in this configuration, but it should work. Fix logical replication failure when publisher and subscriber have different ideas about a table's replica identity columns (Jehan-Guillaume de Rorthais, Peter Eisentraut) Declaring a column as part of the replica identity on the subscriber, when it does not exist at all on the publisher, led to negative bitmapset member not allowed errors. Avoid unwanted delay during shutdown of a logical replication walsender (Craig Ringer, Álvaro Herrera) Fix timeout handling in logical replication walreceiver processes (Julien Rouhaud) Erroneous logic prevented wal_receiver_timeout from working in logical replication deployments. Correctly time-stamp replication messages for logical decoding (Jeff Janes) This oversight resulted, for example, in pg_stat_subscription.last_msg_send_time usually reading as NULL. In logical decoding, ensure that sub-transactions are correctly accounted for when reconstructing a snapshot (Masahiko Sawada) This error leads to assertion failures; it's unclear whether any bad effects exist in production builds. Fix race condition during backend exit, when the backend process has previously waited for synchronous replication to occur (Dongming Liu) Fix ALTER SYSTEM to cope with duplicate entries in postgresql.auto.conf (Ian Barwick) ALTER SYSTEM itself will not generate such a state, but external tools that modify postgresql.auto.conf could do so. Duplicate entries for the target variable will now be removed, and then the new setting (if any) will be appended at the end. Reject include directives with empty file names in configuration files, and report include-file recursion more clearly (Ian Barwick, Tom Lane) Avoid logging complaints about abandoned connections when using PAM authentication (Tom Lane) libpq-based clients will typically make two connection attempts when a password is required, since they don't prompt their user for a password until their first connection attempt fails. Therefore the server is coded not to generate useless log spam when a client closes the connection upon being asked for a password. However, the PAM authentication code hadn't gotten that memo, and would generate several messages about a phantom authentication failure. Fix some cases where an incomplete date specification is not detected in time with time zone input (Alexander Lakhin) If a time zone with a time-varying UTC offset is specified, then a date must be as well, so that the offset can be resolved. Depending on the syntax used, this check was not enforced in some cases, allowing bogus output to be produced. Fix misbehavior of bitshiftright() (Tom Lane) The bitstring right shift operator failed to zero out padding space that exists in the last byte of the result when the bitstring length is not a multiple of 8. While invisible to most operations, any nonzero bits there would result in unexpected comparison behavior, since bitstring comparisons don't bother to ignore the extra bits, expecting them to always be zero. If you have inconsistent data as a result of saving the output of bitshiftright() in a table, it's possible to fix it with something like UPDATE mytab SET bitcol = ~(~bitcol) WHERE bitcol != ~(~bitcol); Restore the ability to take type information from an AS clause in json[b]_populate_record() and json[b]_populate_recordset() (Tom Lane) If the record argument is NULL and has no declared composite type, try to use the AS clause instead. This isn't recommended usage, but it used to work, and now does again. Avoid crash when selecting a namespace node in XMLTABLE (Chapman Flack) Fix detection of edge-case integer overflow in interval multiplication (Yuya Watari) Fix memory leaks in lower(), upper(), and initcap() functions when using ICU collations (Konstantin Knizhnik) Avoid crashes if ispell text search dictionaries contain wrong affix data (Arthur Zakirov) Fix incorrect compression logic for GIN posting lists (Heikki Linnakangas) A GIN posting list item can require 7 bytes if the distance between adjacent indexed TIDs exceeds 16TB. One step in the logic was out of sync with that, and might try to write the value into a 6-byte buffer. In principle this could cause a stack overrun, but on most architectures it's likely that the next byte would be unused alignment padding, making the bug harmless. In any case the bug would be very difficult to hit. Fix handling of infinity, NaN, and NULL values in KNN-GiST (Alexander Korotkov) The query's output order could be wrong (different from a plain sort's result) if some distances computed for non-null column values are infinity or NaN. Fix handling of searches for NULL in KNN-SP-GiST (Nikita Glukhov) On Windows, recognize additional spellings of the Norwegian (Bokmål) locale name (Tom Lane) Avoid compile failure if an ECPG client includes ecpglib.h while having ENABLE_NLS defined (Tom Lane) This risk was created by a misplaced declaration: ecpg_gettext() should not be visible to client code. In psql, resynchronize internal state about the server after an unexpected connection loss and successful reconnection (Peter Billen, Tom Lane) Ordinarily this is unnecessary since the state would be the same anyway. But it can matter in corner cases, such as where the connection might lead to one of several servers. This change causes psql to re-issue any interactive messages that it would have issued at startup, for example about whether SSL is in use. Avoid platform-specific null pointer dereference in psql (Quentin Rameau) In pg_dump, ensure stable output order for similarly-named triggers and row-level-security policy objects (Benjie Gillam) Previously, if two triggers on different tables had the same names, they would be sorted in OID-based order, which is less desirable than sorting them by table name. Likewise for RLS policies. Fix pg_dump to work again with pre-8.3 source servers (Tom Lane) A previous fix caused pg_dump to always try to query pg_opfamily, but that catalog doesn't exist before version 8.3. In pg_restore, treat -f - as meaning output to stdout (Álvaro Herrera) This synchronizes pg_restore's behavior with some other applications, and in particular makes pre-v12 branches act similarly to version 12's pg_restore, simplifying creation of dump/restore scripts that work across multiple PostgreSQL versions. Before this change, pg_restore interpreted such a switch as meaning output to a file named -, but few people would want that. Improve pg_upgrade's checks for the use of a data type that has changed representation, such as line (Tomas Vondra) The previous coding could be fooled by cases where the data type of interest underlies a stored column of a domain or composite type. Detect file read errors during pg_basebackup (Jeevan Chalke) In pg_basebackup, don't fsync output files until the end of backup (Michael Paquier) The previous coding could result in timeout failures if fsync was slow. In pg_rewind with an online source cluster, disable timeouts, much as pg_dump does (Alexander Kukushkin) Fix failure in pg_waldump with the -s option, when a continuation WAL record ends exactly at a page boundary (Andrey Lepikhov) In pg_waldump, include the newitemoff field in btree page split records (Peter Geoghegan) In pg_waldump with the --bkp-details option, avoid emitting extra newlines for WAL records involving full-page writes (Andres Freund) Fix small memory leak in pg_waldump (Andres Freund) Fix vacuumdb with a high --jobs option to handle running out of file descriptors better (Michael Paquier) Fix PL/pgSQL to handle replacements of composite types better (Tom Lane) Cover the case where a composite type is dropped entirely, and then a new type of the same name is created, between executions of a PL/pgSQL function. Variables of the composite type will now update to match the new definition. Fix contrib/amcheck to skip unlogged indexes during hot standby (Andrey Borodin, Peter Geoghegan) An unlogged index won't necessarily contain valid data in this context, so don't try to check it. Fix contrib/intarray's GiST opclasses to not fail for empty arrays with <@ (Tom Lane) A clause like array_column <@ constant_array is considered indexable, but the index search may not find empty array values; of course, such entries should trivially match the search. The only practical back-patchable fix for this requires making <@ index searches scan the whole index, which is what this patch does. This is unfortunate: it means that the query performance is likely worse than a plain sequential scan would be. Applications whose performance is adversely impacted by this change have a couple of options. They could switch to a GIN index, which doesn't have this bug, or they could replace array_column <@ constant_array with array_column <@ constant_array AND array_column && constant_array. That will provide about the same performance as before, and it will find all non-empty subsets of the given constant array, which is all that could reliably be expected of the query before. Fix configure's test for presence of libperl so that it works on recent Red Hat releases (Tom Lane) Previously, it could fail if the user sets CFLAGS to -O0. Ensure correct code generation for spinlocks on PowerPC (Noah Misch) The previous spinlock coding allowed the compiler to select register zero for use with an assembly instruction that does not accept that register, causing a build failure. We have seen only one long-ago report that matches this bug, but it could cause problems for people trying to build modified PostgreSQL code or use atypical compiler options. On PowerPC, avoid depending on the xlc compiler's __fetch_and_add() function (Noah Misch) xlc 13 and newer interpret this function in a way incompatible with our usage, resulting in an unusable build of PostgreSQL. Fix by using custom assembly code instead. On AIX, don't use the compiler option -qsrcmsg (Noah Misch) This avoids an internal compiler error with xlc v16.1.0, with little consequence other than changing the format of compiler error messages. Fix MSVC build process to cope with spaces in the file path of OpenSSL (Andrew Dunstan) Update time zone data files to tzdata release 2019c for DST law changes in Fiji and Norfolk Island, plus historical corrections for Alberta, Austria, Belgium, British Columbia, Cambodia, Hong Kong, Indiana (Perry County), Kaliningrad, Kentucky, Michigan, Norfolk Island, South Korea, and Turkey. 2019-08-08 This release contains a variety of fixes from 11.4. For information about new features in major release 11, see . A dump/restore is not required for those running 11.X. However, if you are upgrading from a version earlier than 11.1, see . Require schema qualification to cast to a temporary type when using functional cast syntax (Noah Misch) We have long required invocations of temporary functions to explicitly specify the temporary schema, that is pg_temp.func_name(args). Require this as well for casting to temporary types using functional notation, for example pg_temp.type_name(arg). Otherwise it's possible to capture a function call using a temporary object, allowing privilege escalation in much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208) Fix execution of hashed subplans that require cross-type comparison (Tom Lane, Andreas Seltenreich) Hashed subplans used the outer query's original comparison operator to compare entries of the hash table. This is the wrong thing if that operator is cross-type, since all the hash table entries will be of the subquery's output type. For the set of hashable cross-type operators in core PostgreSQL, this mistake seems nearly harmless on 64-bit machines, but it can result in crashes or perhaps unauthorized disclosure of server memory on 32-bit machines. Extensions might provide hashable cross-type operators that create larger risks. (CVE-2019-10209) Fix failure of ALTER TABLE ... ALTER COLUMN TYPE when altering multiple columns' types in one command (Tom Lane) This fixes a regression introduced in the most recent minor releases: indexes using the altered columns were not processed correctly, leading to strange failures during ALTER TABLE. Prevent dropping a partitioned table's trigger if there are pending trigger events in child partitions (Álvaro Herrera) This notably applies to foreign key constraints, since those are implemented by triggers. Include user-specified trigger arguments when copying a trigger definition from a partitioned table to one of its partitions (Patrick McHardy) Install dependencies to prevent dropping partition key columns (Tom Lane) ALTER TABLE ... DROP COLUMN will refuse to drop a column that is a partition key column. However, indirect drops (such as a cascade from dropping a key column's data type) had no such check, allowing the deletion of a key column. This resulted in a badly broken partitioned table that could neither be accessed nor dropped. This fix adds pg_depend entries that enforce that the whole partitioned table, not just the key column, will be dropped if a cascaded drop forces removal of the key column. However, such entries will only be created when a partitioned table is created; so this fix does not remove the risk for pre-existing partitioned tables. The issue can only arise for partition key columns of non-built-in data types, so it seems not to be a hazard for most users. Ensure that column numbers are correctly mapped between a partitioned table and its default partition (Amit Langote) Some operations misbehaved if the mapping wasn't exactly one-to-one, for example if there were dropped columns in one table and not the other. Ignore partitions that are foreign tables when creating indexes on partitioned tables (Álvaro Herrera) Previously an error was thrown on encountering a foreign-table partition, but that's unhelpful and doesn't protect against any actual problem. Prune a partitioned table's default partition (that is, avoid uselessly scanning it) in more cases (Yuzuko Hosoya) Fix possible failure to prune partitions when there are multiple partition key columns of boolean type (David Rowley) Don't optimize away GROUP BY columns when the table involved is an inheritance parent (David Rowley) Normally, if a table's primary key column(s) are included in GROUP BY, it's safe to drop any other grouping columns, since the primary key columns are enough to make the groups unique. This rule does not work if the query is also reading inheritance child tables, though; the parent's uniqueness does not extend to the children. Avoid incorrect use of parallel hash join for semi-join queries (Thomas Munro) This error resulted in duplicate result rows from some EXISTS queries. Avoid using unnecessary sort steps for some queries with GROUPING SETS (Andrew Gierth, Richard Guo) Fix possible failure of planner's index endpoint probes (Tom Lane) When using a recently-created index to determine the minimum or maximum value of a column, the planner could select a recently-dead tuple that does not actually contain the endpoint value. In the worst case the tuple might contain a null, resulting in a visible error found unexpected null value in index; more likely we would just end up using the wrong value, degrading the quality of planning estimates. Fix failure to access trigger transition tables during EvalPlanQual rechecks (Alex Aktsipetrov) Triggers that rely on transition tables sometimes failed in the presence of concurrent updates. Fix mishandling of multi-column foreign keys when rebuilding a foreign key constraint (Tom Lane) ALTER TABLE could make an incorrect decision about whether revalidation of a foreign key is necessary, if not all columns of the key are of the same type. It seems likely that the error would always have been in the conservative direction, that is revalidating unnecessarily. Don't build extended statistics for inheritance trees (Tomas Vondra) This avoids a tuple already updated by self error during ANALYZE. Avoid spurious deadlock errors when upgrading a tuple lock (Oleksii Kliukin) When two or more transactions are waiting for a transaction T1 to release a tuple-level lock, and T1 upgrades its lock to a higher level, a spurious deadlock among the waiting transactions could be reported when T1 finishes. Fix failure to resolve deadlocks involving multiple parallel worker processes (Rui Hai Jiang) It is not clear whether this bug is reachable with non-artificial queries, but if it did happen, the queries involved in an otherwise-resolvable deadlock would block until canceled. Prevent incorrect canonicalization of date ranges with infinity endpoints (Laurenz Albe) It's incorrect to try to convert an open range to a closed one or vice versa by incrementing or decrementing the endpoint value, if the endpoint is infinite; so leave the range alone in such cases. Fix loss of fractional digits when converting very large money values to numeric (Tom Lane) Fix printing of BTREE_META_CLEANUP WAL records (Michael Paquier) Prevent assertion failures due to mishandling of version-2 btree metapages (Peter Geoghegan) Fix spinlock assembly code for MIPS CPUs so that it works on MIPS r6 (YunQiang Su) Ensure that a record or row value returned from a PL/pgSQL function is marked with the function's declared composite type (Tom Lane) This avoids problems if the result is stored directly into a table. Make libpq ignore carriage return (\r) in connection service files (Tom Lane, Michael Paquier) In some corner cases, service files containing Windows-style newlines could be mis-parsed, resulting in connection failures. In psql, avoid offering incorrect tab completion options after SET variable = (Tom Lane) Fix a small memory leak in psql's \d command (Tom Lane) Fix pg_dump to ensure that custom operator classes are dumped in the right order (Tom Lane) If a user-defined opclass is the subtype opclass of a user-defined range type, related objects were dumped in the wrong order, producing an unrestorable dump. (The underlying failure to handle opclass dependencies might manifest in other cases too, but this is the only known case.) Fix possible lockup in pgbench when using -R option (Fabien Coelho) Improve reliability of contrib/amcheck's index verification (Peter Geoghegan) Fix handling of Perl undef values in contrib/jsonb_plperl (Ivan Panchenko) Fix contrib/passwordcheck to coexist with other users of check_password_hook (Michael Paquier) Fix contrib/sepgsql tests to work under recent SELinux releases (Mike Palmiotto) Improve stability of src/test/kerberos and src/test/ldap regression tests (Thomas Munro, Tom Lane) Improve stability of src/test/recovery regression tests (Michael Paquier) Reduce stderr output from pg_upgrade's test script (Tom Lane) Fix pgbench regression tests to work on Windows (Fabien Coelho) Fix TAP tests to work with msys Perl, in cases where the build directory is on a non-root msys mount point (Noah Misch) Support building Postgres with Microsoft Visual Studio 2019 (Haribabu Kommi) In Visual Studio builds, honor WindowsSDKVersion environment variable, if that's set (Peifeng Qiu) This fixes build failures in some configurations. Support OpenSSL 1.1.0 and newer in Visual Studio builds (Juan José Santamaría Flecha, Michael Paquier) Allow make options to be passed down to gmake when non-GNU make is invoked at the top level (Thomas Munro) Avoid choosing localtime or posixrules as TimeZone during initdb (Tom Lane) In some cases initdb would choose one of these artificial zone names over the real zone name. Prefer any other match to the C library's timezone behavior over these two. Adjust pg_timezone_names view to show the Factory time zone if and only if it has a short abbreviation (Tom Lane) Historically, IANA set up this artificial zone with an abbreviation like Local time zone must be set--see zic manual page. Modern versions of the tzdb database show -00 instead, but some platforms alter the data to show one or another of the historical phrases. Show this zone only if it uses the modern abbreviation. Sync our copy of the timezone library with IANA tzcode release 2019b (Tom Lane) This adds support for zic's new -b slim option to reduce the size of the installed zone files. We are not currently using that, but may enable it in future. Update time zone data files to tzdata release 2019b for DST law changes in Brazil, plus historical corrections for Hong Kong, Italy, and Palestine. 2019-06-20 This release contains a variety of fixes from 11.3. For information about new features in major release 11, see . A dump/restore is not required for those running 11.X. However, if you are upgrading from a version earlier than 11.1, see . Fix buffer-overflow hazards in SCRAM verifier parsing (Jonathan Katz, Heikki Linnakangas, Michael Paquier) Any authenticated user could cause a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could suffice for executing arbitrary code as the PostgreSQL operating system account. A similar overflow hazard existed in libpq, which could allow a rogue server to crash a client or perhaps execute arbitrary code as the client's operating system account. The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. (CVE-2019-10164) Fix assorted errors in run-time partition pruning logic (Tom Lane, Amit Langote, David Rowley) These mistakes could lead to wrong answers in queries on partitioned tables, if the comparison value used for pruning is dynamically determined, or if multiple range-partitioned columns are involved in pruning decisions, or if stable (not immutable) comparison operators are involved. Fix possible crash while trying to copy trigger definitions to a new partition (Tom Lane) Fix failure of ALTER TABLE ... ALTER COLUMN TYPE when the table has a partial exclusion constraint (Tom Lane) Fix failure of COMMENT command for comments on domain constraints (Daniel Gustafsson, Michael Paquier) Prevent possible memory clobber when there are duplicate columns in a hash aggregate's hash key list (Andrew Gierth) Fix incorrect argument null-ness checking during partial aggregation of aggregates with zero or multiple arguments (David Rowley, Kyotaro Horiguchi, Andres Freund) Fix faulty generation of merge-append plans (Tom Lane) This mistake could lead to could not find pathkey item to sort errors. Fix incorrect printing of queries with duplicate join names (Philip Dubé) This oversight caused a dump/restore failure for views containing such queries. Fix conversion of JSON string literals to JSON-type output columns in json_to_record() and json_populate_record() (Tom Lane) Such cases should produce the literal as a standalone JSON value, but the code misbehaved if the literal contained any characters requiring escaping. Fix misoptimization of {1,1} quantifiers in regular expressions (Tom Lane) Such quantifiers were treated as no-ops and optimized away; but the documentation specifies that they impose greediness, or non-greediness in the case of the non-greedy variant {1,1}?, on the subexpression they're attached to, and this did not happen. The misbehavior occurred only if the subexpression contained capturing parentheses or a back-reference. Avoid writing an invalid empty btree index page in the unlikely case that a failure occurs while processing INCLUDEd columns during a page split (Peter Geoghegan) The invalid page would not affect normal index operations, but it might cause failures in subsequent VACUUMs. If that has happened to one of your indexes, recover by reindexing the index. Avoid possible failures while initializing a new process's pg_stat_activity data (Tom Lane) Certain operations that could fail, such as converting strings extracted from an SSL certificate into the database encoding, were being performed inside a critical section. Failure there would result in database-wide lockup due to violating the access protocol for shared pg_stat_activity data. Fix race condition in check to see whether a pre-existing shared memory segment is still in use by a conflicting postmaster (Tom Lane) Fix unsafe coding in walreceiver's signal handler (Tom Lane) This avoids rare problems in which the walreceiver process would crash or deadlock when commanded to shut down. Avoid attempting to do database accesses for parameter checking in processes that are not connected to a specific database (Vignesh C, Andres Freund) This error could result in failures like cannot read pg_class without having selected a database. Avoid possible hang in libpq if using SSL and OpenSSL's pending-data buffer contains an exact multiple of 256 bytes (David Binderman) Improve initdb's handling of multiple equivalent names for the system time zone (Tom Lane, Andrew Gierth) Make initdb examine the /etc/localtime symbolic link, if that exists, to break ties between equivalent names for the system time zone. This makes initdb more likely to select the time zone name that the user would expect when multiple identical time zones exist. It will not change the behavior if /etc/localtime is not a symlink to a zone data file, nor if the time zone is determined from the TZ environment variable. Separately, prefer UTC over other spellings of that time zone, when neither TZ nor /etc/localtime provide a hint. This fixes an annoyance introduced by tzdata 2019a's change to make the UCT and UTC zone names equivalent: initdb was then preferring UCT, which almost nobody wants. Fix ordering of GRANT commands emitted by pg_dump and pg_dumpall for databases and tablespaces (Nathan Bossart, Michael Paquier) If cascading grants had been issued, restore might fail due to the GRANT commands being given in an order that didn't respect their interdependencies. Make pg_dump recreate table partitions using CREATE TABLE then ATTACH PARTITION, rather than including PARTITION OF in the creation command (Álvaro Herrera, David Rowley) This avoids problems with the partition's column order possibly being changed to match the parent's. Also, a partition is now restorable from the dump (as a standalone table) even if its parent table isn't restored; the ATTACH will fail, but that can just be ignored. Fix misleading error reports from reindexdb (Julien Rouhaud) Ensure that vacuumdb returns correct status if an error occurs while using parallel jobs (Julien Rouhaud) Fix contrib/auto_explain to not cause problems in parallel queries (Tom Lane) Previously, a parallel worker might try to log its query even if the parent query were not being logged by auto_explain. This would work sometimes, but it's confusing, and in some cases it resulted in failures like could not find key N in shm TOC. Also, fix an off-by-one error that resulted in not necessarily logging every query even when the sampling rate is set to 1.0. In contrib/postgres_fdw, account for possible data modifications by local BEFORE ROW UPDATE triggers (Shohei Mochizuki) If a trigger modified a column that was otherwise not changed by the UPDATE, the new value was not transmitted to the remote server. On Windows, avoid failure when the database encoding is set to SQL_ASCII and we attempt to log a non-ASCII string (Noah Misch) The code had been assuming that such strings must be in UTF-8, and would throw an error if they didn't appear to be validly encoded. Now, just transmit the untranslated bytes to the log. Make PL/pgSQL's header files C++-safe (George Tarasov) 2019-05-09 This release contains a variety of fixes from 11.2. For information about new features in major release 11, see . A dump/restore is not required for those running 11.X. However, if you are upgrading from a version earlier than 11.1, see . Prevent row-level security policies from being bypassed via selectivity estimators (Dean Rasheed) Some of the planner's selectivity estimators apply user-defined operators to values found in pg_statistic (e.g., most-common values). A leaky operator therefore can disclose some of the entries in a data column, even if the calling user lacks permission to read that column. In CVE-2017-7484 we added restrictions to forestall that, but we failed to consider the effects of row-level security. A user who has SQL permission to read a column, but who is forbidden to see certain rows due to RLS policy, might still learn something about those rows' contents via a leaky operator. This patch further tightens the rules, allowing leaky operators to be applied to statistics data only when there is no relevant RLS policy. (CVE-2019-10130) Avoid access to already-freed memory during partition routing error reports (Michael Paquier) This mistake could lead to a crash, and in principle it might be possible to use it to disclose server memory contents. (CVE-2019-10129) Avoid catalog corruption when an ALTER TABLE on a partitioned table finds that a partitioned index is reusable (Amit Langote, Tom Lane) This occurs, for example, when ALTER COLUMN TYPE finds that no physical table rewrite is required. Avoid catalog corruption when a temporary table with ON COMMIT DROP and an identity column is created in a single-statement transaction (Peter Eisentraut) This hazard was overlooked because the case is not actually useful, since the temporary table would be dropped immediately after creation. Fix failure in ALTER INDEX ... ATTACH PARTITION if the partitioned table contains more dropped columns than its partition does (Álvaro Herrera) Fix failure to attach a partition's existing index to a newly-created partitioned index in some cases (Amit Langote, Álvaro Herrera) This would lead to errors such as index ... not found in partition in subsequent DDL that uses the partitioned index. Avoid crash when an EPQ recheck is performed for a partitioned query result relation (Amit Langote) This occurs when using READ COMMITTED isolation level and another session has concurrently updated some of the target row(s). Fix tuple routing in multi-level partitioned tables that have dropped attributes (Amit Langote, Michael Paquier) Fix failure when the slow path of foreign key constraint initial validation is applied to partitioned tables (Hadi Moshayedi, Tom Lane, Andres Freund) This didn't manifest except in the uncommon cases where the fast path can't be used (such as permissions problems). Fix behavior for an UPDATE or DELETE on an inheritance tree or partitioned table in which every table can be excluded (Amit Langote, Tom Lane) In such cases, the query did not report the correct set of output columns when a RETURNING clause was present, and if there were any statement-level triggers that should be fired, it didn't fire them. When accessing a partition directly, and constraint_exclusion is set to on, use the partition's partition constraint as well as any CHECK constraints for exclusion checking (Amit Langote, Tom Lane) This change restores the behavior to what it was in v10. Avoid server crash when an error occurs while trying to persist a cursor query across a transaction commit (Tom Lane) If a procedure attempts to commit while it has an open explicit or implicit cursor (for example, a PL/pgSQL FOR-loop query), the cursor must be executed to completion and its results saved before the transaction commit can be performed. An error occurring during such execution led to a crash. Avoid throwing incorrect errors for updates of temporary tables and unlogged tables when a FOR ALL TABLES publication exists (Peter Eisentraut) Such tables should be ignored for publication purposes, but some parts of the code failed to do so. Fix handling of explicit DEFAULT items in an INSERT ... VALUES command with multiple VALUES rows, if the target relation is an updatable view (Amit Langote, Dean Rasheed) When the updatable view has no default for the column but its underlying table has one, a single-row INSERT ... VALUES will use the underlying table's default. In the multi-row case, however, NULL was always used. Correct it to act like the single-row case. Fix CREATE VIEW to allow zero-column views (Ashutosh Sharma) We should allow this for consistency with allowing zero-column tables. Since a table can be converted to a view, zero-column views could be created even with the restriction in place, leading to dump/reload failures. Add missing support for CREATE TABLE IF NOT EXISTS ... AS EXECUTE ... (Andreas Karlsson) The combination of IF NOT EXISTS and EXECUTE should work, but the grammar omitted it. Ensure that sub-SELECTs appearing in row-level-security policy expressions are executed with the correct user's permissions (Dean Rasheed) Previously, if the table having the RLS policy was accessed via a view, such checks might be executed as the user calling the view, not as the view owner as they should be. Accept XML documents as valid values of type xml when xmloption is set to content, as required by SQL:2006 and later (Chapman Flack) Previously PostgreSQL followed the SQL:2003 definition, which doesn't allow this. But that creates a serious problem for dump/restore: there is no setting of xmloption that will accept all valid XML data. Hence, switch to the 2006 definition. pg_dump is also modified to emit SET xmloption = content while restoring data, ensuring that dump/restore works even if the prevailing setting is document. Improve server's startup-time checks for whether a pre-existing shared memory segment is still in use (Noah Misch) The postmaster is now more likely to detect that there are still active processes from a previous postmaster incarnation, even if the postmaster.pid file has been removed. Avoid possible division-by-zero in btree index vacuum logic (Piotr Stefaniak, Alexander Korotkov) This could lead to incorrect decisions about whether index cleanup is needed. Avoid counting parallel workers' transactions as separate transactions (Haribabu Kommi) Fix incompatibility of GIN-index WAL records (Alexander Korotkov) A fix applied in February's minor releases was not sufficiently careful about backwards compatibility, leading to problems if a standby server of that vintage reads GIN page-deletion WAL records generated by a primary server of a previous minor release. Fix possible crash while executing a SHOW command in a replication connection (Michael Paquier) Avoid server memory leak when fetching rows from a portal one at a time (Tom Lane) Avoid memory leak when a partition's relation cache entry is rebuilt (Amit Langote, Tom Lane) Tolerate EINVAL and ENOSYS error results, where appropriate, for fsync and sync_file_range calls (Thomas Munro, James Sewell) The previous change to panic on file synchronization failures turns out to have been excessively paranoid for certain cases where a failure is predictable and essentially means operation not supported. Report correct relation name in autovacuum's pg_stat_activity display during BRIN summarize operations (Álvaro Herrera) Avoid crash when trying to plan a partition-wise join when GEQO is active (Tom Lane) Fix failed to build any N-way joins planner failures with lateral references leading out of FULL outer joins (Tom Lane) Fix misplanning of queries in which a set-returning function is applied to a relation that is provably empty (Tom Lane, Julien Rouhaud) In v10, this oversight only led to slightly inefficient plans, but in v11 it could cause set-valued function called in context that cannot accept a set errors. Check the appropriate user's permissions when enforcing rules about letting a leaky operator see pg_statistic data (Dean Rasheed) When an underlying table is being accessed via a view, consider the privileges of the view owner while deciding whether leaky operators may be applied to the table's statistics data, rather than the privileges of the user making the query. This makes the planner's rules about what data is visible match up with the executor's, avoiding unnecessarily-poor plans. Fix planner's parallel-safety assessment for grouped queries (Etsuro Fujita) Previously, target-list evaluation work that could have been parallelized might not be. Fix mishandling of included index columns in planner's unique-index logic (Tom Lane) This could result in failing to recognize that a unique index with included columns proves uniqueness of a query result, leading to a poor plan. Fix incorrect strictness check for array coercion expressions (Tom Lane) This might allow, for example, incorrect inlining of a strict SQL function, leading to non-enforcement of the strictness condition. Speed up planning when there are many equality conditions and many potentially-relevant foreign key constraints (David Rowley) Avoid O(N^2) performance issue when rolling back a transaction that created many tables (Tomas Vondra) Fix corner-case server crashes in dynamic shared memory allocation (Thomas Munro, Robert Haas) Fix race conditions in management of dynamic shared memory (Thomas Munro) These could lead to dsa_area could not attach to segment or cannot unpin a segment that is not pinned errors. Fix race condition in which a hot-standby postmaster could fail to shut down after receiving a smart-shutdown request (Tom Lane) Fix possible crash when pg_identify_object_as_address() is given invalid input (Álvaro Herrera) Fix possible could not access status of transaction failures in txid_status() (Thomas Munro) Fix authentication failure when attempting to use SCRAM authentication with mixed OpenSSL library versions (Michael Paquier, Peter Eisentraut) If libpq is using OpenSSL 1.0.1 or older while the server is using OpenSSL 1.0.2 or newer, the negotiation of which SASL mechanism to use went wrong, leading to a confusing channel binding not supported by this build error message. Tighten validation of encoded SCRAM-SHA-256 and MD5 passwords (Jonathan Katz) A password string that had the right initial characters could be mistaken for one that is correctly hashed into SCRAM-SHA-256 or MD5 format. The password would be accepted but would be unusable later. Fix handling of lc_time settings that imply an encoding different from the database's encoding (Juan José Santamaría Flecha, Tom Lane) Localized month or day names that include non-ASCII characters previously caused unexpected errors or wrong output in such locales. Create the current_logfiles file with the same permissions as other files in the server's data directory (Haribabu Kommi) Previously it used the permissions specified by log_file_mode, but that can cause problems for backup utilities. Fix incorrect operator_precedence_warning checks involving unary minus operators (Rikard Falkeborn) Disallow NaN as a value for floating-point server parameters (Tom Lane) Rearrange REINDEX processing to avoid assertion failures when reindexing individual indexes of pg_class (Andres Freund, Tom Lane) Fix planner assertion failure for parameterized dummy paths (Tom Lane) Insert correct test function in the result of SnapBuildInitialSnapshot() (Antonin Houska) No core code cares about this, but some extensions do. Fix intermittent could not reattach to shared memory session startup failures on Windows (Noah Misch) A previously unrecognized source of these failures is creation of thread stacks for a process's default thread pool. Arrange for such stacks to be allocated in a different memory region. Fix error detection in directory scanning on Windows (Konstantin Knizhnik) Errors, such as lack of permissions to read the directory, were not detected or reported correctly; instead the code silently acted as though the directory were empty. Fix grammar problems in ecpg (Tom Lane) A missing semicolon led to mistranslation of SET variable = DEFAULT (but not SET variable TO DEFAULT) in ecpg programs, producing syntactically invalid output that the server would reject. Additionally, in a DROP TYPE or DROP DOMAIN command that listed multiple type names, only the first type name was actually processed. Sync ecpg's syntax for CREATE TABLE AS with the server's (Daisuke Higuchi) Fix possible buffer overruns in ecpg's processing of include filenames (Liu Huailing, Fei Wu) Fix pg_rewind failures due to failure to remove some transient files in the target data directory (Michael Paquier) Make pg_verify_checksums verify that the data directory it's pointed at is of the right PostgreSQL version (Michael Paquier) Avoid crash in contrib/postgres_fdw when a query using remote grouping or aggregation has a SELECT-list item that is an uncorrelated sub-select, outer reference, or parameter symbol (Tom Lane) Change contrib/postgres_fdw to report an error when a remote partition chosen to insert a routed row into is also an UPDATE subplan target that will be updated later in the same command (Amit Langote, Etsuro Fujita) Previously, such situations led to server crashes or incorrect results of the UPDATE. Allowing such cases to work correctly is a matter for future work. In contrib/pg_prewarm, avoid indefinitely respawning background worker processes if prewarming fails for some reason (Mithun Cy) Avoid crash in contrib/vacuumlo if an lo_unlink() call failed (Tom Lane) Sync our copy of the timezone library with IANA tzcode release 2019a (Tom Lane) This corrects a small bug in zic that caused it to output an incorrect year-2440 transition in the Africa/Casablanca zone, and adds support for zic's new -r option. Update time zone data files to tzdata release 2019a for DST law changes in Palestine and Metlakatla, plus historical corrections for Israel. Etc/UCT is now a backward-compatibility link to Etc/UTC, instead of being a separate zone that generates the abbreviation UCT, which nowadays is typically a typo. PostgreSQL will still accept UCT as an input zone abbreviation, but it won't output it. 2019-02-14 This release contains a variety of fixes from 11.1. For information about new features in major release 11, see . A dump/restore is not required for those running 11.X. However, if you are upgrading from a version earlier than 11.1, see . By default, panic instead of retrying after fsync() failure, to avoid possible data corruption (Craig Ringer, Thomas Munro) Some popular operating systems discard kernel data buffers when unable to write them out, reporting this as fsync() failure. If we reissue the fsync() request it will succeed, but in fact the data has been lost, so continuing risks database corruption. By raising a panic condition instead, we can replay from WAL, which may contain the only remaining copy of the data in such a situation. While this is surely ugly and inefficient, there are few alternatives, and fortunately the case happens very rarely. A new server parameter has been added to control this; if you are certain that your kernel does not discard dirty data buffers in such scenarios, you can set data_sync_retry to on to restore the old behavior. Include each major release branch's release notes in the documentation for only that branch, rather than that branch and all later ones (Tom Lane) The duplication induced by the previous policy was getting out of hand. Our plan is to provide a full archive of release notes on the project's web site, but not duplicate it within each release. Fix handling of unique indexes with INCLUDE columns on partitioned tables (Álvaro Herrera) The uniqueness condition was not checked properly in such cases. Ensure that NOT NULL constraints of a partitioned table are honored within its partitions (Álvaro Herrera, Amit Langote) Update catalog state correctly for partition table constraints when detaching their partition (Amit Langote, Álvaro Herrera) Previously, the pg_constraint.conislocal field for such a constraint might improperly be left as false, rendering it undroppable. A dump/restore or pg_upgrade would cure the problem, but if necessary, the catalog field can be adjusted manually. Create or delete foreign key enforcement triggers correctly when attaching or detaching a partition in a partitioned table that has a foreign-key constraint (Amit Langote, Álvaro Herrera) Avoid useless creation of duplicate foreign key constraints in partitioned tables (Álvaro Herrera) When an index is created on a partitioned table using ONLY, and there are no partitions yet, mark it valid immediately (Álvaro Herrera) Otherwise there is no way to make it become valid. Use a safe table lock level when detaching a partition (Álvaro Herrera) The previous locking level was too weak and might allow concurrent DDL on the table, with bad results. Fix problems with applying ON COMMIT DROP and ON COMMIT DELETE ROWS to partitioned tables and tables with inheritance children (Michael Paquier) Disallow COPY FREEZE on partitioned tables (David Rowley) This should eventually be made to work, but it may require a patch that's too complicated to risk back-patching. Fix possible index corruption when the indexed column has a fast default (that is, it was added by ALTER TABLE ADD COLUMN with a constant non-NULL default value specified, after the table already contained some rows) (Andres Freund) Correctly adjust fast default values during ALTER TABLE ... ALTER COLUMN TYPE (Andrew Dunstan) Avoid possible deadlock when acquiring multiple buffer locks (Nishant Fnu) Avoid deadlock between GIN vacuuming and concurrent index insertions (Alexander Korotkov, Andrey Borodin, Peter Geoghegan) This change partially reverts a performance improvement, introduced in version 10.0, that attempted to reduce the number of index pages locked during deletion of a GIN posting tree page. That's now been found to lead to deadlocks, so we've removed it pending closer analysis. Avoid deadlock between hot-standby queries and replay of GIN index page deletion (Alexander Korotkov) Fix possible crashes in logical replication when index expressions or predicates are in use (Peter Eisentraut) Avoid useless and expensive logical decoding of TOAST data during a table rewrite (Tomas Vondra) Fix logic for stopping a subset of WAL senders when synchronous replication is enabled (Paul Guo, Michael Paquier) Avoid possibly writing an incorrect replica identity field in a tuple deletion WAL record (Stas Kelvich) Prevent incorrect use of WAL-skipping optimization during COPY to a view or foreign table (Amit Langote, Michael Paquier) Make the archiver prioritize WAL history files over WAL data files while choosing which file to archive next (David Steele) Fix possible crash in UPDATE with a multiple SET clause using a sub-SELECT as source (Tom Lane) Fix crash when zero rows are fed to json[b]_populate_recordset() or json[b]_to_recordset() (Tom Lane) Avoid crash if libxml2 returns a null error message (Sergio Conde Gómez) Fix incorrect JIT tuple deforming code for tables with many columns (more than approximately 800) (Andres Freund) Fix performance and memory leakage issues in hash-based grouping (Andres Freund) Fix spurious grouping-related parser errors caused by inconsistent handling of collation assignment (Andrew Gierth) In some cases, expressions that should be considered to match were not seen as matching, if they included operations on collatable data types. Fix parsing of collation-sensitive expressions in the arguments of a CALL statement (Peter Eisentraut) Ensure proper cleanup after detecting an error in the argument list of a CALL statement (Tom Lane) Check whether the comparison function underlying LEAST() or GREATEST() is leakproof, rather than just assuming it is (Tom Lane) Actual information leaks from btree comparison functions are typically hard to provoke, but in principle they could happen. Fix incorrect planning of queries involving nested loops both above and below a Gather plan node (Tom Lane) If both levels of nestloop needed to pass the same variable into their right-hand sides, an incorrect plan would be generated. Fix incorrect planning of queries in which a lateral reference must be evaluated at a foreign table scan (Tom Lane) Fix planner failure when the first column of a row comparison matches an index column, but later column(s) do not, and the index has included (non-key) columns (Tom Lane) Fix corner-case underestimation of the cost of a merge join (Tom Lane) The planner could prefer a merge join when the outer key range is much smaller than the inner key range, even if there are so many duplicate keys on the inner side that this is a poor choice. Avoid O(N^2) planning time growth when a query contains many thousand indexable clauses (Tom Lane) Improve planning speed for large inheritance or partitioning table groups (Amit Langote, Etsuro Fujita) Improve ANALYZE's handling of concurrently-updated rows (Jeff Janes, Tom Lane) Previously, rows deleted by an in-progress transaction were omitted from ANALYZE's sample, but this has been found to lead to more inconsistency than including them would do. In effect, the sample now corresponds to an MVCC snapshot as of ANALYZE's start time. Make TRUNCATE ignore inheritance child tables that are temporary tables of other sessions (Amit Langote, Michael Paquier) This brings TRUNCATE into line with the behavior of other commands. Previously, such cases usually ended in failure. Fix TRUNCATE to update the statistics counters for the right table (Tom Lane) If the truncated table had a TOAST table, that table's counters were reset instead. Process ALTER TABLE ONLY ADD COLUMN IF NOT EXISTS correctly (Greg Stark) Allow UNLISTEN in hot-standby mode (Shay Rojansky) This is necessarily a no-op, because LISTEN isn't allowed in hot-standby mode; but allowing the dummy operation simplifies session-state-reset logic in clients. Fix missing role dependencies in some schema and data type permissions lists (Tom Lane) In some cases it was possible to drop a role to which permissions had been granted. This caused no immediate problem, but a subsequent dump/reload or upgrade would fail, with symptoms involving attempts to grant privileges to all-numeric role names. Prevent use of a session's temporary schema within a two-phase transaction (Michael Paquier) Accessing a temporary table within such a transaction has been forbidden for a long time, but it was still possible to cause problems with other operations on temporary objects. Ensure relation caches are updated properly after adding or removing foreign key constraints (Álvaro Herrera) This oversight could result in existing sessions failing to enforce a newly-created constraint, or continuing to enforce a dropped one. Ensure relation caches are updated properly after renaming constraints (Amit Langote) Fix replay of GiST index micro-vacuum operations so that concurrent hot-standby queries do not see inconsistent state (Alexander Korotkov) Prevent empty GIN index pages from being reclaimed too quickly, causing failures of concurrent searches (Andrey Borodin, Alexander Korotkov) Fix edge-case failures in float-to-integer coercions (Andrew Gierth, Tom Lane) Values very slightly above the maximum valid integer value might not be rejected, and then would overflow, producing the minimum valid integer instead. Also, values that should round to the minimum or maximum integer value might be incorrectly rejected. Fix parsing of space-separated lists of host names in the ldapserver parameter of LDAP authentication entries in pg_hba.conf (Thomas Munro) When making a PAM authentication request, don't set the PAM_RHOST variable if the connection is via a Unix socket (Thomas Munro) Previously that variable would be set to [local], which is at best unhelpful, since it's supposed to be a host name. Disallow setting client_min_messages higher than ERROR (Jonah Harris, Tom Lane) Previously, it was possible to set this variable to FATAL or PANIC, which had the effect of suppressing transmission of ordinary error messages to the client. However, that's contrary to guarantees that are given in the PostgreSQL wire protocol specification, and it caused some clients to become very confused. In released branches, fix this by silently treating such settings as meaning ERROR instead. Version 12 and later will reject those alternatives altogether. Fix ecpglib to use uselocale() or _configthreadlocale() in preference to setlocale() (Michael Meskes, Tom Lane) Since setlocale() is not thread-local, and might not even be thread-safe, the previous coding caused problems in multi-threaded ecpg applications. Fix incorrect results for numeric data passed through an ecpg SQLDA (SQL Descriptor Area) (Daisuke Higuchi) Values with leading zeroes were not copied correctly. Fix psql's \g target meta-command to work with COPY TO STDOUT (Daniel Vérité) Previously, the target option was ignored, so that the copy data always went to the current query output target. Make psql's LaTeX output formats render special characters properly (Tom Lane) Backslash and some other ASCII punctuation characters were not rendered correctly, leading to document syntax errors or wrong characters in the output. Make pgbench's random number generation fully deterministic and platform-independent when --random-seed=N is specified (Fabien Coelho, Tom Lane) On any specific platform, the sequence obtained with a particular value of N will probably be different from what it was before this patch. Fix pg_basebackup and pg_verify_checksums to ignore temporary files appropriately (Michael Banck, Michael Paquier) Fix pg_dump's handling of materialized views with indirect dependencies on primary keys (Tom Lane) This led to mis-labeling of such views' dump archive entries, causing harmless warnings about archive items not in correct section order; less harmlessly, selective-restore options depending on those labels, such as --section, might misbehave. Make pg_dump include ALTER INDEX SET STATISTICS commands (Michael Paquier) When the ability to attach statistics targets to index expressions was added, we forgot to teach pg_dump about it, so that such settings were lost in dump/reload. Fix pg_dump's dumping of tables that have OIDs (Peter Eisentraut) The WITH OIDS clause was omitted if it needed to be applied to the first table to be dumped. Avoid null-pointer-dereference crash on some platforms when pg_dump or pg_restore tries to report an error (Tom Lane) Prevent false index-corruption reports from contrib/amcheck caused by inline-compressed data (Peter Geoghegan) Properly disregard SIGPIPE errors if COPY FROM PROGRAM stops reading the program's output early (Tom Lane) This case isn't actually reachable directly with COPY, but it can happen when using contrib/file_fdw. Fix contrib/hstore to calculate correct hash values for empty hstore values that were created in version 8.4 or before (Andrew Gierth) The previous coding did not give the same result as for an empty hstore value created by a newer version, thus potentially causing wrong results in hash joins or hash aggregation. It is advisable to reindex any hash indexes built on hstore columns, if the table might contain data that was originally stored as far back as 8.4 and was never dumped/reloaded since then. Avoid crashes and excessive runtime with large inputs to contrib/intarray's gist__int_ops index support (Andrew Gierth) In configure, look for python3 and then python2 if python isn't found (Peter Eisentraut) This allows PL/Python to be configured without explicitly specifying PYTHON on platforms that no longer provide an unversioned python executable. Include JIT-related headers in the installed set of header files (Donald Dong) Support new Makefile variables PG_CFLAGS, PG_CXXFLAGS, and PG_LDFLAGS in pgxs builds (Christoph Berg) This simplifies customization of extension build processes. Fix Perl-coded build scripts to not assume . is in the search path, since recent Perl versions don't include that (Andrew Dunstan) Fix server command-line option parsing problems on OpenBSD (Tom Lane) Relocate call of set_rel_pathlist_hook so that extensions can use it to supply partial paths for parallel queries (KaiGai Kohei) This is not expected to affect existing use-cases. Update time zone data files to tzdata release 2018i for DST law changes in Kazakhstan, Metlakatla, and Sao Tome and Principe. Kazakhstan's Qyzylorda zone is split in two, creating a new zone Asia/Qostanay, as some areas did not change UTC offset. Historical corrections for Hong Kong and numerous Pacific islands. 2018-11-08 This release contains a variety of fixes from 11.0. For information about new features in major release 11, see . A dump/restore is not required for those running 11.X. However, if you use the pg_stat_statements extension, see the changelog entry below about that. Ensure proper quoting of transition table names when pg_dump emits CREATE TRIGGER ... REFERENCING commands (Tom Lane) This oversight could be exploited by an unprivileged user to gain superuser privileges during the next dump/reload or pg_upgrade run. (CVE-2018-16850) Apply the tablespace specified for a partitioned index when creating a child index (Álvaro Herrera) Previously, child indexes were always created in the default tablespace. Fix NULL handling in parallel hashed multi-batch left joins (Andrew Gierth, Thomas Munro) Outer-relation rows with null values of the hash key were omitted from the join result. Fix incorrect processing of an array-type coercion expression appearing within a CASE clause that has a constant test expression (Tom Lane) Fix incorrect expansion of tuples lacking recently-added columns (Andrew Dunstan, Amit Langote) This is known to lead to crashes in triggers on tables with recently-added columns, and could have other symptoms as well. Fix bugs with named or defaulted arguments in CALL argument lists (Tom Lane, Pavel Stehule) Fix strictness check for strict aggregates with ORDER BY columns (Andrew Gierth, Andres Freund) The strictness logic incorrectly ignored rows for which the ORDER BY value(s) were null. Disable recheck_on_update optimization (Tom Lane) This new-in-v11 feature turns out not to have been ready for prime time. Disable it until something can be done about it. Prevent creation of a partition in a trigger attached to its parent table (Amit Langote) Ideally we'd allow that, but for the moment it has to be blocked to avoid crashes. Fix problems with applying ON COMMIT DELETE ROWS to a partitioned temporary table (Amit Langote) Fix character-class checks to not fail on Windows for Unicode characters above U+FFFF (Tom Lane, Kenji Uno) This bug affected full-text-search operations, as well as contrib/ltree and contrib/pg_trgm. Ensure that the server will process already-received NOTIFY and SIGTERM interrupts before waiting for client input (Jeff Janes, Tom Lane) Fix memory leak in repeated SP-GiST index scans (Tom Lane) This is only known to amount to anything significant in cases where an exclusion constraint using SP-GiST receives many new index entries in a single command. Prevent starting the server with wal_level set to too low a value to support an existing replication slot (Andres Freund) Fix psql, as well as documentation examples, to call PQconsumeInput() before each PQnotifies() call (Tom Lane) This fixes cases in which psql would not report receipt of a NOTIFY message until after the next command. Fix pg_verify_checksums's determination of which files to check the checksums of (Michael Paquier) In some cases it complained about files that are not expected to have checksums. In contrib/pg_stat_statements, disallow the pg_read_all_stats role from executing pg_stat_statements_reset() (Haribabu Kommi) pg_read_all_stats is only meant to grant permission to read statistics, not to change them, so this grant was incorrect. To cause this change to take effect, run ALTER EXTENSION pg_stat_statements UPDATE in each database where pg_stat_statements has been installed. (A database freshly created in 11.0 should not need this, but a database upgraded from a previous release probably still contains the old version of pg_stat_statements. The UPDATE command is harmless if the module was already updated.) Rename red-black tree support functions to use rbt prefix not rb prefix (Tom Lane) This avoids name collisions with Ruby functions, which broke PL/Ruby. It's hoped that there are no other affected extensions. Fix build problems on macOS 10.14 (Mojave) (Tom Lane) Adjust configure to add an -isysroot switch to CPPFLAGS; without this, PL/Perl and PL/Tcl fail to configure or build on macOS 10.14. The specific sysroot used can be overridden at configure time or build time by setting the PG_SYSROOT variable in the arguments of configure or make. It is now recommended that Perl-related extensions write $(perl_includespec) rather than -I$(perl_archlibexp)/CORE in their compiler flags. The latter continues to work on most platforms, but not recent macOS. Also, it should no longer be necessary to specify --with-tclconfig manually to get PL/Tcl to build on recent macOS releases. Fix MSVC build and regression-test scripts to work on recent Perl versions (Andrew Dunstan) Perl no longer includes the current directory in its search path by default; work around that. On Windows, allow the regression tests to be run by an Administrator account (Andrew Dunstan) To do this safely, pg_regress now gives up any such privileges at startup. Update time zone data files to tzdata release 2018g for DST law changes in Chile, Fiji, Morocco, and Russia (Volgograd), plus historical corrections for China, Hawaii, Japan, Macau, and North Korea. 2018-10-18 Major enhancements in PostgreSQL 11 include: Improvements to partitioning functionality, including: Add support for partitioning by a hash key Add support for PRIMARY KEY, FOREIGN KEY, indexes, and triggers on partitioned tables Allow creation of a default partition for storing data that does not match any of the remaining partitions UPDATE statements that change a partition key column now cause affected rows to be moved to the appropriate partitions Improve SELECT performance through enhanced partition elimination strategies during query planning and execution Improvements to parallelism, including: CREATE INDEX can now use parallel processing while building a B-tree index Parallelization is now possible in CREATE TABLE ... AS, CREATE MATERIALIZED VIEW, and certain queries using UNION Parallelized hash joins and parallelized sequential scans now perform better SQL stored procedures that support embedded transactions Optional Just-in-Time (JIT) compilation for some SQL code, speeding evaluation of expressions Window functions now support all framing options shown in the SQL:2011 standard, including RANGE distance PRECEDING/FOLLOWING, GROUPS mode, and frame exclusion options Covering indexes can now be created, using the INCLUDE clause of CREATE INDEX Many other useful performance improvements, including the ability to avoid a table rewrite for ALTER TABLE ... ADD COLUMN with a non-null column default The above items are explained in more detail in the sections below. A dump/restore using or use of or logical replication is required for those wishing to migrate data from any previous release. See for general information on migrating to new major releases. Version 11 contains a number of changes that may affect compatibility with previous releases. Observe the following incompatibilities: Make pg_dump dump the properties of a database, not just its contents (Haribabu Kommi) Previously, attributes of the database itself, such as database-level GRANT/REVOKE permissions and ALTER DATABASE SET variable settings, were only dumped by pg_dumpall. Now pg_dump --create and pg_restore --create will restore these database properties in addition to the objects within the database. pg_dumpall -g now only dumps role- and tablespace-related attributes. pg_dumpall's complete output (without -g) is unchanged. pg_dump and pg_restore, without --create, no longer dump/restore database-level comments and security labels; those are now treated as properties of the database. pg_dumpall's output script will now always create databases with their original locale and encoding, and hence will fail if the locale or encoding name is unknown to the destination system. Previously, CREATE DATABASE would be emitted without these specifications if the database locale and encoding matched the old cluster's defaults. pg_dumpall --clean now restores the original locale and encoding settings of the postgres and template1 databases, as well as those of user-created databases. Consider syntactic form when disambiguating function versus column references (Tom Lane) When x is a table name or composite column, PostgreSQL has traditionally considered the syntactic forms f(x) and x.f to be equivalent, allowing tricks such as writing a function and then using it as though it were a computed-on-demand column. However, if both interpretations are feasible, the column interpretation was always chosen, leading to surprising results if the user intended the function interpretation. Now, if there is ambiguity, the interpretation that matches the syntactic form is chosen. Fully enforce uniqueness of table and domain constraint names (Tom Lane) PostgreSQL expects the names of a table's constraints to be distinct, and likewise for the names of a domain's constraints. However, there was not rigid enforcement of this, and previously there were corner cases where duplicate names could be created. Make power(numeric, numeric) and power(float8, float8) handle NaN inputs according to the POSIX standard (Tom Lane, Dang Minh Huong) POSIX says that NaN ^ 0 = 1 and 1 ^ NaN = 1, but all other cases with NaN input(s) should return NaN. power(numeric, numeric) just returned NaN in all such cases; now it honors the two exceptions. power(float8, float8) followed the standard if the C library does; but on some old Unix platforms the library doesn't, and there were also problems on some versions of Windows. Prevent to_number() from consuming characters when the template separator does not match (Oliver Ford) Specifically, SELECT to_number('1234', '9,999') used to return 134. It will now return 1234. L and TH now only consume characters that are not digits, positive/negative signs, decimal points, or commas. Fix to_date(), to_number(), and to_timestamp() to skip a character for each template character (Tom Lane) Previously, they skipped one byte for each byte of template character, resulting in strange behavior if either string contained multibyte characters. Adjust the handling of backslashes inside double-quotes in template strings for to_char(), to_number(), and to_timestamp(). Such a backslash now escapes the character after it, particularly a double-quote or another backslash. Correctly handle relative path expressions in xmltable(), xpath(), and other XML-handling functions (Markus Winand) Per the SQL standard, relative paths start from the document node of the XML input document, not the root node as these functions previously did. In the extended query protocol, make statement_timeout apply to each Execute message separately, not to all commands before Sync (Tatsuo Ishii, Andres Freund) Remove the relhaspkey column from system catalog pg_class (Peter Eisentraut) Applications needing to check for a primary key should consult pg_index. Replace system catalog pg_proc's proisagg and proiswindow columns with prokind (Peter Eisentraut) This new column more clearly distinguishes functions, procedures, aggregates, and window functions. Correct information schema column tables.table_type to return FOREIGN instead of FOREIGN TABLE (Peter Eisentraut) This new output matches the SQL standard. Change the ps process display labels for background workers to match the pg_stat_activity.backend_type labels (Peter Eisentraut) Cause large object permission checks to happen during large object open, lo_open(), not when a read or write is attempted (Tom Lane, Michael Paquier) If write access is requested and not available, an error will now be thrown even if the large object is never written to. Prevent non-superusers from reindexing shared catalogs (Michael Paquier, Robert Haas) Previously, database owners were also allowed to do this, but now it is considered outside the bounds of their privileges. Remove deprecated adminpack functions pg_file_read(), pg_file_length(), and pg_logfile_rotate() (Stephen Frost) Equivalent functionality is now present in the core backend. Existing adminpack installs will continue to have access to these functions until they are updated via ALTER EXTENSION ... UPDATE. Honor the capitalization of double-quoted command options (Daniel Gustafsson) Previously, option names in certain SQL commands were forcibly lower-cased even if entered with double quotes; thus for example "FillFactor" would be accepted as an index storage option, though properly its name is lower-case. Such cases will now generate an error. Remove server parameter replacement_sort_tuples (Peter Geoghegan) Replacement sorts were determined to be no longer useful. Remove WITH clause in CREATE FUNCTION (Michael Paquier) PostgreSQL has long supported a more standard-compliant syntax for this capability. In PL/pgSQL trigger functions, the OLD and NEW variables now read as NULL when not assigned (Tom Lane) Previously, references to these variables could be parsed but not executed. Below you will find a detailed account of the changes between PostgreSQL 11 and the previous major release. Allow the creation of partitions based on hashing a key column (Amul Sul) Support indexes on partitioned tables (Álvaro Herrera, Amit Langote) An index on a partitioned table is not a physical index across the whole partitioned table, but rather a template for automatically creating similar indexes on each partition of the table. If the partition key is part of the index's column set, a partitioned index may be declared UNIQUE. It will represent a valid uniqueness constraint across the whole partitioned table, even though each physical index only enforces uniqueness within its own partition. The new command ALTER INDEX ATTACH PARTITION causes an existing index on a partition to be associated with a matching index template for its partitioned table. This provides flexibility in setting up a new partitioned index for an existing partitioned table. Allow foreign keys on partitioned tables (Álvaro Herrera) Allow FOR EACH ROW triggers on partitioned tables (Álvaro Herrera) Creation of a trigger on a partitioned table automatically creates triggers on all existing and future partitions. This also allows deferred unique constraints on partitioned tables. Allow partitioned tables to have a default partition (Jeevan Ladhe, Beena Emerson, Ashutosh Bapat, Rahila Syed, Robert Haas) The default partition will store rows that don't match any of the other defined partitions, and is searched accordingly. UPDATE statements that change a partition key column now cause affected rows to be moved to the appropriate partitions (Amit Khandekar) Allow INSERT, UPDATE, and COPY on partitioned tables to properly route rows to foreign partitions (Etsuro Fujita, Amit Langote) This is supported by postgres_fdw foreign tables. Since the ExecForeignInsert callback function is called for this in a different way than it used to be, foreign data wrappers must be modified to cope with this change. Allow faster partition elimination during query processing (Amit Langote, David Rowley, Dilip Kumar) This speeds access to partitioned tables with many partitions. Allow partition elimination during query execution (David Rowley, Beena Emerson) Previously, partition elimination only happened at planning time, meaning many joins and prepared queries could not use partition elimination. In an equality join between partitioned tables, allow matching partitions to be joined directly (Ashutosh Bapat) This feature is disabled by default but can be enabled by changing enable_partitionwise_join. Allow aggregate functions on partitioned tables to be evaluated separately for each partition, subsequently merging the results (Jeevan Chalke, Ashutosh Bapat, Robert Haas) This feature is disabled by default but can be enabled by changing enable_partitionwise_aggregate. Allow postgres_fdw to push down aggregates to foreign tables that are partitions (Jeevan Chalke) Allow parallel building of a btree index (Peter Geoghegan, Rushabh Lathia, Heikki Linnakangas) Allow hash joins to be performed in parallel using a shared hash table (Thomas Munro) Allow UNION to run each SELECT in parallel if the individual SELECTs cannot be parallelized (Amit Khandekar, Robert Haas, Amul Sul) Allow partition scans to more efficiently use parallel workers (Amit Khandekar, Robert Haas, Amul Sul) Allow LIMIT to be passed to parallel workers (Robert Haas, Tom Lane) This allows workers to reduce returned results and use targeted index scans. Allow single-evaluation queries, e.g. WHERE clause aggregate queries, and functions in the target list to be parallelized (Amit Kapila, Robert Haas) Add server parameter parallel_leader_participation to control whether the leader also executes subplans (Thomas Munro) The default is enabled, meaning the leader will execute subplans. Allow parallelization of commands CREATE TABLE ... AS, SELECT INTO, and CREATE MATERIALIZED VIEW (Haribabu Kommi) Improve performance of sequential scans with many parallel workers (David Rowley) Add reporting of parallel workers' sort activity in EXPLAIN (Robert Haas, Tom Lane) Allow B-tree indexes to include columns that are not part of the search key or unique constraint, but are available to be read by index-only scans (Anastasia Lubennikova, Alexander Korotkov, Teodor Sigaev) This is enabled by the new INCLUDE clause of CREATE INDEX. It facilitates building covering indexes that optimize specific types of queries. Columns can be included even if their data types don't have B-tree support. Improve performance of monotonically increasing index additions (Pavan Deolasee, Peter Geoghegan) Improve performance of hash index scans (Ashutosh Sharma) Add predicate locking for hash, GiST and GIN indexes (Shubham Barai) This reduces the likelihood of serialization conflicts in serializable-mode transactions. Add prefix-match operator text ^@ text, which is supported by SP-GiST (Ildus Kurbangaliev) This is similar to using var LIKE 'word%' with a btree index, but it is more efficient. Allow polygons to be indexed with SP-GiST (Nikita Glukhov, Alexander Korotkov) Allow SP-GiST to use lossy representation of leaf keys (Teodor Sigaev, Heikki Linnakangas, Alexander Korotkov, Nikita Glukhov) Improve selection of the most common values for statistics (Jeff Janes, Dean Rasheed) Previously, the most common values (MCVs) were identified based on their frequency compared to all column values. Now, MCVs are chosen based on their frequency compared to the non-MCV values. This improves the robustness of the algorithm for both uniform and non-uniform distributions. Improve selectivity estimates for >= and <= (Tom Lane) Previously, such cases used the same selectivity estimates as > and <, respectively, unless the comparison constants are MCVs. This change is particularly helpful for queries involving BETWEEN with small ranges. Reduce var = var to var IS NOT NULL where equivalent (Tom Lane) This leads to better selectivity estimates. Improve optimizer's row count estimates for EXISTS and NOT EXISTS queries (Tom Lane) Make the optimizer account for evaluation costs and selectivity of HAVING clauses (Tom Lane) Add Just-in-Time (JIT) compilation of some parts of query plans to improve execution speed (Andres Freund) This feature requires LLVM to be available. It is not currently enabled by default, even in builds that support it. Allow bitmap scans to perform index-only scans when possible (Alexander Kuzmenkov) Update the free space map during VACUUM (Claudio Freire) This allows free space to be reused more quickly. Allow VACUUM to avoid unnecessary index scans (Masahiko Sawada, Alexander Korotkov) Improve performance of committing multiple concurrent transactions (Amit Kapila) Reduce memory usage for queries using set-returning functions in their target lists (Andres Freund) Improve the speed of aggregate computations (Andres Freund) Allow postgres_fdw to push UPDATEs and DELETEs using joins to foreign servers (Etsuro Fujita) Previously, only non-join UPDATEs and DELETEs were pushed. Add support for large pages on Windows (Takayuki Tsunakawa, Thomas Munro) This is controlled by the huge_pages configuration parameter. Show memory usage in output from log_statement_stats, log_parser_stats, log_planner_stats, and log_executor_stats (Justin Pryzby, Peter Eisentraut) Add column pg_stat_activity.backend_type to show the type of a background worker (Peter Eisentraut) The type is also visible in ps output. Make log_autovacuum_min_duration log skipped tables that are concurrently being dropped (Nathan Bossart) Add information_schema columns related to table constraints and triggers (Peter Eisentraut) Specifically, triggers.action_order, triggers.action_reference_old_table, and triggers.action_reference_new_table are now populated, where before they were always null. Also, table_constraints.enforced now exists but is not yet usefully populated. Allow the server to specify more complex LDAP specifications in search+bind mode (Thomas Munro) Specifically, ldapsearchfilter allows pattern matching using combinations of LDAP attributes. Allow LDAP authentication to use encrypted LDAP (Thomas Munro) We already supported LDAP over TLS by using ldaptls=1. This new TLS LDAP method for encrypted LDAP is enabled with ldapscheme=ldaps or ldapurl=ldaps://. Improve logging of LDAP errors (Thomas Munro) Add default roles that enable file system access (Stephen Frost) Specifically, the new roles are: pg_read_server_files, pg_write_server_files, and pg_execute_server_program. These roles now also control who can use server-side COPY and the file_fdw extension. Previously, only superusers could use these functions, and that is still the default behavior. Allow access to file system functions to be controlled by GRANT/REVOKE permissions, rather than superuser checks (Stephen Frost) Specifically, these functions were modified: pg_ls_dir(), pg_read_file(), pg_read_binary_file(), pg_stat_file(). Use GRANT/REVOKE to control access to lo_import() and lo_export() (Michael Paquier, Tom Lane) Previously, only superusers were granted access to these functions. The compile-time option ALLOW_DANGEROUS_LO_FUNCTIONS has been removed. Use view owner not session owner when preventing non-password access to postgres_fdw tables (Robert Haas) PostgreSQL only allows superusers to access postgres_fdw tables without passwords, e.g. via peer. Previously, the session owner had to be a superuser to allow such access; now the view owner is checked instead. Fix invalid locking permission check in SELECT FOR UPDATE on views (Tom Lane) Add server setting ssl_passphrase_command to allow supplying of the passphrase for SSL key files (Peter Eisentraut) Also add ssl_passphrase_command_supports_reload to specify whether the SSL configuration should be reloaded and ssl_passphrase_command called during a server configuration reload. Add storage parameter toast_tuple_target to control the minimum tuple length before TOAST storage will be considered (Simon Riggs) The default TOAST threshold has not been changed. Allow server options related to memory and file sizes to be specified in units of bytes (Beena Emerson) The new unit suffix is B. This is in addition to the existing units kB, MB, GB and TB. Allow the WAL file size to be set during initdb (Beena Emerson) Previously, the 16MB default could only be changed at compile time. Retain WAL data for only a single checkpoint (Simon Riggs) Previously, WAL was retained for two checkpoints. Fill the unused portion of force-switched WAL segment files with zeros for improved compressibility (Chapman Flack) Replicate TRUNCATE activity when using logical replication (Simon Riggs, Marco Nenciarini, Peter Eisentraut) Pass prepared transaction information to logical replication subscribers (Nikhil Sontakke, Stas Kelvich) Exclude unlogged tables, temporary tables, and pg_internal.init files from streaming base backups (David Steele) There is no need to copy such files. Allow checksums of heap pages to be verified during streaming base backup (Michael Banck) Allow replication slots to be advanced programmatically, rather than be consumed by subscribers (Petr Jelinek) This allows efficient advancement of replication slots when the contents do not need to be consumed. This is performed by pg_replication_slot_advance(). Add timeline information to the backup_label file (Michael Paquier) Also add a check that the WAL timeline matches the backup_label file's timeline. Add host and port connection information to the pg_stat_wal_receiver system view (Haribabu Kommi) Allow ALTER TABLE to add a column with a non-null default without doing a table rewrite (Andrew Dunstan, Serge Rielau) This is enabled when the default value is a constant. Allow views to be locked by locking the underlying tables (Yugo Nagata) Allow ALTER INDEX to set statistics-gathering targets for expression indexes (Alexander Korotkov, Adrien Nayrat) In psql, \d+ now shows the statistics target for indexes. Allow multiple tables to be specified in one VACUUM or ANALYZE command (Nathan Bossart) Also, if any table mentioned in VACUUM uses a column list, then the ANALYZE keyword must be supplied; previously, ANALYZE was implied in such cases. Add parenthesized options syntax to ANALYZE (Nathan Bossart) This is similar to the syntax supported by VACUUM. Add CREATE AGGREGATE option to specify the behavior of the aggregate's finalization function (Tom Lane) This is helpful for allowing user-defined aggregate functions to be optimized and to work as window functions. Allow the creation of arrays of domains (Tom Lane) This also allows array_agg() to be used on domains. Support domains over composite types (Tom Lane) Also allow PL/Perl, PL/Python, and PL/Tcl to handle composite-domain function arguments and results. Also improve PL/Python domain handling. Add casts from JSONB scalars to numeric and boolean data types (Anastasia Lubennikova) Add all window function framing options specified by SQL:2011 (Oliver Ford, Tom Lane) Specifically, allow RANGE mode to use PRECEDING and FOLLOWING to select rows having grouping values within plus or minus the specified offset. Add GROUPS mode to include plus or minus the number of peer groups. Frame exclusion syntax was also added. Add SHA-2 family of hash functions (Peter Eisentraut) Specifically, sha224(), sha256(), sha384(), sha512() were added. Add support for 64-bit non-cryptographic hash functions (Robert Haas, Amul Sul) Allow to_char() and to_timestamp() to specify the time zone's offset from UTC in hours and minutes (Nikita Glukhov, Andrew Dunstan) This is done with format specifications TZH and TZM. Add text search function websearch_to_tsquery() that supports a query syntax similar to that used by web search engines (Victor Drobny, Dmitry Ivanov) Add functions json(b)_to_tsvector() to create a text search query for matching JSON/JSONB values (Dmitry Dolgov) Add SQL-level procedures, which can start and commit their own transactions (Peter Eisentraut) They are created with the new CREATE PROCEDURE command and invoked via CALL. The new ALTER/DROP ROUTINE commands allow altering/dropping of all routine-like objects, including procedures, functions, and aggregates. Also, writing FUNCTION is now preferred over writing PROCEDURE in CREATE OPERATOR and CREATE TRIGGER, because the referenced object must be a function not a procedure. However, the old syntax is still accepted for compatibility. Add transaction control to PL/pgSQL, PL/Perl, PL/Python, PL/Tcl, and SPI server-side languages (Peter Eisentraut) Transaction control is only available within top-transaction-level procedures and nested DO and CALL blocks that only contain other DO and CALL blocks. Add the ability to define PL/pgSQL composite-type variables as not null, constant, or with initial values (Tom Lane) Allow PL/pgSQL to handle changes to composite types (e.g. record, row) that happen between the first and later function executions in the same session (Tom Lane) Previously, such circumstances generated errors. Add extension jsonb_plpython to transform JSONB to/from PL/Python types (Anthony Bykov) Add extension jsonb_plperl to transform JSONB to/from PL/Perl types (Anthony Bykov) Change libpq to disable compression by default (Peter Eisentraut) Compression is already disabled in modern OpenSSL versions, so that the libpq setting had no effect with such libraries. Add DO CONTINUE option to ecpg's WHENEVER statement (Vinayak Pokale) This generates a C continue statement, causing a return to the top of the contained loop when the specified condition occurs. Add an ecpg mode to enable Oracle Pro*C-style handling of char arrays. This mode is enabled with -C. Add psql command \gdesc to display the names and types of the columns in a query result (Pavel Stehule) Add psql variables to report query activity and errors (Fabien Coelho) Specifically, the new variables are ERROR, SQLSTATE, ROW_COUNT, LAST_ERROR_MESSAGE, and LAST_ERROR_SQLSTATE. Allow psql to test for the existence of a variable (Fabien Coelho) Specifically, the syntax :{?variable_name} allows a variable's existence to be tested in an \if statement. Allow environment variable PSQL_PAGER to control psql's pager (Pavel Stehule) This allows psql's default pager to be specified as a separate environment variable from the pager for other applications. PAGER is still honored if PSQL_PAGER is not set. Make psql's \d+ command always show the table's partitioning information (Amit Langote, Ashutosh Bapat) Previously, partition information would not be displayed for a partitioned table if it had no partitions. Also indicate which partitions are themselves partitioned. Ensure that psql reports the proper user name when prompting for a password (Tom Lane) Previously, combinations of -U and a user name embedded in a URI caused incorrect reporting. Also suppress the user name before the password prompt when --password is specified. Allow quit and exit to exit psql when given with no prior input (Bruce Momjian) Also print hints about how to exit when quit and exit are used alone on a line while the input buffer is not empty. Add a similar hint for help. Make psql hint at using control-D when \q is entered alone on a line but ignored (Bruce Momjian) For example, \q does not exit when supplied in character strings. Improve tab completion for ALTER INDEX RESET/SET (Masahiko Sawada) Add infrastructure to allow psql to adapt its tab completion queries based on the server version (Tom Lane) Previously, tab completion queries could fail against older servers. Add pgbench expression support for NULLs, booleans, and some functions and operators (Fabien Coelho) Add \if conditional support to pgbench (Fabien Coelho) Allow the use of non-ASCII characters in pgbench variable names (Fabien Coelho) Add pgbench option --init-steps to control the initialization steps performed (Masahiko Sawada) Add an approximately Zipfian-distributed random generator to pgbench (Alik Khilazhev) Allow the random seed to be set in pgbench (Fabien Coelho) Allow pgbench to do exponentiation with pow() and power() (Raúl Marín Rodríguez) Add hashing functions to pgbench (Ildar Musin) Make pgbench statistics more accurate when using --latency-limit and --rate (Fabien Coelho) Add an option to pg_basebackup that creates a named replication slot (Michael Banck) The option --create-slot creates the named replication slot (--slot) when the WAL streaming method (--wal-method=stream) is used. Allow initdb to set group read access to the data directory (David Steele) This is accomplished with the new initdb option --allow-group-access. Administrators can also set group permissions on the empty data directory before running initdb. Server variable data_directory_mode allows reading of data directory group permissions. Add pg_verify_checksums tool to verify database checksums while offline (Magnus Hagander) Allow pg_resetwal to change the WAL segment size via --wal-segsize (Nathan Bossart) Add long options to pg_resetwal and pg_controldata (Nathan Bossart, Peter Eisentraut) Add pg_receivewal option --no-sync to prevent synchronous WAL writes, for testing (Michael Paquier) Add pg_receivewal option --endpos to specify when WAL receiving should stop (Michael Paquier) Allow pg_ctl to send the SIGKILL signal to processes (Andres Freund) This was previously unsupported due to concerns over possible misuse. Reduce the number of files copied by pg_rewind (Michael Paquier) Prevent pg_rewind from running as root (Michael Paquier) Add pg_dumpall option --encoding to control output encoding (Michael Paquier) pg_dump already had this option. Add pg_dump option --load-via-partition-root to force loading of data into the partition's root table, rather than the original partition (Rushabh Lathia) This is useful if the system to be loaded to has different collation definitions or endianness, possibly requiring rows to be stored in different partitions than previously. Add an option to suppress dumping and restoring database object comments (Robins Tharakan) The new pg_dump, pg_dumpall, and pg_restore option is --no-comments. Add PGXS support for installing include files (Andrew Gierth) This supports creating extension modules that depend on other modules. Formerly there was no easy way for the dependent module to find the referenced one's include files. Several existing contrib modules that define data types have been adjusted to install relevant files. Also, PL/Perl and PL/Python now install their include files, to support creation of transform modules for those languages. Install errcodes.txt to allow extensions to access the list of error codes known to PostgreSQL (Thomas Munro) Convert documentation to DocBook XML (Peter Eisentraut, Alexander Lakhin, Jürgen Purtz) The file names still use an sgml extension for compatibility with back branches. Use stdbool.h to define type bool on platforms where it's suitable, which is most (Peter Eisentraut) This eliminates a coding hazard for extension modules that need to include stdbool.h. Overhaul the way that initial system catalog contents are defined (John Naylor) The initial data is now represented in Perl data structures, making it much easier to manipulate mechanically. Prevent extensions from creating custom server parameters that take a quoted list of values (Tom Lane) This cannot be supported at present because knowledge of the parameter's property would be required even before the extension is loaded. Add ability to use channel binding when using SCRAM authentication (Michael Paquier) Channel binding is intended to prevent man-in-the-middle attacks, but SCRAM cannot prevent them unless it can be forced to be active. Unfortunately, there is no way to do that in libpq. Support for it is expected in future versions of libpq and in interfaces not built using libpq, e.g. JDBC. Allow background workers to attach to databases that normally disallow connections (Magnus Hagander) Add support for hardware CRC calculations on ARMv8 (Yuqi Gu, Heikki Linnakangas, Thomas Munro) Speed up lookups of built-in functions by OID (Andres Freund) The previous binary search has been replaced by a lookup array. Speed up construction of query results (Andres Freund) Improve speed of access to system caches (Andres Freund) Add a generational memory allocator which is optimized for serial allocation/deallocation (Tomas Vondra) This reduces memory usage for logical decoding. Make the computation of pg_class.reltuples by VACUUM consistent with its computation by ANALYZE (Tomas Vondra) Update to use perltidy version 20170521 (Tom Lane, Peter Eisentraut) Allow extension pg_prewarm to restore the previous shared buffer contents on startup (Mithun Cy, Robert Haas) This is accomplished by having pg_prewarm store the shared buffers' relation and block number data to disk occasionally during server operation, and at shutdown. Add pg_trgm function strict_word_similarity() to compute the similarity of whole words (Alexander Korotkov) The function word_similarity() already existed for this purpose, but it was designed to find similar parts of words, while strict_word_similarity() computes the similarity to whole words. Allow btree_gin to index bool, bpchar, name and uuid data types (Matheus Oliveira) Allow cube and seg extensions to perform index-only scans using GiST indexes (Andrey Borodin) Allow retrieval of negative cube coordinates using the ~> operator (Alexander Korotkov) This is useful for KNN-GiST searches when looking for coordinates in descending order. Add Vietnamese letter handling to the unaccent extension (Dang Minh Huong, Michael Paquier) Enhance amcheck to check that each heap tuple has an index entry (Peter Geoghegan) Have adminpack use the new default file system access roles (Stephen Frost) Previously, only superusers could call adminpack functions; now role permissions are checked. Widen pg_stat_statement's query ID to 64 bits (Robert Haas) This greatly reduces the chance of query ID hash collisions. The query ID can now potentially display as a negative value. Remove the contrib/start-scripts/osx scripts since they are no longer recommended (use contrib/start-scripts/macos instead) (Tom Lane) Remove the chkpass extension (Peter Eisentraut) This extension is no longer considered to be a usable security tool or example of how to write an extension. The following individuals (in alphabetical order) have contributed to this release as patch authors, committers, reviewers, testers, or reporters of issues. Abhijit Menon-Sen Adam Bielanski Adam Brightwell Adam Brusselback Aditya Toshniwal Adrián Escoms Adrien Nayrat Akos Vandra Aleksander Alekseev Aleksandr Parfenov Alexander Korotkov Alexander Kukushkin Alexander Kuzmenkov Alexander Lakhin Alexandre Garcia Alexey Bashtanov Alexey Chernyshov Alexey Kryuchkov Alik Khilazhev Álvaro Herrera Amit Kapila Amit Khandekar Amit Langote Amul Sul Anastasia Lubennikova Andreas Joseph Krogh Andreas Karlsson Andreas Seltenreich André Hänsel Andrei Gorita Andres Freund Andrew Dunstan Andrew Fletcher Andrew Gierth Andrew Grossman Andrew Krasichkov Andrey Borodin Andrey Lizenko Andy Abelisto Anthony Bykov Antoine Scemama Anton Dignös Antonin Houska Arseniy Sharoglazov Arseny Sher Arthur Zakirov Ashutosh Bapat Ashutosh Sharma Ashwin Agrawal Asim Praveen Atsushi Torikoshi Badrul Chowdhury Balazs Szilfai Basil Bourque Beena Emerson Ben Chobot Benjamin Coutu Bernd Helmle Blaz Merela Brad DeJong Brent Dearth Brian Cloutier Bruce Momjian Catalin Iacob Chad Trabant Chapman Flack Christian Duta Christian Ullrich Christoph Berg Christoph Dreis Christophe Courtois Christopher Jones Claudio Freire Clayton Salem Craig Ringer Dagfinn Ilmari Mannsåker Dan Vianello Dan Watson Dang Minh Huong Daniel Gustafsson Daniel Vérité Daniel Westermann Daniel Wood Darafei Praliaskouski Dave Cramer Dave Page David Binderman David Carlier David Fetter David G. Johnston David Gould David Hinkle David Pereiro Lagares David Rader David Rowley David Steele Davy Machado Dean Rasheed Dian Fay Dilip Kumar Dmitriy Sarafannikov Dmitry Dolgov Dmitry Ivanov Dmitry Shalashov Don Seiler Doug Doole Doug Rady Edmund Horner Eiji Seki Elvis Pranskevichus Emre Hasegeli Erik Rijkers Erwin Brandstetter Etsuro Fujita Euler Taveira Everaldo Canuto Fabien Coelho Fabrízio de Royes Mello Feike Steenbergen Frits Jalvingh Fujii Masao Gao Zengqi Gianni Ciolli Greg Stark Gunnlaugur Thor Briem Guo Xiang Tan Hadi Moshayedi Hailong Li Haribabu Kommi Heath Lord Heikki Linnakangas Hugo Mercier Igor Korot Igor Neyman Ildar Musin Ildus Kurbangaliev Ioseph Kim Jacob Champion Jaime Casanova Jakob Egger Jean-Pierre Pelletier Jeevan Chalke Jeevan Ladhe Jeff Davis Jeff Janes Jeremy Evans Jeremy Finzel Jeremy Schneider Jesper Pedersen Jim Nasby Jimmy Yih Jing Wang Jobin Augustine Joe Conway John Gorman John Naylor Jon Nelson Jon Wolski Jonathan Allen Jonathan S. Katz Julien Rouhaud Jürgen Purtz Justin Pryzby KaiGai Kohei Kaiting Chen Karl Lehenbauer Keith Fiske Kevin Bloch Kha Nguyen Kim Rose Carlsen Konstantin Knizhnik Kuntal Ghosh Kyle Samson Kyotaro Horiguchi Lætitia Avrot Lars Kanis Laurenz Albe Leonardo Cecchi Liudmila Mantrova Lixian Zou Lloyd Albin Luca Ferrari Lucas Fairchild Lukas Eder Lukas Fittl Magnus Hagander Mai Peng Maksim Milyutin Maksym Boguk Mansur Galiev Marc Dilger Marco Nenciarini Marina Polyakova Mario de Frutos Dieguez Mark Cave-Ayland Mark Dilger Mark Wood Marko Tiikkaja Markus Winand Martín Marqués Masahiko Sawada Matheus Oliveira Matthew Stickney Metin Doslu Michael Banck Michael Meskes Michael Paquier Michail Nikolaev Mike Blackwell Minh-Quan Tran Mithun Cy Morgan Owens Nathan Bossart Nathan Wagner Neil Conway Nick Barnes Nicolas Thauvin Nikhil Sontakke Nikita Glukhov Nikolay Shaplov Noah Misch Noriyoshi Shinoda Oleg Bartunov Oleg Samoilov Oliver Ford Pan Bian Pascal Legrand Patrick Hemmer Patrick Krecker Paul Bonaud Paul Guo Paul Ramsey Pavan Deolasee Pavan Maddamsetti Pavel Golub Pavel Stehule Peter Eisentraut Peter Geoghegan Petr Jelínek Petru-Florin Mihancea Phil Florent Philippe Beaudoin Pierre Ducroquet Piotr Stefaniak Prabhat Sahu Pu Qun QL Zhuo Rafia Sabih Rahila Syed Rainer Orth Rajkumar Raghuwanshi Raúl Marín Rodríguez Regina Obe Richard Yen Robert Haas Robins Tharakan Rod Taylor Rushabh Lathia Ryan Murphy Sahap Asci Samuel Horwitz Scott Ure Sean Johnston Shao Bret Shay Rojansky Shubham Barai Simon Riggs Simone Gotti Sivasubramanian Ramasubramanian Stas Kelvich Stefan Kaltenbrunner Stephen Froehlich Stephen Frost Steve Singer Steven Winfield Sven Kunze Taiki Kondo Takayuki Tsunakawa Takeshi Ideriha Tatsuo Ishii Tatsuro Yamada Teodor Sigaev Thom Brown Thomas Kellerer Thomas Munro Thomas Reiss Tobias Bussmann Todd A. Cook Tom Kazimiers Tom Lane Tomas Vondra Tomonari Katsumata Torsten Grust Tushar Ahuja Vaishnavi Prabakaran Vasundhar Boddapati Victor Drobny Victor Wagner Victor Yegorov Vik Fearing Vinayak Pokale Vincent Lachenal Vitaliy Garnashevich Vitaly Burovoy Vladimir Baranoff Xin Zhang Yi Wen Wong Yorick Peterse Yugo Nagata Yuqi Gu Yura Sokolov Yves Goergen Zhou Digoal