Jump to:
Add missing permissions checks for ALTER ... DEPENDS ON EXTENSION
(Álvaro Herrera)
Marking an object as dependent on an extension did not have any privilege check whatsoever. This oversight allowed any user to mark routines, triggers, materialized views, or indexes as droppable by anyone able to drop an extension. Require that the calling user own the specified object (and hence have privilege to drop it). (CVE-2020-1720)
Allow the planner to apply potentially-leaky tests to child-table statistics, if the user can read the corresponding column of the table that's actually named in the query (Dilip Kumar, Amit Langote)
This change fixes a performance problem for partitioned tables that was created by the fix for CVE-2017-7484. That security fix disallowed applying leaky operators to statistics for columns that the current user doesn't have permission to read directly. However, it's somewhat common to grant permissions only on the parent partitioned table and not bother to do so on individual partitions. In such cases, the user can read the column via the parent, so there's no point in this security restriction; it only results in poorer planner estimates than necessary.
Set a secure search_path
in logical replication walsenders and apply workers (Noah Misch)
A malicious user of either the publisher or subscriber database could potentially cause execution of arbitrary SQL code by the role running replication, which is often a superuser. Some of the risks here are equivalent to those described in CVE-2018-1058, and are mitigated in this patch by ensuring that the replication sender and receiver execute with empty search_path
settings. (As with CVE-2018-1058, that change might cause problems for under-qualified names used in replicated tables' DDL.) Other risks are inherent in replicating objects that belong to untrusted roles; the most we can do is document that there is a hazard to consider. (CVE-2020-14349)
Make contrib modules' installation scripts more secure (Tom Lane)
Attacks similar to those described in CVE-2018-1058 could be carried out against an extension installation script, if the attacker can create objects in either the extension's target schema or the schema of some prerequisite extension. Since extensions often require superuser privilege to install, this can open a path to obtaining superuser privilege. To mitigate this risk, be more careful about the search_path
used to run an installation script; disable check_function_bodies
within the script; and fix catalog-adjustment queries used in some contrib modules to ensure they are secure. Also provide documentation to help third-party extension authors make their installation scripts secure. This is not a complete solution; extensions that depend on other extensions can still be at risk if installed carelessly. (CVE-2020-14350)
Config parameter: | Default value: |
---|---|
wal_keep_segments | 0 |
Config parameter: | Default value: |
---|---|
autovacuum_vacuum_insert_scale_factor | 0.2 |
autovacuum_vacuum_insert_threshold | 1000 |
backtrace_functions | |
enable_incremental_sort | on |
hash_mem_multiplier | 1 |
ignore_invalid_pages | off |
log_min_duration_sample | -1 |
log_parameter_max_length | -1 |
log_parameter_max_length_on_error | 0 |
log_statement_sample_rate | 1 |
logical_decoding_work_mem | 65536 |
maintenance_io_concurrency | 10 |
max_slot_wal_keep_size | -1 |
wal_keep_size | 0 |
wal_receiver_create_temp_slot | off |
wal_skip_threshold | 2048 |
Config parameter: | Default value in Pg 12: | Default value in Pg 13: |
---|---|---|
ssl_min_protocol_version | TLSv1 | TLSv1.2 |
⇑ Upgrade to 12.1 released on 2019-11-14 - docs
Fix crash when ALTER TABLE
adds a column without a default value along with making other changes that require a table rewrite (Andres Freund)
Fix lock handling in REINDEX CONCURRENTLY
(Michael Paquier)
REINDEX CONCURRENTLY
neglected to take a session-level lock on the new index version, potentially allowing other sessions to manipulate it too soon. Also, a query-cancel or session-termination interrupt arriving at the wrong time could result in failure to release the session-level locks that REINDEX CONCURRENTLY
does hold.
Avoid crash due to race condition when reporting the progress of a CREATE INDEX CONCURRENTLY
or REINDEX CONCURRENTLY
command (Álvaro Herrera)
Avoid creating duplicate dependency entries during REINDEX CONCURRENTLY
(Michael Paquier)
This bug resulted in bloat in pg_depend
, but no worse consequences than that.
Prevent VACUUM
from trying to freeze an old multixact ID involving a still-running transaction (Nathan Bossart, Jeremy Schneider)
This case would lead to VACUUM
failing until the old transaction terminates.
Fix “wrong type of slot” error when trying to CLUSTER
on an expression index (Andres Freund)
SET CONSTRAINTS ... DEFERRED
failed on partitioned tables, incorrectly complaining about lack of triggers (Álvaro Herrera)
Fix failure when creating indexes for a partition, if the parent partitioned table contains any dropped columns (Michael Paquier)
Fix dropping of indexed columns in partitioned tables (Amit Langote, Michael Paquier)
Previously this might fail with an error message complaining about the dependencies of the indexes. It should automatically drop the indexes, instead.
Ensure that a partition index can be dropped after a failure to reindex it concurrently (Michael Paquier)
The index's pg_class
.relispartition
flag was left in the wrong state in such a case, causing DROP INDEX
to fail.
Fix handling of equivalence class members for partition-wise joins (Amit Langote)
This oversight could lead either to failure to use a feasible partition-wise join plan, or to a “could not find pathkey item to sort” planner failure.
Ensure that offset expressions in WINDOW
clauses are processed when a query's expressions are manipulated (Andrew Gierth)
This oversight could result in assorted failures when the offsets are nontrivial expressions. One example is that a function parameter reference in such an expression would fail if the function was inlined.
Avoid postmaster failure if a parallel query requests a background worker when no postmaster child process array slots remain free (Tom Lane)
Fix crash triggered by an EvalPlanQual recheck on a table with a BEFORE UPDATE
trigger (Andres Freund)
Fix “unexpected relkind” error when a query tries to access a TOAST table (John Hsu, Michael Paquier, Tom Lane)
The error should say that permission is denied, but this case got broken during code refactoring.
Provide a relevant error context line when an error occurs while setting GUC parameters during parallel worker startup (Thomas Munro)
Ensure that fsync()
is applied only to files that are opened read/write (Andres Freund, Michael Paquier)
Some code paths tried to do this after opening a file read-only, but on some platforms that causes “bad file descriptor” or similar errors.
Allow encoding conversion to succeed on longer strings than before (Álvaro Herrera, Tom Lane)
Previously, there was a hard limit of 0.25GB on the input string, but now it will work as long as the converted output is not over 1GB.
Avoid creating unnecessarily-bulky tuple stores for window functions (Andrew Gierth)
In some cases the tuple storage would include all columns of the source table(s), not just the ones that are needed by the query.
Allow repalloc()
to give back space when a large chunk is reduced in size (Tom Lane)
Ensure that temporary WAL and history files are removed at the end of archive recovery (Sawada Masahiko)
Avoid failure in archive recovery if recovery_min_apply_delay
is enabled (Fujii Masao)
recovery_min_apply_delay
is not typically used in this configuration, but it should work.
Ignore restore_command
, recovery_end_command
, and recovery_min_apply_delay
settings during crash recovery (Fujii Masao)
Now that these settings can be specified in postgresql.conf
, they could be turned on during crash recovery, but honoring them then is undesirable. Ignore these settings until crash recovery is complete.
Fix logical replication failure when publisher and subscriber have different ideas about a table's replica identity columns (Jehan-Guillaume de Rorthais, Peter Eisentraut)
Declaring a column as part of the replica identity on the subscriber, when it does not exist at all on the publisher, led to “negative bitmapset member not allowed” errors.
Avoid unwanted delay during shutdown of a logical replication walsender (Craig Ringer, Álvaro Herrera)
Fix timeout handling in logical replication walreceiver processes (Julien Rouhaud)
Erroneous logic prevented wal_receiver_timeout
from working in logical replication deployments.
Correctly time-stamp replication messages for logical decoding (Jeff Janes)
This oversight resulted, for example, in pg_stat_subscription
.last_msg_send_time
usually reading as NULL.
Fix race condition during backend exit, when the backend process has previously waited for synchronous replication to occur (Dongming Liu)
Avoid logging complaints about abandoned connections when using PAM authentication (Tom Lane)
libpq-based clients will typically make two connection attempts when a password is required, since they don't prompt their user for a password until their first connection attempt fails. Therefore the server is coded not to generate useless log spam when a client closes the connection upon being asked for a password. However, the PAM authentication code hadn't gotten that memo, and would generate several messages about a phantom authentication failure.
Fix misbehavior of bitshiftright()
(Tom Lane)
The bitstring right shift operator failed to zero out padding space that exists in the last byte of the result when the bitstring length is not a multiple of 8. While invisible to most operations, any nonzero bits there would result in unexpected comparison behavior, since bitstring comparisons don't bother to ignore the extra bits, expecting them to always be zero.
If you have inconsistent data as a result of saving the output of bitshiftright()
in a table, it's possible to fix it with something like
UPDATE mytab SET bitcol = ~(~bitcol) WHERE bitcol != ~(~bitcol);
Fix result of text position()
function (also known as strpos()
) for an empty search string (Tom Lane)
Historically, and per the SQL standard, the result should be one in such cases, but 12.0 returned zero.
Fix detection of edge-case integer overflow in interval multiplication (Yuya Watari)
Avoid crashes if ispell
text search dictionaries contain wrong affix data (Arthur Zakirov)
Avoid memory leak while vacuuming a GiST index (Dilip Kumar)
On Windows, recognize additional spellings of the “Norwegian (Bokmål)” locale name (Tom Lane)
Fix libpq to allow trailing whitespace in the string values of integer parameters (Michael Paquier)
Version 12 tightened libpq's validation of integer parameters, but disallowing trailing whitespace seems undesirable.
In libpq, correctly report CONNECTION_BAD
connection status after a failure caused by a syntactically invalid connect_timeout
parameter value (Lars Kanis)
Avoid compile failure if an ECPG client includes ecpglib.h
while having ENABLE_NLS
defined (Tom Lane)
This risk was created by a misplaced declaration: ecpg_gettext()
should not be visible to client code.
Fix scheduling of parallel restore of a foreign key constraint on a partitioned table (Álvaro Herrera)
pg_dump failed to emit full dependency information for partitioned tables' foreign keys. This could allow parallel pg_restore to try to recreate a foreign key constraint too soon.
In pg_dump, ensure stable output order for similarly-named triggers and row-level-security policy objects (Benjie Gillam)
Previously, if two triggers on different tables had the same names, they would be sorted in OID-based order, which is less desirable than sorting them by table name. Likewise for RLS policies.
In pg_upgrade, reject tables with columns of type sql_identifier
, as that has changed representation in version 12 (Tomas Vondra)
Improve pg_upgrade's checks for the use of a data type that has changed representation, such as line
(Tomas Vondra)
The previous coding could be fooled by cases where the data type of interest underlies a stored column of a domain or composite type.
In pg_rewind with the --dry-run
option, avoid updating pg_control
(Alexey Kondratov)
This could lead to failures in subsequent pg_rewind attempts.
Fix failure in pg_waldump with the -s
option, when a continuation WAL record ends exactly at a page boundary (Andrey Lepikhov)
In pg_waldump with the --bkp-details
option, avoid emitting extra newlines for WAL records involving full-page writes (Andres Freund)
Fix small memory leak in pg_waldump (Andres Freund)
Put back pqsignal()
as an exported libpq symbol (Tom Lane)
This function was removed on the grounds that no clients should be using it, but that turns out to break usage of current libpq with very old versions of psql, and perhaps other applications.
Fix configure's test for presence of libperl so that it works on recent Red Hat releases (Tom Lane)
Previously, it could fail if the user sets CFLAGS
to -O0
.
Ensure correct code generation for spinlocks on PowerPC (Noah Misch)
The previous spinlock coding allowed the compiler to select register zero for use with an assembly instruction that does not accept that register, causing a build failure. We have seen only one long-ago report that matches this bug, but it could cause problems for people trying to build modified PostgreSQL code or use atypical compiler options.
On AIX, don't use the compiler option -qsrcmsg
(Noah Misch)
This avoids an internal compiler error with xlc v16.1.0, with little consequence other than changing the format of compiler error messages.
Fix MSVC build process to cope with spaces in the file path of OpenSSL (Andrew Dunstan)
⇑ Upgrade to 12.2 released on 2020-02-13 - docs
Add missing permissions checks for ALTER ... DEPENDS ON EXTENSION
(Álvaro Herrera)
Marking an object as dependent on an extension did not have any privilege check whatsoever. This oversight allowed any user to mark routines, triggers, materialized views, or indexes as droppable by anyone able to drop an extension. Require that the calling user own the specified object (and hence have privilege to drop it). (CVE-2020-1720)
Fix TRUNCATE ... CASCADE
to ensure all relevant partitions are truncated (Jehan-Guillaume de Rorthais)
If a partition of a partitioned table is truncated with the CASCADE
option, and the partitioned table has a foreign-key reference from another table, that table must also be truncated. The need to check this was missed if the referencing table was itself partitioned, possibly allowing rows to survive that violate the foreign-key constraint.
Hence, if you have foreign key constraints between partitioned tables, and you have done any partition-level TRUNCATE
on the referenced table, you should check to see if any foreign key violations exist. The simplest way is to add a new instance of the foreign key constraint (and, once that succeeds, drop it or the original constraint). That may be prohibitive from a locking standpoint, however, in which case you might prefer to manually query for unmatched rows.
Fix failure to attach foreign key constraints to sub-partitions (Jehan-Guillaume de Rorthais)
When adding a partition to a level below the first level of a multi-level partitioned table, foreign key constraints referencing the top partitioned table were not cloned to the new partition, leading to possible constraint violations later. Detaching and re-attaching the new partition is the cheapest way to fix this. However, if there are many partitions to be fixed, adding a new instance of the foreign key constraint might be preferable.
Fix possible crash during concurrent update on a partitioned table or inheritance tree (Tom Lane)
Ensure that row triggers on partitioned tables are correctly cloned to sub-partitions when appropriate (Álvaro Herrera)
User-defined triggers (but not triggers for foreign key or deferred unique constraints) might be missed when creating or attaching a partition.
Fix logical replication subscriber code to execute per-column UPDATE
triggers when appropriate (Peter Eisentraut)
Avoid failure in logical decoding when a large transaction must be spilled into many separate temporary files (Amit Khandekar)
Fix possible crash or data corruption when a logical replication subscriber processes a row update (Tom Lane, Tomas Vondra)
This bug caused visible problems only if the subscriber's table contained columns that were not being copied from the publisher and had pass-by-reference data types.
Fix crash in logical replication subscriber after DDL changes on a subscribed relation (Jehan-Guillaume de Rorthais, Vignesh C)
Fix failure in logical replication publisher after a database crash and restart (Vignesh C)
Ensure that the effect of pg_replication_slot_advance()
on a physical replication slot will persist across restarts (Alexey Kondratov, Michael Paquier)
Improve efficiency of logical replication with REPLICA IDENTITY FULL
(Konstantin Knizhnik)
When searching for an existing tuple during an update or delete operation, return the first matching tuple not the last one.
Fix base backup to handle database OIDs larger than INT32_MAX
(Peter Eisentraut)
Ensure parallel plans are always shut down at the correct time (Kyotaro Horiguchi)
This oversight is known to result in “temporary file leak” warnings from multi-batch parallel hash joins.
Prevent premature shutdown of a Gather or GatherMerge plan node that is underneath a Limit node (Amit Kapila)
This avoids failure if such a plan node needs to be scanned more than once, as for instance if it is on the inside of a nestloop.
Improve efficiency of parallel hash join on CPUs with many cores (Gang Deng, Thomas Munro)
Avoid crash in parallel CREATE INDEX
when there are no free dynamic shared memory slots (Thomas Munro)
Fall back to a non-parallel index build, instead.
Avoid memory leak when there are no free dynamic shared memory slots (Thomas Munro)
Ignore the CONCURRENTLY
option when performing an index creation, drop, or rebuild on a temporary table (Michael Paquier, Heikki Linnakangas, Andres Freund)
This avoids strange failures if the temporary table has an ON COMMIT
action. There is no benefit in using CONCURRENTLY
for a temporary table anyway, since other sessions cannot access the table, making the extra processing pointless.
Fix possible failure when resetting expression indexes on temporary tables that are marked ON COMMIT DELETE ROWS
(Tom Lane)
Fix possible crash in BRIN index operations with box
, range
and inet
data types (Heikki Linnakangas)
Fix crash during recursive page split in GiST index build (Heikki Linnakangas)
Fix handling of deleted pages in GIN indexes (Alexander Korotkov)
Avoid possible deadlocks, incorrect updates of a deleted page's state, and failure to traverse through a recently-deleted page.
Fix possible crash with a SubPlan (sub-SELECT
) within a multi-row VALUES
list (Tom Lane)
Fix failure in ALTER TABLE
when a column referenced in a GENERATED
expression has been added or changed in type earlier in the same ALTER
command (Tom Lane)
Fix failure to insert default values for “missing” attributes during tuple conversion (Vik Fearing, Andrew Gierth)
This could result in values incorrectly reading as NULL, when they come from columns that had been added by ALTER TABLE ADD COLUMN
with a constant default.
Fix unlikely panic in the checkpointer process, caused by opening relation segments that might already have been removed (Thomas Munro)
Fix crash after FileClose() failure (Noah Misch)
This issue could only be observed with data_sync_retry
enabled, since otherwise FileClose() failure would be reported as a PANIC.
Fix handling of multiple AFTER ROW
triggers on a foreign table (Etsuro Fujita)
Fix unlikely crash with pass-by-reference aggregate transition states (Andres Freund, Teodor Sigaev)
Improve error reporting in to_date()
and to_timestamp()
(Tom Lane, Álvaro Herrera)
Reports about incorrect month or day names in input strings could truncate the input in the middle of a multi-byte character, leading to an improperly encoded error message that could cause follow-on failures. Truncate at the next whitespace instead.
Fix off-by-one result for EXTRACT(ISOYEAR FROM
for BC dates (Tom Lane)timestamp
)
Ensure that the <>
operator for type char
reports indeterminate-collation errors as such, rather than as “cache lookup failed for collation 0” (Tom Lane)
Avoid treating TID scans as sequential scans (Tatsuhito Kasahara)
A refactoring oversight caused TID scans (selection by CTID) to be counted as sequential scans in the statistics views, and to take whole-table predicate locks as sequential scans do. The latter behavior could cause unnecessary serialization errors in serializable transaction mode.
Avoid stack overflow in information_schema
views when a self-referential view exists in the system catalogs (Tom Lane)
A self-referential view can't work; it will always result in infinite recursion. We handled that situation correctly when trying to execute the view, but not when inquiring whether it is automatically updatable.
Ensure that walsender processes always show NULL for transaction start time in pg_stat_activity
(Álvaro Herrera)
Previously, the xact_start
column would sometimes show the process start time.
Improve performance of hash joins with very large inner relations (Thomas Munro)
Reduce spinlock contention when there are many active walsender processes (Pierre Ducroquet)
Fix placement of “Subplans Removed” field in EXPLAIN
output (Daniel Gustafsson, Tom Lane)
In non-text output formats, this field was emitted inside the “Plans” sub-group, resulting in syntactically invalid output. Attach it to the parent Append or MergeAppend plan node as intended. This causes the field to change position in text output format too: if there are any InitPlans attached to the same plan node, “Subplans Removed” will now appear before those.
Fix EXPLAIN
's SETTINGS
option to print as empty in non-text output formats (Tom Lane)
In the non-text output formats, fields are supposed to appear when requested, even if they have empty or zero values.
Allow the planner to apply potentially-leaky tests to child-table statistics, if the user can read the corresponding column of the table that's actually named in the query (Dilip Kumar, Amit Langote)
This change fixes a performance problem for partitioned tables that was created by the fix for CVE-2017-7484. That security fix disallowed applying leaky operators to statistics for columns that the current user doesn't have permission to read directly. However, it's somewhat common to grant permissions only on the parent partitioned table and not bother to do so on individual partitions. In such cases, the user can read the column via the parent, so there's no point in this security restriction; it only results in poorer planner estimates than necessary.
Fix planner errors induced by overly-aggressive collapsing of joins to single-row subqueries (Tom Lane)
This mistake led to errors such as “failed to construct the join relation”.
Fix “no = operator for opfamily NNNN
” planner error when trying to match a LIKE
or regex pattern-match operator to a binary-compatible index opclass (Tom Lane)
Fix edge-case crashes and misestimations in selectivity calculations for the <@
and @>
range operators (Michael Paquier, Andrey Borodin, Tom Lane)
Fix incorrect estimation for OR
clauses when using most-common-value extended statistics (Tomas Vondra)
Ignore system columns when applying most-common-value extended statistics (Tomas Vondra)
This prevents “negative bitmapset member not allowed” planner errors for affected queries.
Fix BRIN index logic to support hypothetical BRIN indexes (Julien Rouhaud, Heikki Linnakangas)
Previously, if an “index adviser” extension tried to get the planner to produce a plan involving a hypothetical BRIN index, that would fail, because the BRIN cost estimation code would always try to physically access the index's metapage. Now it checks to see if the index is only hypothetical, and uses default assumptions about the index parameters if so.
Improve error reporting for attempts to use automatic updating of views with conditional INSTEAD
rules (Dean Rasheed)
This has never been supported, but previously the error was thrown only at execution time, so that it could be masked by planner errors.
Prevent a composite type from being included in itself indirectly via a range type (Tom Lane, Julien Rouhaud)
Disallow partition key expressions that return pseudo-types, such as record
(Tom Lane)
Fix error reporting for index expressions of prohibited types (Amit Langote)
Fix dumping of views that contain only a VALUES
list to handle cases where a view output column has been renamed (Tom Lane)
Ensure that data types and collations used in XMLTABLE
constructs are accounted for when computing dependencies of a view or rule (Tom Lane)
Previously it was possible to break a view using XMLTABLE
by dropping a type, if the type was not otherwise referenced in the view. This fix does not correct the dependencies already recorded for existing views, only for newly-created ones.
Prevent unwanted downcasing and truncation of RADIUS authentication parameters (Marcos David)
The pg_hba.conf
parser mistakenly treated these fields as SQL identifiers, which in general they aren't.
Transmit incoming NOTIFY
messages to the client before sending ReadyForQuery
, rather than after (Tom Lane)
This change ensures that, with libpq and other client libraries that act similarly to it, any notifications received during a transaction will be available by the time the client thinks the transaction is complete. This probably makes no difference in practical applications (which would need to cope with asynchronous notifications in any case); but it makes it easier to build test cases with reproducible behavior.
Fix bugs in handling of non-blocking I/O when using GSSAPI encryption (Tom Lane)
These errors could result in dropping data (usually leading to subsequent wire-protocol-violation errors) or in a “livelock” situation where a sending process goes to sleep although not all its data has been sent. Moreover, libpq failed to keep separate encryption state for each connection, creating the possibility for failures in applications using multiple encrypted database connections.
Allow libpq to parse all GSS-related connection parameters even when the GSSAPI code hasn't been compiled in (Tom Lane)
This makes the behavior similar to our SSL support, where it was long ago deemed to be a good idea to always accept all the related parameters, even if some are ignored or restricted due to lack of the feature in a particular build.
Fix incorrect handling of %b
and %B
format codes in ecpg's PGTYPEStimestamp_fmt_asc()
function (Tomas Vondra)
Due to an off-by-one error, these codes would print the wrong month name, or possibly crash.
Avoid crash after an out-of-memory failure in ecpglib (Tom Lane)
Fix parallel pg_dump/pg_restore to more gracefully handle failure to create worker processes (Tom Lane)
Prevent possible crash or lockup when attempting to terminate a parallel pg_dump/pg_restore run via a signal (Tom Lane)
In pg_upgrade, look inside arrays and ranges while searching for non-upgradable data types in tables (Tom Lane)
Apply more thorough syntax checking to createuser's --connection-limit
option (Álvaro Herrera)
Cope with changes of the specific type referenced by a PL/pgSQL composite-type variable in more cases (Ashutosh Sharma, Tom Lane)
Dropping and re-creating the composite type referenced by a PL/pgSQL variable could lead to “could not open relation with OID NNNN
” errors.
Avoid crash in postgres_fdw
when trying to send a command like UPDATE remote_tab SET (x,y) = (SELECT ...)
to the remote server (Tom Lane)
In contrib/dict_int
, reject maxlen
settings less than one (Tomas Vondra)
This prevents a possible crash with silly settings for that parameter.
Disallow NULL category values in contrib/tablefunc
's crosstab()
function (Joe Conway)
This case never worked usefully, and it would crash on some platforms.
Fix configure's probe for OpenSSL's SSL_clear_options()
function so that it works with OpenSSL versions before 1.1.0 (Michael Paquier, Daniel Gustafsson)
This problem could lead to failure to set the SSL compression option as desired, when PostgreSQL is built against an old version of OpenSSL.
Mark some timeout and statistics-tracking GUC variables as PGDLLIMPORT
, to allow extensions to access them on Windows (Pascal Legrand)
This applies to idle_in_transaction_session_timeout
, lock_timeout
, statement_timeout
, track_activities
, track_counts
, and track_functions
.
Avoid memory leak in sanity checks for “slab” memory contexts (Tomas Vondra)
This isn't an issue for production builds, since they wouldn't ordinarily have memory context checking enabled; but the leak could be quite severe in a debug build.
Fix multiple statistics entries reported by the LWLock statistics mechanism (Fujii Masao)
The LWLock statistics code (which is not built by default; it requires compiling with -DLWLOCK_STATS
) could report multiple entries for the same LWLock and backend process, as a result of faulty hashtable key creation.
Fix race condition that led to delayed delivery of interprocess signals on Windows (Amit Kapila)
This caused visible timing oddities in NOTIFY
, and perhaps other misbehavior.
Fix handling of a corner-case error result from Windows' ReadFile()
function (Thomas Munro, Juan José Santamaría Flecha)
So far as is known, this oversight just resulted in noisy log messages, not any actual query misbehavior.
On Windows, retry a few times after an ERROR_ACCESS_DENIED
file access failure (Alexander Lakhin, Tom Lane)
This helps cope with cases where a file open attempt fails because the targeted file is flagged for deletion but not yet actually gone. pg_ctl, for example, frequently failed with such an error when probing to see if the postmaster had shut down yet.
On Windows, work around sharing violations for the postmaster's log file when pg_ctl is used to start the postmaster very shortly after it's been stopped, for example by pg_ctl restart
(Alexander Lakhin)
⇑ Upgrade to 12.3 released on 2020-05-14 - docs
Fix possible failure with GENERATED
columns (David Rowley)
If a GENERATED
column's value is an exact copy of another column of the table (and it is a pass-by-reference data type), it was possible to crash or insert corrupted data into the table. While it would be rather pointless for a GENERATED
expression to just duplicate another column, an expression using a function that sometimes returns its input unchanged could create the situation.
Handle inheritance of generated columns better (Peter Eisentraut)
When a table column is inherited during CREATE TABLE ... INHERITS
, disallow changing any generation properties when the parent column is already marked GENERATED
; but allow a child column to be marked GENERATED
when its parent is not.
Fix cross-column references in CREATE TABLE LIKE INCLUDING GENERATED
(Peter Eisentraut)
CREATE TABLE ... LIKE
failed when trying to copy a GENERATED
expression that references a physically-later column.
Propagate ALTER TABLE ... SET STORAGE
to indexes (Peter Eisentraut)
Non-expression index columns have always copied the attstorage
property of their table column at creation. Update them when ALTER TABLE ... SET STORAGE
is done, to maintain consistency.
Preserve the indisclustered
setting of indexes rewritten by ALTER TABLE
(Amit Langote, Justin Pryzby)
Previously, ALTER TABLE
lost track of which index had been used for CLUSTER
.
Preserve the replica identity properties of indexes rewritten by ALTER TABLE
(Quan Zongliang, Peter Eisentraut)
Preserve the indisclustered
setting of indexes rebuilt by REINDEX CONCURRENTLY
(Justin Pryzby)
Lock objects sooner during DROP OWNED BY
(Álvaro Herrera)
This avoids failures in race-condition cases where another session is deleting some of the same objects.
Fix error-case processing for CREATE ROLE ... IN ROLE
(Andrew Gierth)
Some error cases would be reported as “unexpected node type” or the like, instead of the intended message.
Ensure that when a partition is detached, any triggers cloned from its formerly-parent table are removed (Justin Pryzby)
Fix crash when COLLATE
is applied to a non-collatable type in a partition bound expression (Dmitry Dolgov)
Ensure that unique indexes over partitioned tables match the equality semantics of the partitioning key (Guancheng Luo)
This would only be an issue with index opclasses that have unusual notions of equality, but it's wrong in theory, so check.
Ensure that members of the pg_read_all_stats
role can read all statistics views, as expected (Magnus Hagander)
The functions underlying the pg_stat_progress_*
views had not gotten this memo.
Repair performance regression in information_schema
.triggers
view (Tom Lane)
This patch redefines that view so that an outer WHERE
clause constraining the table name can be pushed down into the view, allowing its calculations to be done only for triggers belonging to the table of interest rather than all triggers in the database. In a database with many triggers this would make a significant speed difference for queries of that form. Since things worked that way before v11, this is a potential performance regression. Users who find this to be a problem can fix it by replacing the view definition (or, perhaps, just deleting and reinstalling the whole information_schema
schema).
Repair performance regression in floating point overflow/underflow detection (Emre Hasegeli)
Previous refactoring had resulted in isinf()
being called extra times in some hot code paths.
Fix full text search to handle NOT above a phrase search correctly (Tom Lane)
Queries such as !(foo<->bar)
failed to find matching rows when implemented as a GiST or GIN index search.
Fix full text search for cases where a phrase search includes an item with both prefix matching and a weight restriction (Tom Lane)
Fix ts_headline()
to make better headline selections when working with phrase queries (Tom Lane)
Fix bugs in gin_fuzzy_search_limit
processing (Adé Heyward, Tom Lane)
A small value of gin_fuzzy_search_limit
could result in unexpected slowness due to unintentionally rescanning the same index page many times. Another code path failed to apply the intended filtering at all, possibly returning too many values.
Allow input of type circle
to accept the format “(
” as the documentation says it does (David Zhang)x
,y
),r
Make the get_bit()
and set_bit()
functions cope with bytea
strings longer than 256MB (Movead Li)
Since the bit number argument is only int4
, it's impossible to use these functions to access bits beyond the first 256MB of a long bytea
. We'll widen the argument to int8
in v13, but in the meantime, allow these functions to work on the initial substring of a long bytea
.
Ignore file-not-found errors in pg_ls_waldir()
and allied functions (Tom Lane)
This prevents a race condition failure if a file is removed between when we see its directory entry and when we attempt to stat()
it.
Avoid possibly leaking an open-file descriptor for a directory in pg_ls_dir()
, pg_timezone_names()
, pg_tablespace_databases()
, and allied functions (Justin Pryzby)
Fix polymorphic-function type resolution to correctly infer the actual type of an anyarray
output when given only an anyrange
input (Tom Lane)
Fix server's connection-startup logic for case where a GSSAPI connection is rejected because support is not compiled in, and the client then tries SSL instead (Andrew Gierth)
This led to a bogus “unsupported frontend protocol” failure.
Fix memory leakage during GSSAPI encryption (Tom Lane)
Both the backend and libpq would leak memory equivalent to the total amount of data sent during the session, if GSSAPI encryption is in use.
Fix query-lifespan memory leak for a set-returning function used in a query's FROM
clause (Andres Freund)
Avoid leakage of a hashed subplan's hash tables across multiple executions (Andreas Karlsson, Tom Lane)
This mistake could result in severe memory bloat if a query re-executed a hashed subplan enough times.
Improve planner's handling of no-op domain coercions (Tom Lane)
Fix some cases where a domain coercion that does nothing was not completely removed from expressions.
Avoid unlikely crash when REINDEX
is terminated by a session-shutdown signal (Tom Lane)
Prevent printout of possibly-incorrect hash join table statistics in EXPLAIN
(Konstantin Knizhnik, Tom Lane, Thomas Munro)
Fix reporting of elapsed time for heap truncation steps in VACUUM VERBOSE
(Tatsuhito Kasahara)
Fix possible undercounting of deleted B-tree index pages in VACUUM VERBOSE
output (Peter Geoghegan)
Fix wrong bookkeeping for oldest deleted page in a B-tree index (Peter Geoghegan)
This could cause subtly wrong decisions about when VACUUM
can skip an index cleanup scan; although it appears there may be no significant user-visible effects from that.
Ensure that TimelineHistoryRead and TimelineHistoryWrite wait states are reported in all code paths that read or write timeline history files (Masahiro Ikeda)
Avoid possibly showing “waiting” twice in a process's PS status (Masahiko Sawada)
Avoid race condition when ANALYZE
replaces the catalog tuple for extended statistics data (Dean Rasheed)
Remove ill-considered skip of “redundant” anti-wraparound vacuums (Michael Paquier)
This avoids a corner case where autovacuum could get into a loop of repeatedly trying and then skipping the same vacuum job.
Ensure INCLUDE'd columns are always removed from B-tree pivot tuples (Peter Geoghegan)
This mistake wasted space in some rare cases, but was otherwise harmless.
Cope with invalid TOAST indexes that could be left over after a failed REINDEX CONCURRENTLY
(Julien Rouhaud)
Ensure that valid index dependencies are left behind after a failed REINDEX CONCURRENTLY
(Michael Paquier)
Previously the old index could be left with no pg_depend
links at all, so that for example it would not get dropped if the parent table is dropped.
Avoid failure if autovacuum tries to access a just-dropped temporary schema (Tom Lane)
This hazard only arises if a superuser manually drops a temporary schema; which isn't normal practice, but should work.
Avoid premature recycling of WAL segments during crash recovery (Jehan-Guillaume de Rorthais)
WAL segments that become ready to be archived during crash recovery were potentially recycled without being archived.
Avoid scanning irrelevant timelines during archive recovery (Kyotaro Horiguchi)
This can eliminate many attempts to fetch non-existent WAL files from archive storage, which is helpful if archive access is slow.
Remove bogus “subtransaction logged without previous top-level txn record” error check in logical decoding (Arseny Sher, Amit Kapila)
This condition is legitimately reachable in various scenarios, so remove the check.
Avoid possible failure after a replication slot copy, due to premature removal of WAL data (Masahiko Sawada, Arseny Sher)
Ensure that a replication slot's io_in_progress_lock
is released in failure code paths (Pavan Deolasee)
This could result in a walsender later becoming stuck waiting for the lock.
Ensure that generated columns are correctly handled during updates issued by logical replication (Peter Eisentraut)
Fix race conditions in synchronous standby management (Tom Lane)
During a change in the synchronous_standby_names
setting, there was a window in which wrong decisions could be made about whether it is OK to release transactions that are waiting for synchronous commit. Another hazard for similarly wrong decisions existed if a walsender process exited and was immediately replaced by another.
Add missing SQLSTATE values to a few error reports (Sawada Masahiko)
Fix PL/pgSQL to reliably refuse to execute an event trigger function as a plain function (Tom Lane)
Fix memory leak in libpq when using sslmode=verify-full
(Roman Peshkurov)
Certificate verification during connection startup could leak some memory. This would become an issue if a client process opened many database connections during its lifetime.
Fix ecpg to treat an argument of just “-
” as meaning “read from stdin” on all platforms (Tom Lane)
Fix crash in psql when attempting to re-establish a failed connection (Michael Paquier)
Allow tab-completion of the filename argument to psql's \gx
command (Vik Fearing)
Add pg_dump support for ALTER ... DEPENDS ON EXTENSION
(Álvaro Herrera)
pg_dump previously ignored dependencies added this way, causing them to be forgotten during dump/restore or pg_upgrade.
Fix pg_dump to dump comments on RLS policy objects (Tom Lane)
In pg_dump, postpone restore of event triggers till the end (Fabrízio de Royes Mello, Hamid Akhtar, Tom Lane)
This minimizes the risk that an event trigger could interfere with the restoration of other objects.
Ensure that pg_basebackup generates valid tar files (Robert Haas)
In some cases a partial block of zeroes would be added to the end of the file. While this seems to be harmless with common versions of tar, it's not OK per the POSIX file format spec.
Make pg_checksums skip tablespace subdirectories that belong to a different PostgreSQL major version (Michael Banck, Bernd Helmle)
Such subdirectories don't really belong to our database cluster, and so must not be processed.
Ignore temporary copies of pg_internal.init
in pg_checksums and related programs (Michael Paquier)
Fix quoting of --encoding
, --lc-ctype
and --lc-collate
values in createdb utility (Michael Paquier)
contrib/lo
's lo_manage()
function crashed if called directly rather than as a trigger (Tom Lane)
In contrib/ltree
, protect against overflow of ltree
and lquery
length fields (Nikita Glukhov)
Work around failure in contrib/pageinspect
's bt_metap()
function when an oldest_xact value exceeds 2^31-1 (Peter Geoghegan)
Such XIDs will now be reported as negative integers, which isn't great but it beats throwing an error. v13 will widen the output argument to int8
to provide saner reporting.
Fix cache reference leak in contrib/sepgsql
(Michael Luo)
On Windows, avoid premature creation of postmaster's log file during pg_ctl start
(Alexander Lakhin)
The previous coding could allow the file to be created with permissions that wouldn't allow the postmaster to write on it.
Avoid failures when dealing with Unix-style locale names on Windows (Juan José Santamaría Flecha)
On Windows, set console VT100 compatibility mode in programs that support PG_COLOR
colorization (Juan José Santamaría Flecha)
Without this, the colorization option doesn't actually work.
Stop requiring extra parentheses in ereport()
calls (Andres Freund, Tom Lane)
Use pkg-config, if available, to locate libxml2 during configure (Hugh McMaster, Tom Lane, Peter Eisentraut)
If pkg-config is not present or lacks knowledge of libxml2, we still query xml2-config as before.
This change could break build processes that try to make PostgreSQL use a non-default version of libxml2 by putting that version's xml2-config into the PATH
. Instead, set XML2_CONFIG
to point to the non-default xml2-config. That method will work with either older or newer PostgreSQL releases.
Fix Makefile dependencies for libpq and ecpg (Dagfinn Ilmari Mannsåker)
In MSVC builds, cope with spaces in the path name for Python (Victor Wagner)
In MSVC builds, fix detection of Visual Studio version to work with more language settings (Andrew Dunstan)
In MSVC builds, use -Wno-deprecated
with bison versions newer than 3.0, as non-Windows builds already do (Andrew Dunstan)
Update time zone data files to tzdata release 2020a for DST law changes in Morocco and the Canadian Yukon, plus historical corrections for Shanghai.
The America/Godthab zone has been renamed to America/Nuuk to reflect current English usage; however, the old name remains available as a compatibility link.
Also, update initdb's list of known Windows time zone names to include recent additions, improving the odds that it will correctly translate the system time zone setting on that platform.
⇑ Upgrade to 12.4 released on 2020-08-13 - docs
Set a secure search_path
in logical replication walsenders and apply workers (Noah Misch)
A malicious user of either the publisher or subscriber database could potentially cause execution of arbitrary SQL code by the role running replication, which is often a superuser. Some of the risks here are equivalent to those described in CVE-2018-1058, and are mitigated in this patch by ensuring that the replication sender and receiver execute with empty search_path
settings. (As with CVE-2018-1058, that change might cause problems for under-qualified names used in replicated tables' DDL.) Other risks are inherent in replicating objects that belong to untrusted roles; the most we can do is document that there is a hazard to consider. (CVE-2020-14349)
Make contrib modules' installation scripts more secure (Tom Lane)
Attacks similar to those described in CVE-2018-1058 could be carried out against an extension installation script, if the attacker can create objects in either the extension's target schema or the schema of some prerequisite extension. Since extensions often require superuser privilege to install, this can open a path to obtaining superuser privilege. To mitigate this risk, be more careful about the search_path
used to run an installation script; disable check_function_bodies
within the script; and fix catalog-adjustment queries used in some contrib modules to ensure they are secure. Also provide documentation to help third-party extension authors make their installation scripts secure. This is not a complete solution; extensions that depend on other extensions can still be at risk if installed carelessly. (CVE-2020-14350)
Fix edge cases in partition pruning (Etsuro Fujita, Dmitry Dolgov)
When there are multiple partition key columns, generation of pruning tests could misbehave if some columns had no constraining WHERE
clauses or multiple constraining clauses. This could lead to server crashes, incorrect query results, or assertion failures.
Fix construction of parameterized BitmapAnd and BitmapOr index scans on the inside of partition-wise nestloop joins (Tom Lane)
A plan in which such a scan needed to use a value from the outside of the join would usually crash at execution.
Fix incorrect plan execution when a partitioned table is subject to both static and run-time partition pruning in the same query, and a new partition is added concurrently with the query (Amit Langote, Tom Lane)
In logical replication walsender, fix failure to send feedback messages after sending a keepalive message (Álvaro Herrera)
This is a relatively minor problem when using built-in logical replication, because the built-in walreceiver will send a feedback reply (which clears the incorrect state) fairly frequently anyway. But with some other replication systems, such as pglogical, it causes significant performance issues.
Fix firing of column-specific UPDATE
triggers in logical replication subscribers (Tom Lane)
The code neglected to account for the possibility of column numbers being different between the publisher and subscriber tables, so that if those were indeed different, wrong decisions might be made about which triggers to fire.
Update oldest xmin and LSN values during pg_replication_slot_advance()
(Michael Paquier)
This function previously failed to do that, possibly preventing resource cleanup (such as removal of no-longer-needed WAL segments) after manual advancement of a replication slot.
Fix slow execution of ts_headline()
(Tom Lane)
The phrase-search fix added in our previous set of minor releases could cause ts_headline()
to take unreasonable amounts of time for long documents; to make matters worse, the query was not cancellable within the troublesome loop.
Ensure the repeat()
function can be interrupted by query cancel (Joe Conway)
Fix pg_current_logfile()
to not include a carriage return (\r
) in its result on Windows (Tom Lane)
Ensure that pg_read_file()
and related functions read until EOF is reached (Joe Conway)
Previously, if not given a specific data length to read, these functions would stop at whatever file length was reported by stat()
. That's unhelpful for pipes and other sorts of virtual files.
Forbid numeric NaN
values in jsonpath
computations (Alexander Korotkov)
Neither SQL nor JSON have the concept of NaN
(not-a-number), but the jsonpath
code attempted to allow such values anyway. This necessarily leads to nonstandard behavior, so it seems better to reject such values at the outset.
Handle single Inf
or NaN
inputs correctly in floating-point aggregates (Tom Lane)
The affected aggregates are corr()
, covar_pop()
, regr_intercept()
, regr_r2()
, regr_slope()
, regr_sxx()
, regr_sxy()
, regr_syy()
, stddev_pop()
, and var_pop()
. The correct answer in such cases is NaN
, but an algorithmic change introduced in PostgreSQL v12 had caused these aggregates to produce zero instead.
Fix mis-handling of NaN
inputs during parallel aggregation on numeric
-type columns (Tom Lane)
If some partial aggregation workers found only NaN
s while others found only non-NaN
s, the results were combined incorrectly, possibly leading to the wrong overall result (i.e., not NaN
when it should be).
Reject time-of-day values greater than 24 hours (Tom Lane)
The intention of the datetime input code is to allow “24:00:00” or equivalently “23:59:60”, but no larger value. However, the range check was miscoded so that it would accept “23:59:60.nnn
” with nonzero fractional-second nnn
. In timestamp values this would result in wrapping into the first second of the next day. In time
and timetz
values, the stored value would actually be more than 24 hours, causing dump/reload failures and possibly other misbehavior.
Undo double-quoting of index names in EXPLAIN
's non-text output formats (Tom Lane, Euler Taveira)
Fix EXPLAIN
's accounting for resource usage, particularly buffer accesses, in parallel workers in a plan using Gather Merge
nodes (Jehan-Guillaume de Rorthais)
Fix timing of constraint revalidation in ALTER TABLE
(David Rowley)
If ALTER TABLE
needs to fully rewrite the table's contents (for example, due to change of a column's data type) and also needs to scan the table to re-validate foreign keys or CHECK
constraints, it sometimes did things in the wrong order, leading to odd errors such as “could not read block 0 in file "base/nnnnn/nnnnn": read only 0 of 8192 bytes”.
Fix REINDEX CONCURRENTLY
to preserve the index's replication identity flag (Michael Paquier)
Previously, reindexing a table's replica identity index caused the setting to be lost, preventing old tuple values from being included in future logical-decoding output.
Work around incorrect not-null markings for pg_subscription
.subslotname
and pg_subscription_rel
.srsublsn
(Tom Lane)
The bootstrap catalog data incorrectly marks these two catalog columns as always non-null. There's no easy way to correct that mistake in existing installations (though v13 and later will have the correct markings). The main place that depends on that marking being correct is JIT-enabled tuple deconstruction, so teach it to explicitly ignore the marking for these two columns. Also adjust some C code that accessed srsublsn
without checking to see if it's null; a crash from that is improbable but perhaps not impossible.
Cope with LATERAL
references in restriction clauses attached to an un-flattened sub-SELECT
in the FROM
clause (Tom Lane)
This oversight could result in assertion failures or crashes at query execution.
Use the query-specified collation for operators invoked during selectivity estimation (Tom Lane)
Previously, the collation of the underlying database column was used. But using the query's collation is arguably more correct. More importantly, now that we have nondeterministic collations, there are cases where an operator will fail outright if given a nondeterministic collation. We don't want planning to fail in cases where the query itself would work, so this means that we must use the query's collation when invoking operators for estimation purposes.
Avoid believing that a never-analyzed foreign table has zero tuples (Tom Lane)
This primarily affected the planner's estimate of the number of groups that would be obtained by GROUP BY
.
Remove bogus warning about “leftover placeholder tuple” in BRIN index de-summarization (Álvaro Herrera)
The case can occur legitimately after a cancelled vacuum, so warning about it is overly noisy.
Fix selection of tablespaces for “shared fileset” temporary files (Magnus Hagander, Tom Lane)
If temp_tablespaces
is empty or explicitly names the database's primary tablespace, such files got placed into the pg_default
tablespace rather than the database's primary tablespace as expected.
Fix corner-case error in masking of SP-GiST index pages during WAL consistency checking (Alexander Korotkov)
This could cause false failure reports when wal_consistency_checking
is enabled.
Improve error handling in the server's buffile
module (Thomas Munro)
Fix some cases where I/O errors were indistinguishable from reaching EOF, or were not reported at all. Also add details such as block numbers and byte counts where appropriate.
Fix conflict-checking anomalies in SERIALIZABLE
isolation mode (Peter Geoghegan)
If a concurrently-inserted tuple was updated by a different concurrent transaction, and neither tuple version was visible to the current transaction's snapshot, serialization conflict checking could draw the wrong conclusions about whether the tuple was relevant to the results of the current transaction. This could allow a serializable transaction to commit when it should have failed with a serialization error.
Avoid repeated marking of dead btree index entries as dead (Masahiko Sawada)
While functionally harmless, this led to useless WAL traffic when checksums are enabled or wal_log_hints
is on.
Fix checkpointer process to discard file sync requests when fsync
is off (Heikki Linnakangas)
Such requests are treated as no-ops if fsync
is off, but we forgot to remove them from the checkpointer's table of pending actions. This would lead to bloat of that table, as well as possible assertion failures if fsync
is later re-enabled.
Avoid trouble during cleanup of a non-exclusive backup when JIT compilation has been activated during the backup (Robert Haas)
Fix failure of some code paths to acquire the correct lock before modifying pg_control
(Nathan Bossart, Fujii Masao)
This oversight could allow pg_control
to be written out with an inconsistent checksum, possibly causing trouble later, including inability to restart the database if it crashed before the next pg_control
update.
Fix errors in currtid()
and currtid2()
(Michael Paquier)
These functions (which are undocumented and used only by ancient versions of the ODBC driver) contained coding errors that could result in crashes, or in confusing error messages such as “could not open file” when applied to a relation having no storage.
Avoid calling elog()
or palloc()
while holding a spinlock (Michael Paquier, Tom Lane)
Logic associated with replication slots had several violations of this coding rule. While the odds of trouble are quite low, an error in the called function would lead to a stuck spinlock.
Fix assertion in logical replication subscriber to allow use of REPLICA IDENTITY FULL
(Euler Taveira)
This was just an incorrect assertion, so it has no impact on standard production builds.
Ensure that libpq continues to try to read from the database connection socket after a write failure (Tom Lane)
This is important not only to ensure that we collect any final error message from a dying server process, but because we do not consider the connection lost until we see a read failure. This oversight allowed libpq to continue trying to send COPY
data indefinitely after a mid-transfer loss of connection, rather than reporting failure to the application.
Fix bugs in libpq's management of GSS encryption state (Tom Lane)
A connection using GSS encryption could freeze up when attempting to reset it after a server restart, or when moving on to the next one of a list of candidate servers.
Fix ecpg crash with bytea
and cursor variables (Jehan-Guillaume de Rorthais)
Report out-of-disk-space errors properly in pg_dump and pg_basebackup (Justin Pryzby, Tom Lane, Álvaro Herrera)
Some code paths could produce silly reports like “could not write file: Success”.
Make pg_restore cope with data-offset-less custom-format archive files when it needs to restore data items out of order (David Gilman, Tom Lane)
pg_dump will produce such files if it cannot seek its output (for example, if the output is piped to something). This fix primarily improves the ability to do a parallel restore from such a file.
Fix parallel restore of tables having both table-level privileges and per-column privileges (Tom Lane)
The table-level privilege grants have to be applied first, but a parallel restore did not reliably order them that way; this could lead to “tuple concurrently updated” errors, or to disappearance of some per-column privilege grants. The fix for this is to include dependency links between such entries in the archive file, meaning that a new dump has to be taken with a corrected pg_dump to ensure that the problem will not recur.
Ensure that pg_upgrade runs with vacuum_defer_cleanup_age
set to zero in the target cluster (Bruce Momjian)
If the target cluster's configuration has been modified to set vacuum_defer_cleanup_age
to a nonzero value, that prevented freezing of the system catalogs from working properly, which caused the upgrade to fail in confusing ways. Ensure that any such setting is overridden for the duration of the upgrade.
Fix pg_recvlogical to drain pending messages before exiting (Noah Misch)
Without this, the replication sender might detect a send failure and exit without making the expected final update to the replication slot's LSN position. That led to re-transmitting data after the next connection. It was also possible to miss error messages sent after the last data that pg_recvlogical wants to consume.
Fix pg_rewind's handling of just-deleted files in the source data directory (Justin Pryzby, Michael Paquier)
When working with an on-line source database, concurrent file deletions are possible, but pg_rewind would get confused if deletion happened between seeing a file's directory entry and examining it with stat()
.
Make pg_test_fsync use binary I/O mode on Windows (Michael Paquier)
Previously it wrote the test file in text mode, which is not an accurate reflection of PostgreSQL's actual usage.
Fix contrib/amcheck
to not complain about deleted index pages that are empty (Alexander Korotkov)
This state of affairs is normal during WAL replay.
Fix failure to initialize local state correctly in contrib/dblink
(Joe Conway)
With the right combination of circumstances, this could lead to dblink_close()
issuing an unexpected remote COMMIT
.
Fix contrib/pgcrypto
's misuse of deflate()
(Tom Lane)
The pgp_sym_encrypt
functions could produce incorrect compressed data due to mishandling of zlib's API requirements. We have no reports of this error manifesting with stock zlib, but it can be seen when using IBM's zlibNX implementation.
Fix corner case in decompression logic in contrib/pgcrypto
's pgp_sym_decrypt
functions (Kyotaro Horiguchi, Michael Paquier)
A compressed stream can validly end with an empty packet, but the decompressor failed to handle this and would complain about corrupt data.
Support building our NLS code with Microsoft Visual Studio 2015 or later (Juan José Santamaría Flecha, Davinder Singh, Amit Kapila)
Avoid possible failure of our MSVC install script when there is a file named configure
several levels above the source code tree (Arnold Müller)
This could confuse some logic that looked for configure
to identify the top level of the source tree.
⇑ Upgrade to 13 released on 2020-09-24 - docs
Change SIMILAR TO ... ESCAPE NULL
to return NULL
(Tom Lane)
This new behavior matches the SQL specification. Previously a null ESCAPE
value was taken to mean using the default escape string (a backslash character). This also applies to substring(
. The previous behavior has been retained in old views by keeping the original function unchanged.text
FROM pattern
ESCAPE text
)
Make json[b]_to_tsvector()
fully check the spelling of its string
option (Dominik Czarnota)
Change the way non-default effective_io_concurrency values affect concurrency (Thomas Munro)
Previously, this value was adjusted before setting the number of concurrent requests. The value is now used directly. Conversion of old values to new ones can be done using:
SELECT round(sum(OLDVALUE
/ n::float)) AS newvalue FROM generate_series(1, OLDVALUE
) s(n);
Prevent display of auxiliary processes in pg_stat_ssl and pg_stat_gssapi system views (Euler Taveira)
Queries that join these views to pg_stat_activity and wish to see auxiliary processes will need to use left joins.
Rename various wait events to improve consistency (Fujii Masao, Tom Lane)
Fix ALTER FOREIGN TABLE ... RENAME COLUMN
to return a more appropriate command tag (Fujii Masao)
Previously it returned ALTER TABLE
; now it returns ALTER FOREIGN TABLE
.
Fix ALTER MATERIALIZED VIEW ... RENAME COLUMN
to return a more appropriate command tag (Fujii Masao)
Previously it returned ALTER TABLE
; now it returns ALTER MATERIALIZED VIEW
.
Rename configuration parameter wal_keep_segments
to wal_keep_size (Fujii Masao)
This determines how much WAL to retain for standby servers. It is specified in megabytes, rather than number of files as with the old parameter. If you previously used wal_keep_segments
, the following formula will give you an approximately equivalent setting:
wal_keep_size = wal_keep_segments * wal_segment_size (typically 16MB)
Remove support for defining operator classes using pre-PostgreSQL 8.0 syntax (Daniel Gustafsson)
Remove support for defining foreign key constraints using pre-PostgreSQL 7.3 syntax (Daniel Gustafsson)
Remove support for "opaque" pseudo-types used by pre-PostgreSQL 7.3 servers (Daniel Gustafsson)
Remove support for upgrading unpackaged (pre-9.1) extensions (Tom Lane)
The FROM
option of CREATE EXTENSION
is no longer supported. Any installations still using unpackaged extensions should upgrade them to a packaged version before updating to PostgreSQL 13.
Remove support for posixrules
files in the timezone database (Tom Lane)
IANA's timezone group has deprecated this feature, meaning that it will gradually disappear from systems' timezone databases over the next few years. Rather than have a behavioral change appear unexpectedly with a timezone data update, we have removed PostgreSQL's support for this feature as of version 13. This affects only the behavior of POSIX-style time zone specifications that lack an explicit daylight savings transition rule; formerly the transition rule could be determined by installing a custom posixrules
file, but now it is hard-wired. The recommended fix for any affected installations is to start using a geographical time zone name.
In ltree, when an lquery
pattern contains adjacent asterisks with braces, e.g., *{2}.*{3}
, properly interpret that as *{5}
(Nikita Glukhov)
Fix pageinspect's bt_metap()
to return more appropriate data types that are less likely to overflow (Peter Geoghegan)
Allow pruning of partitions to happen in more cases (Yuzuko Hosoya, Amit Langote, Álvaro Herrera)
Allow partitionwise joins to happen in more cases (Ashutosh Bapat, Etsuro Fujita, Amit Langote, Tom Lane)
For example, partitionwise joins can now happen between partitioned tables even when their partition bounds do not match exactly.
Support row-level BEFORE
triggers on partitioned tables (Álvaro Herrera)
However, such a trigger is not allowed to change which partition is the destination.
Allow partitioned tables to be logically replicated via publications (Amit Langote)
Previously, partitions had to be replicated individually. Now a partitioned table can be published explicitly, causing all its partitions to be published automatically. Addition/removal of a partition causes it to be likewise added to or removed from the publication. The CREATE PUBLICATION
option publish_via_partition_root
controls whether changes to partitions are published as their own changes or their parent's.
Allow logical replication into partitioned tables on subscribers (Amit Langote)
Previously, subscribers could only receive rows into non-partitioned tables.
Allow whole-row variables (that is, table
.*
) to be used in partitioning expressions (Amit Langote)
More efficiently store duplicates in B-tree indexes (Anastasia Lubennikova, Peter Geoghegan)
This allows efficient B-tree indexing of low-cardinality columns by storing duplicate keys only once. Users upgrading with pg_upgrade will need to use REINDEX
to make an existing index use this feature.
Allow GiST and SP-GiST indexes on box
columns to support ORDER BY
queries (Nikita Glukhov)box
<-> point
Allow GIN indexes to more efficiently handle !
(NOT) clauses in tsquery
searches (Nikita Glukhov, Alexander Korotkov, Tom Lane, Julien Rouhaud)
Allow index operator classes to take parameters (Nikita Glukhov)
Allow CREATE INDEX
to specify the GiST signature length and maximum number of integer ranges (Nikita Glukhov)
Indexes created on four and eight-byte integer array, tsvector, pg_trgm, ltree, and hstore columns can now control these GiST index parameters, rather than using the defaults.
Prevent indexes that use non-default collations from being added as a table's unique or primary key constraint (Tom Lane)
The index's collation must match that of the underlying column, but ALTER TABLE
previously failed to check this.
Improve the optimizer's selectivity estimation for containment/match operators (Tom Lane)
Allow setting the statistics target for extended statistics (Tomas Vondra)
This is controlled with the new command option ALTER STATISTICS ... SET STATISTICS
. Previously this was computed based on more general statistics target settings.
Allow use of multiple extended statistics objects in a single query (Tomas Vondra)
Allow use of extended statistics objects for OR clauses and IN/ANY
constant lists (Pierre Ducroquet, Tomas Vondra)
Allow functions in FROM
clauses to be pulled up (inlined) if they evaluate to constants (Alexander Kuzmenkov, Aleksandr Parfenov)
Implement incremental sorting (James Coleman, Alexander Korotkov, Tomas Vondra)
If an intermediate query result is known to be sorted by one or more leading keys of a required sort ordering, the additional sorting can be done considering only the remaining keys, if the rows are sorted in batches that have equal leading keys.
If necessary, this can be controlled using enable_incremental_sort.
Improve the performance of sorting inet values (Brandur Leach)
Allow hash aggregation to use disk storage for large aggregation result sets (Jeff Davis)
Previously, hash aggregation was avoided if it was expected to use more than work_mem memory. Now, a hash aggregation plan can be chosen despite that. The hash table will be spilled to disk if it exceeds work_mem
times hash_mem_multiplier.
This behavior is normally preferable to the old behavior, in which once hash aggregation had been chosen, the hash table would be kept in memory no matter how large it got — which could be very large if the planner had misestimated. If necessary, behavior similar to that can be obtained by increasing hash_mem_multiplier
.
Allow inserts, not only updates and deletes, to trigger vacuuming activity in autovacuum (Laurenz Albe, Darafei Praliaskouski)
Previously, insert-only activity would trigger auto-analyze but not auto-vacuum, on the grounds that there could not be any dead tuples to remove. However, a vacuum scan has other useful side-effects such as setting page-all-visible bits, which improves the efficiency of index-only scans. Also, allowing an insert-only table to receive periodic vacuuming helps to spread out the work of “freezing” old tuples, so that there is not suddenly a large amount of freezing work to do when the entire table reaches the anti-wraparound threshold all at once.
If necessary, this behavior can be adjusted with the new parameters autovacuum_vacuum_insert_threshold and autovacuum_vacuum_insert_scale_factor, or the equivalent table storage options.
Add maintenance_io_concurrency parameter to control I/O concurrency for maintenance operations (Thomas Munro)
Allow WAL writes to be skipped during a transaction that creates or rewrites a relation, if wal_level is minimal
(Kyotaro Horiguchi)
Relations larger than wal_skip_threshold will have their files fsync'ed rather than generating WAL. Previously this was done only for COPY
operations, but the implementation had a bug that could cause data loss during crash recovery.
Improve performance when replaying DROP DATABASE
commands when many tablespaces are in use (Fujii Masao)
Improve performance for truncation of very large relations (Kirk Jamison)
Improve retrieval of the leading bytes of TOAST'ed values (Binguo Bao, Andrey Borodin)
Previously, compressed out-of-line TOAST values were fully fetched even when it's known that only some leading bytes are needed. Now, only enough data to produce the result is fetched.
Improve performance of LISTEN
/NOTIFY
(Martijn van Oosterhout, Tom Lane)
Speed up conversions of integers to text (David Fetter)
Reduce memory usage for query strings and extension scripts that contain many SQL statements (Amit Langote)
Allow EXPLAIN
, auto_explain, autovacuum, and pg_stat_statements to track WAL usage statistics (Kirill Bychik, Julien Rouhaud)
Allow a sample of SQL statements, rather than all statements, to be logged (Adrien Nayrat)
A log_statement_sample_rate fraction of those statements taking more than log_min_duration_sample duration will be logged.
Add the backend type to csvlog and optionally log_line_prefix log output (Peter Eisentraut)
Improve control of prepared statement parameter logging (Alexey Bashtanov, Álvaro Herrera)
The GUC setting log_parameter_max_length controls the maximum length of parameter values output during logging of non-error statements, while log_parameter_max_length_on_error does the same for logging of statements with errors. Previously, prepared statement parameters were never logged during errors.
Allow function call backtraces to be logged after errors (Peter Eisentraut, Álvaro Herrera)
The new parameter backtrace_functions specifies which C functions should generate backtraces on error.
Make vacuum buffer counters 64-bits wide to avoid overflow (Álvaro Herrera)
Add leader_pid
to pg_stat_activity to report a parallel worker's leader process (Julien Rouhaud)
Add system view pg_stat_progress_basebackup
to report the progress of streaming base backups (Fujii Masao)
Add system view pg_stat_progress_analyze
to report ANALYZE progress (Álvaro Herrera, Tatsuro Yamada, Vinayak Pokale)
Add system view pg_shmem_allocations
to display shared memory usage (Andres Freund, Robert Haas)
Add system view pg_stat_slru
to monitor internal SLRU caches (Tomas Vondra)
Allow track_activity_query_size to be set as high as 1MB (Vyacheslav Makarov)
The previous maximum was 100kB.
Report a wait event while creating a DSM segment with posix_fallocate()
(Thomas Munro)
Add wait event VacuumDelay to report on cost-based vacuum delay (Justin Pryzby)
Add wait events for WAL archive and recovery pause (Fujii Masao)
The new events are BackupWaitWalArchive and RecoveryPause.
Add wait events RecoveryConflictSnapshot and RecoveryConflictTablespace to monitor recovery conflicts (Masahiko Sawada)
Improve performance of wait events on BSD-based systems (Thomas Munro)
Allow only superusers to view the ssl_passphrase_command setting (Insung Moon)
This was changed as a security precaution.
Change the server's default minimum TLS version for encrypted connections from 1.0 to 1.2 (Peter Eisentraut)
This choice can be controlled by ssl_min_protocol_version.
Tighten rules on which utility commands are allowed in read-only transaction mode (Robert Haas)
This change also increases the number of utility commands that can run in parallel queries.
Allow allow_system_table_mods to be changed after server start (Peter Eisentraut)
Disallow non-superusers from modifying system tables when allow_system_table_mods is set (Peter Eisentraut)
Previously, if allow_system_table_mods was set at server start, non-superusers could issue INSERT
/UPDATE
/DELETE
commands on system tables.
Enable support for Unix-domain sockets on Windows (Peter Eisentraut)
Allow streaming replication configuration settings to be changed by reload (Sergei Kornilov)
Previously, a server restart was required to change primary_conninfo and primary_slot_name.
Allow WAL receivers to use a temporary replication slot when a permanent one is not specified (Peter Eisentraut, Sergei Kornilov)
This behavior can be enabled using wal_receiver_create_temp_slot.
Allow WAL storage for replication slots to be limited by max_slot_wal_keep_size (Kyotaro Horiguchi)
Replication slots that would require exceeding this value are marked invalid.
Allow standby promotion to cancel any requested pause (Fujii Masao)
Previously, promotion could not happen while the standby was in paused state.
Generate an error if recovery does not reach the specified recovery target (Leif Gunnar Erlandsen, Peter Eisentraut)
Previously, a standby would promote itself upon reaching the end of WAL, even if the target was not reached.
Allow control over how much memory is used by logical decoding before it is spilled to disk (Tomas Vondra, Dilip Kumar, Amit Kapila)
This is controlled by logical_decoding_work_mem.
Allow recovery to continue even if invalid pages are referenced by WAL (Fujii Masao)
This is enabled using ignore_invalid_pages.
Allow VACUUM
to process a table's indexes in parallel (Masahiko Sawada, Amit Kapila)
The new PARALLEL
option controls this.
Allow FETCH FIRST
to use WITH TIES
to return any additional rows that match the last result row (Surafel Temesgen)
Report planning-time buffer usage in EXPLAIN
's BUFFER
output (Julien Rouhaud)
Make CREATE TABLE LIKE
propagate a CHECK
constraint's NO INHERIT
property to the created table (Ildar Musin, Chris Travers)
When using LOCK TABLE
on a partitioned table, do not check permissions on the child tables (Amit Langote)
Allow OVERRIDING USER VALUE
on inserts into identity columns (Dean Rasheed)
Add ALTER TABLE ... DROP EXPRESSION
to allow removing the GENERATED
property from a column (Peter Eisentraut)
Fix bugs in multi-step ALTER TABLE
commands (Tom Lane)
IF NOT EXISTS
clauses now work as expected, in that derived actions (such as index creation) do not execute if the column already exists. Also, certain cases of combining related actions into one ALTER TABLE
now work when they did not before.
Add ALTER VIEW
syntax to rename view columns (Fujii Masao)
Renaming view columns was already possible, but one had to write ALTER TABLE RENAME COLUMN
, which is confusing.
Add ALTER TYPE
options to modify a base type's TOAST properties and support functions (Tomas Vondra, Tom Lane)
Add CREATE DATABASE
LOCALE
option (Peter Eisentraut)
This combines the existing options LC_COLLATE
and LC_CTYPE
into a single option.
Allow DROP DATABASE
to disconnect sessions using the target database, allowing the drop to succeed (Pavel Stehule, Amit Kapila)
This is enabled by the FORCE
option.
Add structure member tg_updatedcols
to allow C-language update triggers to know which column(s) were updated (Peter Eisentraut)
Add polymorphic data types for use by functions requiring compatible arguments (Pavel Stehule)
The new data types are anycompatible
, anycompatiblearray
, anycompatiblenonarray
, and anycompatiblerange
.
Add SQL data type xid8
to expose FullTransactionId (Thomas Munro)
The existing xid
data type is only four bytes so it does not provide the transaction epoch.
Add data type regcollation
and associated functions, to represent OIDs of collation objects (Julien Rouhaud)
Use the glibc version in some cases as a collation version identifier (Thomas Munro)
If the glibc version changes, a warning will be issued about possible corruption of collation-dependent indexes.
Add support for collation versions on Windows (Thomas Munro)
Allow ROW
expressions to have their members extracted with suffix notation (Tom Lane)
For example, (ROW(4, 5.0)).f1
now returns 4.
Add alternate version of jsonb_set()
with improved NULL
handling (Andrew Dunstan)
The new function, jsonb_set_lax()
, handles a NULL
new value by either setting the specified key to a JSON null, deleting the key, raising an exception, or returning the jsonb
value unmodified, as requested.
Add jsonpath .datetime()
method (Nikita Glukhov, Teodor Sigaev, Oleg Bartunov, Alexander Korotkov)
This function allows JSON values to be converted to timestamps, which can then be processed in jsonpath
expressions. This change also adds jsonpath
functions that support time-zone-aware output.
Add SQL functions NORMALIZE
() to normalize Unicode strings, and IS NORMALIZED
to check for normalization (Peter Eisentraut)
Add min()
and max()
aggregates for pg_lsn
(Fabrízio de Royes Mello)
These are particularly useful in monitoring queries.
Allow Unicode escapes, e.g., E'\u
or nnnn
'U&'\
, to specify any character available in the database encoding, even when the database encoding is not UTF-8 (Tom Lane)nnnn
'
Allow to_date()
and to_timestamp()
to recognize non-English month/day names (Juan José Santamaría Flecha, Tom Lane)
The names recognized are the same as those output by to_char()
with the same format patterns.
Add datetime format patterns FF1
– FF6
to specify input or output of 1 to 6 fractional-second digits (Alexander Korotkov, Nikita Glukhov, Teodor Sigaev, Oleg Bartunov)
These patterns can be used by to_char()
, to_timestamp()
, and jsonpath's .datetime()
.
Add SSSSS
datetime format pattern as an SQL-standard alias for SSSS
(Nikita Glukhov, Alexander Korotkov)
Add function gen_random_uuid()
to generate version-4 UUIDs (Peter Eisentraut)
Previously UUID generation functions were only available in the external modules uuid-ossp and pgcrypto.
Add greatest-common-denominator (gcd
) and least-common-multiple (lcm
) functions (Vik Fearing)
Improve the performance and accuracy of the numeric
type's square root (sqrt
) and natural log (ln
) functions (Dean Rasheed)
Add function min_scale()
that returns the number of digits to the right of the decimal point that are required to represent a numeric
value with full accuracy (Pavel Stehule)
Add function trim_scale()
to reduce the scale of a numeric
value by removing trailing zeros (Pavel Stehule)
Add commutators of distance operators (Nikita Glukhov)
For example, previously only point
<->
line
was supported, now line
<->
point
works too.
Create xid8
versions of all transaction ID functions (Thomas Munro)
The old xid
-based functions still exist, for backward compatibility.
Allow get_bit()
and set_bit()
to set bits beyond the first 256MB of a bytea
value (Movead Li)
Allow advisory-lock functions to be used in some parallel operations (Tom Lane)
Add the ability to remove an object's dependency on an extension (Álvaro Herrera)
The object can be a function, materialized view, index, or trigger. The syntax is ALTER .. NO DEPENDS ON
.
Improve performance of simple PL/pgSQL expressions (Tom Lane, Amit Langote)
Improve performance of PL/pgSQL functions that use immutable expressions (Konstantin Knizhnik)
Allow libpq clients to require channel binding for encrypted connections (Jeff Davis)
Using the libpq connection parameter channel_binding
forces the other end of the TLS connection to prove it knows the user's password. This prevents man-in-the-middle attacks.
Add libpq connection parameters to control the minimum and maximum TLS version allowed for an encrypted connection (Daniel Gustafsson)
The settings are ssl_min_protocol_version and ssl_max_protocol_version. By default, the minimum TLS version is 1.2 (this represents a behavioral change from previous releases).
Allow use of passwords to unlock client certificates (Craig Ringer, Andrew Dunstan)
This is enabled by libpq's sslpassword connection parameter.
Allow libpq to use DER-encoded client certificates (Craig Ringer, Andrew Dunstan)
Fix ecpg's EXEC SQL elif
directive to work correctly (Tom Lane)
Previously it behaved the same as endif
followed by ifdef
, so that a successful previous branch of the same if
construct did not prevent expansion of the elif
branch or following branches.
Add transaction status (%x
) to psql's default prompts (Vik Fearing)
Allow the secondary psql prompt to be blank but the same width as the primary prompt (Thomas Munro)
This is accomplished by setting PROMPT2
to %w
.
Allow psql's \g
and \gx
commands to change \pset output options for the duration of that single command (Tom Lane)
This feature allows syntax like \g (expand=on)
, which is equivalent to \gx
.
Add psql commands to display operator classes and operator families (Sergey Cherkashin, Nikita Glukhov, Alexander Korotkov)
The new commands are \dAc
, \dAf
, \dAo
, and \dAp
.
Show table persistence in psql's \dt+
and related commands (David Fetter)
In verbose mode, the table/index/view shows if the object is permanent, temporary, or unlogged.
Improve output of psql's \d
for TOAST tables (Justin Pryzby)
Fix redisplay after psql's \e
command (Tom Lane)
When exiting the editor, if the query doesn't end with a semicolon or \g
, the query buffer contents will now be displayed.
Add \warn
command to psql (David Fetter)
This is like \echo
except that the text is sent to stderr instead of stdout.
Add the PostgreSQL home page to command-line --help
output (Peter Eisentraut)
Allow pgbench to partition its “accounts” table (Fabien Coelho)
This allows performance testing of partitioning.
Add pgbench command \aset
, which behaves like \gset
, but for multiple queries (Fabien Coelho)
Allow pgbench to generate its initial data server-side, rather than client-side (Fabien Coelho)
Allow pgbench to show script contents using option --show-script
(Fabien Coelho)
Generate backup manifests for base backups, and verify them (Robert Haas)
A new tool pg_verifybackup can verify backups.
Have pg_basebackup estimate the total backup size by default (Fujii Masao)
This computation allows pg_stat_progress_basebackup
to show progress. If that is not needed, it can be disabled by using the --no-estimate-size
option. Previously, this computation happened only if the --progress
option was used.
Add an option to pg_rewind to configure standbys (Paul Guo, Jimmy Yih, Ashwin Agrawal)
This matches pg_basebackup's --write-recovery-conf
option.
Allow pg_rewind to use the target cluster's restore_command to retrieve needed WAL (Alexey Kondratov)
This is enabled using the -c
/--restore-target-wal
option.
Have pg_rewind automatically run crash recovery before rewinding (Paul Guo, Jimmy Yih, Ashwin Agrawal)
This can be disabled by using --no-ensure-shutdown
.
Increase the PREPARE TRANSACTION
-related information reported by pg_waldump (Fujii Masao)
Add pg_waldump option --quiet
to suppress non-error output (Andres Freund, Robert Haas)
Add pg_dump option --include-foreign-data
to dump data from foreign servers (Luis Carril)
Allow vacuum commands run by vacuumdb to operate in parallel mode (Masahiko Sawada)
This is enabled with the new --parallel
option.
Allow reindexdb to operate in parallel (Julien Rouhaud)
Parallel mode is enabled with the new --jobs
option.
Allow dropdb to disconnect sessions using the target database, allowing the drop to succeed (Pavel Stehule)
This is enabled with the -f
option.
Remove --adduser
and --no-adduser
from createuser (Alexander Lakhin)
The long-supported preferred options for this are called --superuser
and --no-superuser
.
Use the directory of the pg_upgrade program as the default --new-bindir
setting when running pg_upgrade (Daniel Gustafsson)
Add a glossary to the documentation (Corey Huinker, Jürgen Purtz, Roger Harkavy, Álvaro Herrera)
Reformat tables containing function and operator information for better clarity (Tom Lane)
Upgrade to use DocBook 4.5 (Peter Eisentraut)
Add support for building on Visual Studio 2019 (Haribabu Kommi)
Add build support for MSYS2 (Peter Eisentraut)
Add compare_exchange and fetch_add assembly language code for Power PC compilers (Noah Misch)
Update Snowball stemmer dictionaries used by full text search (Panagiotis Mavrogiorgos)
This adds Greek stemming and improves Danish and French stemming.
Remove support for Windows 2000 (Michael Paquier)
Remove support for non-ELF BSD systems (Peter Eisentraut)
Remove support for Python versions 2.5.X and earlier (Peter Eisentraut)
Remove support for OpenSSL 0.9.8 and 1.0.0 (Michael Paquier)
Remove configure options --disable-float8-byval
and --disable-float4-byval
(Peter Eisentraut)
These were needed for compatibility with some version-zero C functions, but those are no longer supported.
Pass the query string to planner hook functions (Pascal Legrand, Julien Rouhaud)
Add TRUNCATE
command hook (Yuli Khodorkovskiy)
Add TLS init hook (Andrew Dunstan)
Allow building with no predefined Unix-domain socket directory (Peter Eisentraut)
Reduce the probability of SysV resource key collision on Unix platforms (Tom Lane)
Use operating system functions to reliably erase memory that contains sensitive information (Peter Eisentraut)
For example, this is used for clearing passwords stored in memory.
Add headerscheck
script to test C header-file compatibility (Tom Lane)
Implement internal lists as arrays, rather than a chain of cells (Tom Lane)
This improves performance for queries that access many objects.
Change the API for TS_execute()
(Tom Lane, Pavel Borisov)
TS_execute
callbacks must now provide ternary (yes/no/maybe) logic. Calculating NOT queries accurately is now the default.
Allow extensions to be specified as trusted (Tom Lane)
Such extensions can be installed in a database by users with database-level CREATE
privileges, even if they are not superusers. This change also removes the pg_pltemplate
system catalog.
Allow non-superusers to connect to postgres_fdw foreign servers without using a password (Craig Ringer)
Specifically, allow a superuser to set password_required
to false for a user mapping. Care must still be taken to prevent non-superusers from using superuser credentials to connect to the foreign server.
Allow postgres_fdw to use certificate authentication (Craig Ringer)
Different users can use different certificates.
Allow sepgsql to control access to the TRUNCATE
command (Yuli Khodorkovskiy)
Add extension bool_plperl which transforms SQL booleans to/from PL/Perl booleans (Ivan Panchenko)
Have pg_stat_statements treat SELECT ... FOR UPDATE
commands as distinct from those without FOR UPDATE
(Andrew Gierth, Vik Fearing)
Allow pg_stat_statements to optionally track the planning time of statements (Julien Rouhaud, Pascal Legrand, Thomas Munro, Fujii Masao)
Previously only execution time was tracked.
Overhaul ltree's lquery syntax to treat NOT
(!) more logically (Filip Rembialkowski, Tom Lane, Nikita Glukhov)
Also allow non-* queries to use a numeric range ({}) of matches.
Add support for binary I/O of ltree, lquery, and ltxtquery types (Nino Floris)
Add an option to dict_int to ignore the sign of integers (Jeff Janes)
Add adminpack function pg_file_sync()
to allow fsync'ing a file (Fujii Masao)
Add pageinspect functions to output t_infomask
/t_infomask2
values in human-readable format (Craig Ringer, Sawada Masahiko, Michael Paquier)
Add B-tree index de-duplication processing columns to pageinspect output (Peter Geoghegan)