Upgrading from 9.3.22 to 13.1 gives you 7.2 years worth of changes and fixes (2278 of them)

List of changes:

• ⇑ Upgrade to 9.4 released on 2014-12-18 - docs

  • Tighten checks for multidimensional array input (Bruce Momjian)

    Previously, an input array string that started with a single-element sub-array could later contain multi-element sub-arrays, e.g. '{{1}, {2,3}}'::int[] would be accepted.

  • When converting values of type date, timestamp or timestamptz to JSON, render the values in a format compliant with ISO 8601 (Andrew Dunstan)

    Previously such values were rendered according to the current DateStyle setting; but many JSON processors require timestamps to be in ISO 8601 format. If necessary, the previous behavior can be obtained by explicitly casting the datetime value to text before passing it to the JSON conversion function.

  • The json #> text[] path extraction operator now returns its lefthand input, not NULL, if the array is empty (Tom Lane)

    This is consistent with the notion that this represents zero applications of the simple field/element extraction operator ->. Similarly, json #>> text[] with an empty array merely coerces its lefthand input to text.

  • Corner cases in the JSON field/element/path extraction operators now return NULL rather than raising an error (Tom Lane)

    For example, applying field extraction to a JSON array now yields NULL not an error. This is more consistent (since some comparable cases such as no-such-field already returned NULL), and it makes it safe to create expression indexes that use these operators, since they will now not throw errors for any valid JSON input.

  • Cause consecutive whitespace in to_timestamp() and to_date() format strings to consume a corresponding number of characters in the input string (whitespace or not), then conditionally consume adjacent whitespace, if not in FX mode (Jeevan Chalke)

    Previously, consecutive whitespace characters in a non-FX format string behaved like a single whitespace character and consumed all adjacent whitespace in the input string. For example, previously a format string of three spaces would consume only the first space in ' 12', but it will now consume all three characters.

  • Fix ts_rank_cd() to ignore stripped lexemes (Alex Hill)

    Previously, stripped lexemes were treated as if they had a default location, producing a rank of dubious usefulness.

  • For functions declared to take VARIADIC "any", an actual parameter marked as VARIADIC must be of a determinable array type (Pavel Stehule)

    Such parameters can no longer be written as an undecorated string literal or NULL; a cast to an appropriate array data type will now be required. Note that this does not affect parameters not marked VARIADIC.

  • Ensure that whole-row variables expose the expected column names to functions that pay attention to column names within composite arguments (Tom Lane)

    Constructs like row_to_json(tab.*) now always emit column names that match the column aliases visible for table tab at the point of the call. In previous releases the emitted column names would sometimes be the table's actual column names regardless of any aliases assigned in the query.

  • DISCARD now also discards sequence-related state (Fabrízio de Royes Mello, Robert Haas)

  • Rename EXPLAIN ANALYZE's "total runtime" output to "execution time" (Tom Lane)

    Now that planning time is also reported, the previous name was confusing.

  • SHOW TIME ZONE now outputs simple numeric UTC offsets in POSIX timezone format (Tom Lane)

    Previously, such timezone settings were displayed as interval values. The new output is properly interpreted by SET TIME ZONE when passed as a simple string, whereas the old output required special treatment to be re-parsed correctly.

  • Foreign data wrappers that support updating foreign tables must consider the possible presence of AFTER ROW triggers (Noah Misch)

    When an AFTER ROW trigger is present, all columns of the table must be returned by updating actions, since the trigger might inspect any or all of them. Previously, foreign tables never had triggers, so the FDW might optimize away fetching columns not mentioned in the RETURNING clause (if any).

  • Prevent CHECK constraints from referencing system columns, except tableoid (Amit Kapila)

    Previously such check constraints were allowed, but they would often cause errors during restores.

  • Use the last specified recovery target parameter if multiple target parameters are specified (Heikki Linnakangas)

    Previously, there was an undocumented precedence order among the recovery_target_xxx parameters.

  • On Windows, automatically preserve quotes in command strings supplied by the user (Heikki Linnakangas)

    User commands that did their own quote preservation might need adjustment. This is likely to be an issue for commands used in archive_command, restore_command, and COPY TO/FROM PROGRAM.

  • Remove catalog column pg_class.reltoastidxid (Michael Paquier)

  • Remove catalog column pg_rewrite.ev_attr (Kevin Grittner)

    Per-column rules have not been supported since PostgreSQL 7.3.

  • Remove native support for Kerberos authentication (--with-krb5, etc) (Magnus Hagander)

    The supported way to use Kerberos authentication is with GSSAPI. The native code has been deprecated since PostgreSQL 8.3.

  • In PL/Python, handle domains over arrays like the underlying array type (Rodolfo Campero)

    Previously such values were treated as strings.

  • Make libpq's PQconnectdbParams() and PQpingParams() functions process zero-length strings as defaults (Adrian Vondendriesch)

    Previously, these functions treated zero-length string values as selecting the default in only some cases.

  • Change empty arrays returned by the intarray module to be zero-dimensional arrays (Bruce Momjian)

    Previously, empty arrays were returned as zero-length one-dimensional arrays, whose text representation looked the same as zero-dimensional arrays ({}), but they acted differently in array operations. intarray's behavior in this area now matches the built-in array operators.

  • pg_upgrade now uses -U or --username to specify the user name (Bruce Momjian)

    Previously this option was spelled -u or --user, but that was inconsistent with other tools.

  • Allow background worker processes to be dynamically registered, started and terminated (Robert Haas)

    The new worker_spi module shows an example of use of this feature.

  • Allow dynamic allocation of shared memory segments (Robert Haas, Amit Kapila)

    This feature is illustrated in the test_shm_mq module.

  • During crash recovery or immediate shutdown, send uncatchable termination signals (SIGKILL) to child processes that do not shut down promptly (MauMau, Álvaro Herrera)

    This reduces the likelihood of leaving orphaned child processes behind after postmaster shutdown, as well as ensuring that crash recovery can proceed if some child processes have become "stuck".

  • Improve randomness of the database system identifier (Tom Lane)

  • Make VACUUM properly report dead but not-yet-removable rows to the statistics collector (Hari Babu)

    Previously these were reported as live rows.

  • Reduce GIN index size (Alexander Korotkov, Heikki Linnakangas)

    Indexes upgraded via pg_upgrade will work fine but will still be in the old, larger GIN format. Use REINDEX to recreate old GIN indexes in the new format.

  • Improve speed of multi-key GIN lookups (Alexander Korotkov, Heikki Linnakangas)

  • Add GiST index support for inet and cidr data types (Emre Hasegeli)

    Such indexes improve subnet and supernet lookups and ordering comparisons.

  • Fix rare race condition in B-tree page deletion (Heikki Linnakangas)

  • Make the handling of interrupted B-tree page splits more robust (Heikki Linnakangas)

  • Allow multiple backends to insert into WAL buffers concurrently (Heikki Linnakangas)

    This improves parallel write performance.

  • Conditionally write only the modified portion of updated rows to WAL (Amit Kapila)

  • Improve performance of aggregate functions used as window functions (David Rowley, Florian Pflug, Tom Lane)

  • Improve speed of aggregates that use numeric state values (Hadi Moshayedi)

  • Attempt to freeze tuples when tables are rewritten with CLUSTER or VACUUM FULL (Robert Haas, Andres Freund)

    This can avoid the need to freeze the tuples in the future.

  • Improve speed of COPY with default nextval() columns (Simon Riggs)

  • Improve speed of accessing many different sequences in the same session (David Rowley)

  • Raise hard limit on the number of tuples held in memory during sorting and B-tree index builds (Noah Misch)

  • Reduce memory allocated by PL/pgSQL DO blocks (Tom Lane)

  • Make the planner more aggressive about extracting restriction clauses from mixed AND/OR clauses (Tom Lane)

  • Disallow pushing volatile WHERE clauses down into DISTINCT subqueries (Tom Lane)

    Pushing down a WHERE clause can produce a more efficient plan overall, but at the cost of evaluating the clause more often than is implied by the text of the query; so don't do it if the clause contains any volatile functions.

  • Auto-resize the catalog caches (Heikki Linnakangas)

    This reduces memory consumption for sessions accessing only a few tables, and improves performance for sessions accessing many tables.

  • Add pg_stat_archiver system view to report WAL archiver activity (Gabriele Bartolini)

  • Add n_mod_since_analyze columns to pg_stat_all_tables and related system views (Mark Kirkwood)

    These columns expose the system's estimate of the number of changed tuples since the table's last ANALYZE. This estimate drives decisions about when to auto-analyze.

  • Add backend_xid and backend_xmin columns to the system view pg_stat_activity, and a backend_xmin column to pg_stat_replication (Christian Kruse)

  • Add support for SSL ECDH key exchange (Marko Kreen)

    This allows use of Elliptic Curve keys for server authentication. Such keys are faster and have better security than RSA keys. The new configuration parameter ssl_ecdh_curve controls which curve is used for ECDH.

  • Improve the default ssl_ciphers setting (Marko Kreen)

  • By default, the server not the client now controls the preference order of SSL ciphers (Marko Kreen)

    Previously, the order specified by ssl_ciphers was usually ignored in favor of client-side defaults, which are not configurable in most PostgreSQL clients. If desired, the old behavior can be restored via the new configuration parameter ssl_prefer_server_ciphers.

  • Make log_connections show SSL encryption information (Andreas Kunert)

  • Improve SSL renegotiation handling (Álvaro Herrera)

  • Add new SQL command ALTER SYSTEM for changing postgresql.conf configuration file entries (Amit Kapila)

    Previously such settings could only be changed by manually editing postgresql.conf.

  • Add autovacuum_work_mem configuration parameter to control the amount of memory used by autovacuum workers (Peter Geoghegan)

  • Add huge_pages parameter to allow using huge memory pages on Linux (Christian Kruse, Richard Poole, Abhijit Menon-Sen)

    This can improve performance on large-memory systems.

  • Add max_worker_processes parameter to limit the number of background workers (Robert Haas)

    This is helpful in configuring a standby server to have the required number of worker processes (the same as the primary).

  • Add superuser-only session_preload_libraries parameter to load libraries at session start (Peter Eisentraut)

    In contrast to local_preload_libraries, this parameter can load any shared library, not just those in the $libdir/plugins directory.

  • Add wal_log_hints parameter to enable WAL logging of hint-bit changes (Sawada Masahiko)

    Hint bit changes are not normally logged, except when checksums are enabled. This is useful for external tools like pg_rewind.

  • Increase the default settings of work_mem and maintenance_work_mem by four times (Bruce Momjian)

    The new defaults are 4MB and 64MB respectively.

  • Increase the default setting of effective_cache_size to 4GB (Bruce Momjian, Tom Lane)

  • Allow printf-style space padding to be specified in log_line_prefix (David Rowley)

  • Allow terabyte units (TB) to be used when specifying configuration variable values (Simon Riggs)

  • Show PIDs of lock holders and waiters and improve information about relations in log_lock_waits log messages (Christian Kruse)

  • Reduce server logging level when loading shared libraries (Peter Geoghegan)

    The previous level was LOG, which was too verbose for libraries loaded per-session.

  • On Windows, make SQL_ASCII-encoded databases and server processes (e.g., postmaster) emit messages in the character encoding of the server's Windows user locale (Alexander Law, Noah Misch)

    Previously these messages were output in the Windows ANSI code page.

  • Add replication slots to coordinate activity on streaming standbys with the node they are streaming from (Andres Freund, Robert Haas)

    Replication slots allow preservation of resources like WAL files on the primary until they are no longer needed by standby servers.

  • Add recovery parameter recovery_min_apply_delay to delay replication (Robert Haas, Fabrízio de Royes Mello, Simon Riggs)

    Delaying replay on standby servers can be useful for recovering from user errors.

  • Add recovery_target option immediate to stop WAL recovery as soon as a consistent state is reached (MauMau, Heikki Linnakangas)

  • Improve recovery target processing (Heikki Linnakangas)

    The timestamp reported by pg_last_xact_replay_timestamp() now reflects already-committed records, not transactions about to be committed. Recovering to a restore point now replays the restore point, rather than stopping just before the restore point.

  • pg_switch_xlog() now clears any unused trailing space in the old WAL file (Heikki Linnakangas)

    This improves the compression ratio for WAL files.

  • Report failure return codes from external recovery commands (Peter Eisentraut)

  • Reduce spinlock contention during WAL replay (Heikki Linnakangas)

  • Write WAL records of running transactions more frequently (Andres Freund)

    This allows standby servers to start faster and clean up resources more aggressively.

  • Add support for logical decoding of WAL data, to allow database changes to be streamed out in a customizable format (Andres Freund)

  • Add new wal_level setting logical to enable logical change-set encoding in WAL (Andres Freund)

  • Add table-level parameter REPLICA IDENTITY to control logical replication (Andres Freund)

  • Add relation option user_catalog_table to identify user-created tables involved in logical change-set encoding (Andres Freund)

  • Add pg_recvlogical application to receive logical-decoding data (Andres Freund)

  • Add test_decoding module to illustrate logical decoding at the SQL level (Andres Freund)

  • Add WITH ORDINALITY syntax to number the rows returned from a set-returning function in the FROM clause (Andrew Gierth, David Fetter)

    This is particularly useful for functions like unnest().

  • Add ROWS FROM() syntax to allow horizontal concatenation of set-returning functions in the FROM clause (Andrew Gierth)

  • Allow SELECT to have an empty target list (Tom Lane)

    This was added so that views that select from a table with zero columns can be dumped and restored correctly.

  • Ensure that SELECT ... FOR UPDATE NOWAIT does not wait in corner cases involving already-concurrently-updated tuples (Craig Ringer and Thomas Munro)

  • Add DISCARD SEQUENCES command to discard cached sequence-related state (Fabrízio de Royes Mello, Robert Haas)

    DISCARD ALL will now also discard such information.

  • Add FORCE NULL option to COPY FROM, which causes quoted strings matching the specified null string to be converted to NULLs in CSV mode (Ian Barwick, Michael Paquier)

    Without this option, only unquoted matching strings will be imported as null values.

  • Issue warnings for commands used outside of transaction blocks when they can have no effect (Bruce Momjian)

    New warnings are issued for SET LOCAL, SET CONSTRAINTS, SET TRANSACTION and ABORT when used outside a transaction block.

  • Make EXPLAIN ANALYZE show planning time (Andreas Karlsson)

  • Make EXPLAIN show the grouping columns in Agg and Group nodes (Tom Lane)

  • Make EXPLAIN ANALYZE show exact and lossy block counts in bitmap heap scans (Etsuro Fujita)

  • Allow a materialized view to be refreshed without blocking other sessions from reading the view meanwhile (Kevin Grittner)

    This is done with REFRESH MATERIALIZED VIEW CONCURRENTLY.

  • Allow views to be automatically updated even if they contain some non-updatable columns (Dean Rasheed)

    Previously the presence of non-updatable output columns such as expressions, literals, and function calls prevented automatic updates. Now INSERTs, UPDATEs and DELETEs are supported, provided that they do not attempt to assign new values to any of the non-updatable columns.

  • Allow control over whether INSERTs and UPDATEs can add rows to an auto-updatable view that would not appear in the view (Dean Rasheed)

    This is controlled with the new CREATE VIEW clause WITH CHECK OPTION.

  • Allow security barrier views to be automatically updatable (Dean Rasheed)

  • Support triggers on foreign tables (Ronan Dunklau)

  • Allow moving groups of objects from one tablespace to another using the ALL IN TABLESPACE ... SET TABLESPACE form of ALTER TABLE, ALTER INDEX, or ALTER MATERIALIZED VIEW (Stephen Frost)

  • Allow changing foreign key constraint deferrability via ALTER TABLE ... ALTER CONSTRAINT (Simon Riggs)

  • Reduce lock strength for some ALTER TABLE commands (Simon Riggs, Noah Misch, Robert Haas)

    Specifically, VALIDATE CONSTRAINT, CLUSTER ON, SET WITHOUT CLUSTER, ALTER COLUMN SET STATISTICS, ALTER COLUMN SET (attribute_option), ALTER COLUMN RESET (attribute_option) no longer require ACCESS EXCLUSIVE locks.

  • Allow tablespace options to be set in CREATE TABLESPACE (Vik Fearing)

    Formerly these options could only be set via ALTER TABLESPACE.

  • Allow CREATE AGGREGATE to define the estimated size of the aggregate's transition state data (Hadi Moshayedi)

    Proper use of this feature allows the planner to better estimate how much memory will be used by aggregates.

  • Fix DROP IF EXISTS to avoid errors for non-existent objects in more cases (Pavel Stehule, Dean Rasheed)

  • Improve how system relations are identified (Andres Freund, Robert Haas)

    Previously, relations once moved into the pg_catalog schema could no longer be modified or dropped.

  • Fully implement the line data type (Peter Eisentraut)

    The line segment data type (lseg) has always been fully supported. The previous line data type (which was enabled only via a compile-time option) is not binary or dump-compatible with the new implementation.

  • Add pg_lsn data type to represent a WAL log sequence number (LSN) (Robert Haas, Michael Paquier)

  • Allow single-point polygons to be converted to circles (Bruce Momjian)

  • Allow 5+ digit years for non-ISO timestamp and date strings, where appropriate (Bruce Momjian)

  • Add checks for overflow/underflow of interval values (Bruce Momjian)

  • Add jsonb, a more capable and efficient data type for storing JSON data (Oleg Bartunov, Teodor Sigaev, Alexander Korotkov, Peter Geoghegan, Andrew Dunstan)

    This new type allows faster access to values within a JSON document, and faster and more useful indexing of JSON columns. Scalar values in jsonb documents are stored as appropriate scalar SQL types, and the JSON document structure is pre-parsed rather than being stored as text as in the original json data type.

  • Add new JSON functions to allow for the construction of arbitrarily complex JSON trees (Andrew Dunstan, Laurence Rowe)

    New functions include json_array_elements_text(), json_build_array(), json_object(), json_object_agg(), json_to_record(), and json_to_recordset().

  • Add json_typeof() to return the data type of a json value (Andrew Tipton)

  • Add pg_sleep_for(interval) and pg_sleep_until(timestamp) to specify delays more flexibly (Vik Fearing, Julien Rouhaud)

    The existing pg_sleep() function only supports delays specified in seconds.

  • Add cardinality() function for arrays (Marko Tiikkaja)

    This returns the total number of elements in the array, or zero for an array with no elements.

  • Add SQL functions to allow large object reads/writes at arbitrary offsets (Pavel Stehule)

  • Allow unnest() to take multiple arguments, which are individually unnested then horizontally concatenated (Andrew Gierth)

  • Add functions to construct times, dates, timestamps, timestamptzs, and intervals from individual values, rather than strings (Pavel Stehule)

    These functions' names are prefixed with make_, e.g. make_date().

  • Make to_char()'s TZ format specifier return a useful value for simple numeric time zone offsets (Tom Lane)

    Previously, to_char(CURRENT_TIMESTAMP, 'TZ') returned an empty string if the timezone was set to a constant like -4.

  • Add timezone offset format specifier OF to to_char() (Bruce Momjian)

  • Improve the random seed used for random() (Honza Horak)

  • Tighten validity checking for Unicode code points in chr(int) (Tom Lane)

    This function now only accepts values that are valid UTF8 characters according to RFC 3629.

  • Add functions for looking up objects in pg_class, pg_proc, pg_type, and pg_operator that do not generate errors for non-existent objects (Yugo Nagata, Nozomi Anzai, Robert Haas)

    For example, to_regclass() does a lookup in pg_class similarly to the regclass input function, but it returns NULL for a non-existent object instead of failing.

  • Add function pg_filenode_relation() to allow for more efficient lookup of relation names from filenodes (Andres Freund)

  • Add parameter_default column to information_schema.parameters view (Peter Eisentraut)

  • Make information_schema.schemata show all accessible schemas (Peter Eisentraut)

    Previously it only showed schemas owned by the current user.

  • Add control over which rows are passed into aggregate functions via the FILTER clause (David Fetter)

  • Support ordered-set (WITHIN GROUP) aggregates (Atri Sharma, Andrew Gierth, Tom Lane)

  • Add standard ordered-set aggregates percentile_cont(), percentile_disc(), mode(), rank(), dense_rank(), percent_rank(), and cume_dist() (Atri Sharma, Andrew Gierth)

  • Support VARIADIC aggregate functions (Tom Lane)

  • Allow polymorphic aggregates to have non-polymorphic state data types (Tom Lane)

    This allows proper declaration in SQL of aggregates like the built-in aggregate array_agg().

  • Add event trigger support to PL/Perl and PL/Tcl (Dimitri Fontaine)

  • Convert numeric values to decimal in PL/Python (Szymon Guz, Ronan Dunklau)

    Previously such values were converted to Python float values, risking loss of precision.

  • Add ability to retrieve the current PL/pgSQL call stack using GET DIAGNOSTICS (Pavel Stehule, Stephen Frost)

  • Add option print_strict_params to display the parameters passed to a query that violated a STRICT constraint (Marko Tiikkaja)

  • Add variables plpgsql.extra_warnings and plpgsql.extra_errors to enable additional PL/pgSQL warnings and errors (Marko Tiikkaja, Petr Jelinek)

    Currently only warnings/errors about shadowed variables are available.

  • Make libpq's PQconndefaults() function ignore invalid service files (Steve Singer, Bruce Momjian)

    Previously it returned NULL if an incorrect service file was encountered.

  • Accept TLS protocol versions beyond TLSv1 in libpq (Marko Kreen)

  • Add createuser option -g to specify role membership (Christopher Browne)

  • Add vacuumdb option --analyze-in-stages to analyze in stages of increasing granularity (Peter Eisentraut)

    This allows minimal statistics to be created quickly.

  • Make pg_resetxlog with option -n output current and potentially changed values (Rajeev Rastogi)

  • Make initdb throw error for incorrect locale settings, rather than silently falling back to a default choice (Tom Lane)

  • Make pg_ctl return exit code 4 for an inaccessible data directory (Amit Kapila, Bruce Momjian)

    This behavior more closely matches the Linux Standard Base (LSB) Core Specification.

  • On Windows, ensure that a non-absolute -D path specification is interpreted relative to pg_ctl's current directory (Kumar Rajeev Rastogi)

    Previously it would be interpreted relative to whichever directory the underlying Windows service was started in.

  • Allow sizeof() in ECPG C array definitions (Michael Meskes)

  • Make ECPG properly handle nesting of C-style comments in both C and SQL text (Michael Meskes)

  • Suppress "No rows" output in psql expanded mode when the footer is disabled (Bruce Momjian)

  • Allow Control-C to abort psql when it's hung at connection startup (Peter Eisentraut)

  • Make psql's \db+ show tablespace options (Magnus Hagander)

  • Make \do+ display the functions that implement the operators (Marko Tiikkaja)

  • Make \d+ output an OID line only if an oid column exists in the table (Bruce Momjian)

    Previously, the presence or absence of an oid column was always reported.

  • Make \d show disabled system triggers (Bruce Momjian)

    Previously, if you disabled all triggers, only user triggers would show as disabled.

  • Fix \copy to no longer require a space between stdin and a semicolon (Etsuro Fujita)

  • Output the row count at the end of \copy, just like COPY already did (Kumar Rajeev Rastogi)

  • Fix \conninfo to display the server's IP address for connections using hostaddr (Fujii Masao)

    Previously \conninfo could not display the server's IP address in such cases.

  • Show the SSL protocol version in \conninfo (Marko Kreen)

  • Add tab completion for \pset (Pavel Stehule)

  • Allow \pset with no arguments to show all settings (Gilles Darold)

  • Make \s display the name of the history file it wrote without converting it to an absolute path (Tom Lane)

    The code previously attempted to convert a relative file name to an absolute path for display, but frequently got it wrong.

  • Allow pg_restore options -I, -P, -T and -n to be specified multiple times (Heikki Linnakangas)

    This allows multiple objects to be restored in one operation.

  • Optionally add IF EXISTS clauses to the DROP commands emitted when removing old objects during a restore (Pavel Stehule)

    This change prevents unnecessary errors when removing old objects. The new --if-exists option for pg_dump, pg_dumpall, and pg_restore is only available when --clean is also specified.

  • Add pg_basebackup option --xlogdir to specify the pg_xlog directory location (Haribabu Kommi)

  • Allow pg_basebackup to relocate tablespaces in the backup copy (Steeve Lennmark)

    This is particularly useful for using pg_basebackup on the same machine as the primary.

  • Allow network-stream base backups to be throttled (Antonin Houska)

    This can be controlled with the pg_basebackup --max-rate parameter.

  • Improve the way tuples are frozen to preserve forensic information (Robert Haas, Andres Freund)

    This change removes the main objection to freezing tuples as soon as possible. Code that inspects tuple flag bits will need to be modified.

  • No longer require function prototypes for functions marked with the PG_FUNCTION_INFO_V1 macro (Peter Eisentraut)

    This change eliminates the need to write boilerplate prototypes. Note that the PG_FUNCTION_INFO_V1 macro must appear before the corresponding function definition to avoid compiler warnings.

  • Remove SnapshotNow and HeapTupleSatisfiesNow() (Robert Haas)

    All existing uses have been switched to more appropriate snapshot types. Catalog scans now use MVCC snapshots.

  • Add an API to allow memory allocations over one gigabyte (Noah Misch)

  • Add psprintf() to simplify memory allocation during string composition (Peter Eisentraut, Tom Lane)

  • Support printf() size modifier z to print size_t values (Andres Freund)

  • Change API of appendStringInfoVA() to better use vsnprintf() (David Rowley, Tom Lane)

  • Allow new types of external toast datums to be created (Andres Freund)

  • Add single-reader, single-writer, lightweight shared message queue (Robert Haas)

  • Improve spinlock speed on x86_64 CPUs (Heikki Linnakangas)

  • Remove spinlock support for unsupported platforms SINIX, Sun3, and NS32K (Robert Haas)

  • Remove IRIX port (Robert Haas)

  • Reduce the number of semaphores required by --disable-spinlocks builds (Robert Haas)

  • Rewrite duplicate_oids Unix shell script in Perl (Andrew Dunstan)

  • Add Test Anything Protocol (TAP) tests for client programs (Peter Eisentraut)

    Currently, these tests are run by make check-world only if the --enable-tap-tests option was given to configure. This might become the default behavior in some future release.

  • Add make targets check-tests and installcheck-tests, which allow selection of individual tests to be run (Andrew Dunstan)

  • Remove maintainer-check makefile rule (Peter Eisentraut)

    The default build rules now include all the formerly-optional tests.

  • Improve support for VPATH builds of PGXS modules (Cédric Villemain, Andrew Dunstan, Peter Eisentraut)

  • Upgrade to Autoconf 2.69 (Peter Eisentraut)

  • Add a configure flag that appends custom text to the PG_VERSION string (Oskari Saarenmaa)

    This is useful for packagers building custom binaries.

  • Improve DocBook XML validity (Peter Eisentraut)

  • Fix various minor security and sanity issues reported by the Coverity scanner (Stephen Frost)

  • Improve detection of invalid memory usage when testing PostgreSQL with Valgrind (Noah Misch)

  • Improve sample Emacs configuration file emacs.samples (Peter Eisentraut)

    Also add .dir-locals.el to the top of the source tree.

  • Allow pgindent to accept a command-line list of typedefs (Bruce Momjian)

  • Make pgindent smarter about blank lines around preprocessor conditionals (Bruce Momjian)

  • Avoid most uses of dlltool in Cygwin and Mingw builds (Marco Atzeri, Hiroshi Inoue)

  • Support client-only installs in MSVC (Windows) builds (MauMau)

  • Add pg_prewarm extension to preload relation data into the shared buffer cache at server start (Robert Haas)

    This allows reaching full operating performance more quickly.

  • Add UUID random number generator gen_random_uuid() to pgcrypto (Oskari Saarenmaa)

    This allows creation of version 4 UUIDs without requiring installation of uuid-ossp.

  • Allow uuid-ossp to work with the BSD or e2fsprogs UUID libraries, not only the OSSP UUID library (Matteo Beccati)

    This improves the uuid-ossp module's portability since it no longer has to have the increasingly-obsolete OSSP library. The module's name is now rather a misnomer, but we won't change it.

  • Add option to auto_explain to include trigger execution time (Horiguchi Kyotaro)

  • Fix pgstattuple to not report rows from uncommitted transactions as dead (Robert Haas)

  • Make pgstattuple functions use regclass-type arguments (Satoshi Nagayasu)

    While text-type arguments are still supported, they may be removed in a future major release.

  • Improve consistency of pgrowlocks output to honor snapshot rules more consistently (Robert Haas)

  • Improve pg_trgm's choice of trigrams for indexed regular expression searches (Alexander Korotkov)

    This change discourages use of trigrams containing whitespace, which are usually less selective.

  • Allow pg_xlogdump to report a live log stream with --follow (Heikki Linnakangas)

  • Store cube data more compactly (Stas Kelvich)

    Existing data must be dumped/restored to use the new format. The old format can still be read.

  • Reduce vacuumlo client-side memory usage by using a cursor (Andrew Dunstan)

  • Dramatically reduce memory consumption in pg_upgrade (Bruce Momjian)

  • Pass pg_upgrade's user name (-U) option to generated analyze scripts (Bruce Momjian)

  • Remove line length limit for pgbench scripts (Sawada Masahiko)

    The previous line limit was BUFSIZ.

  • Add long option names to pgbench (Fabien Coelho)

  • Add pgbench option --rate to control the transaction rate (Fabien Coelho)

  • Add pgbench option --progress to print periodic progress reports (Fabien Coelho)

  • Make pg_stat_statements use a file, rather than shared memory, for query text storage (Peter Geoghegan)

    This removes the previous limitation on query text length, and allows a higher number of unique statements to be tracked by default.

  • Allow reporting of pg_stat_statements's internal query hash identifier (Daniel Farina, Sameer Thakur, Peter Geoghegan)

  • Add the ability to retrieve all pg_stat_statements information except the query text (Peter Geoghegan)

    This allows monitoring tools to fetch query text only for just-created entries, improving performance during repeated querying of the statistics.

  • Make pg_stat_statements ignore DEALLOCATE commands (Fabien Coelho)

    It already ignored PREPARE, as well as planning time in general, so this seems more consistent.

  • Save the statistics file into $PGDATA/pg_stat at server shutdown, rather than $PGDATA/global (Fujii Masao)

• ⇑ Upgrade to 9.4.1 released on 2015-02-05 - docs

  • Cope with the Windows locale named "Norwegian (Bokmål)" (Heikki Linnakangas)

    Non-ASCII locale names are problematic since it's not clear what encoding they should be represented in. Map the troublesome locale name to a plain-ASCII alias, "Norwegian_Norway".

    9.4.0 mapped the troublesome name to "norwegian-bokmal", but that turns out not to work on all Windows configurations. "Norwegian_Norway" is now recommended instead.

  • Avoid possible deadlock while trying to acquire tuple locks in EvalPlanQual processing (Álvaro Herrera, Mark Kirkwood)

  • Fix failure to wait when a transaction tries to acquire a FOR NO KEY EXCLUSIVE tuple lock, while multiple other transactions currently hold FOR SHARE locks (Álvaro Herrera)

  • Fix jsonb Unicode escape processing, and in consequence disallow \u0000 (Tom Lane)

    Previously, the JSON Unicode escape \u0000 was accepted and was stored as those six characters; but that is indistinguishable from what is stored for the input \\u0000, resulting in ambiguity. Moreover, in cases where de-escaped textual output is expected, such as the ->> operator, the sequence was printed as \u0000, which does not meet the expectation that JSON escaping would be removed. (Consistent behavior would require emitting a zero byte, but PostgreSQL does not support zero bytes embedded in text strings.) 9.4.0 included an ill-advised attempt to improve this situation by adjusting JSON output conversion rules; but of course that could not fix the fundamental ambiguity, and it turned out to break other usages of Unicode escape sequences. Revert that, and to avoid the core problem, reject \u0000 in jsonb input.

    If a jsonb column contains a \u0000 value stored with 9.4.0, it will henceforth read out as though it were \\u0000, which is the other valid interpretation of the data stored by 9.4.0 for this case.

    The json type did not have the storage-ambiguity problem, but it did have the problem of inconsistent de-escaped textual output. Therefore \u0000 will now also be rejected in json values when conversion to de-escaped form is required. This change does not break the ability to store \u0000 in json columns so long as no processing is done on the values. This is exactly parallel to the cases in which non-ASCII Unicode escapes are allowed when the database encoding is not UTF8.

  • Fix assorted oversights in range-operator selectivity estimation (Emre Hasegeli)

    This patch fixes corner-case "unexpected operator NNNN" planner errors, and improves the selectivity estimates for some other cases.

  • Revert unintended reduction in maximum size of a GIN index item (Heikki Linnakangas)

    9.4.0 could fail with "index row size exceeds maximum" errors for data that previous versions would accept.

  • Fix query-duration memory leak during repeated GIN index rescans (Heikki Linnakangas)

  • Fix possible crash when using nonzero gin_fuzzy_search_limit (Heikki Linnakangas)

  • Assorted fixes for logical decoding (Andres Freund)

  • Fix incorrect replay of WAL parameter change records that report changes in the wal_log_hints setting (Petr Jelinek)

  • Change "pgstat wait timeout" warning message to be LOG level, and rephrase it to be more understandable (Tom Lane)

    This message was originally thought to be essentially a can't-happen case, but it occurs often enough on our slower buildfarm members to be a nuisance. Reduce it to LOG level, and expend a bit more effort on the wording: it now reads "using stale statistics instead of current ones because stats collector is not responding".

  • Fix libpq's behavior when /etc/passwd isn't readable (Tom Lane)

    While doing PQsetdbLogin(), libpq attempts to ascertain the user's operating system name, which on most Unix platforms involves reading /etc/passwd. As of 9.4, failure to do that was treated as a hard error. Restore the previous behavior, which was to fail only if the application does not provide a database role name to connect as. This supports operation in chroot environments that lack an /etc/passwd file.

  • Allow CFLAGS from configure's environment to override automatically-supplied CFLAGS (Tom Lane)

    Previously, configure would add any switches that it chose of its own accord to the end of the user-specified CFLAGS string. Since most compilers process switches left-to-right, this meant that configure's choices would override the user-specified flags in case of conflicts. That should work the other way around, so adjust the logic to put the user's string at the end not the beginning.

  • Add CST (China Standard Time) to our lists of timezone abbreviations (Tom Lane)

  • Update time zone data files to tzdata release 2015a for DST law changes in Chile and Mexico, plus historical changes in Iceland.

• ⇑ Upgrade to 9.4.2 released on 2015-05-22 - docs

  • In contrib/pgcrypto, uniformly report decryption failures as "Wrong key or corrupt data" (Noah Misch)

    Previously, some cases of decryption with an incorrect key could report other error message texts. It has been shown that such variance in error reports can aid attackers in recovering keys from other systems. While it's unknown whether pgcrypto's specific behaviors are likewise exploitable, it seems better to avoid the risk by using a one-size-fits-all message. (CVE-2015-3167)

  • Protect against wraparound of multixact member IDs (Álvaro Herrera, Robert Haas, Thomas Munro)

    Under certain usage patterns, the existing defenses against this might be insufficient, allowing pg_multixact/members files to be removed too early, resulting in data loss. The fix for this includes modifying the server to fail transactions that would result in overwriting old multixact member ID data, and improving autovacuum to ensure it will act proactively to prevent multixact member ID wraparound, as it does for transaction ID wraparound.

  • Fix incorrect declaration of contrib/citext's regexp_matches() functions (Tom Lane)

    These functions should return setof text[], like the core functions they are wrappers for; but they were incorrectly declared as returning just text[]. This mistake had two results: first, if there was no match you got a scalar null result, whereas what you should get is an empty set (zero rows). Second, the g flag was effectively ignored, since you would get only one result array even if there were multiple matches.

    While the latter behavior is clearly a bug, there might be applications depending on the former behavior; therefore the function declarations will not be changed by default until PostgreSQL 9.5. In pre-9.5 branches, the old behavior exists in version 1.0 of the citext extension, while we have provided corrected declarations in version 1.1 (which is not installed by default). To adopt the fix in pre-9.5 branches, execute ALTER EXTENSION citext UPDATE TO '1.1' in each database in which citext is installed. (You can also "update" back to 1.0 if you need to undo that.) Be aware that either update direction will require dropping and recreating any views or rules that use citext's regexp_matches() functions.

  • Render infinite dates and timestamps as infinity when converting to json, rather than throwing an error (Andrew Dunstan)

  • Fix json/jsonb's populate_record() and to_record() functions to handle empty input properly (Andrew Dunstan)

  • Fix behavior when changing foreign key constraint deferrability status with ALTER TABLE ... ALTER CONSTRAINT (Tom Lane)

    Operations later in the same session or concurrent sessions might not honor the status change promptly.

  • Prevent improper reordering of antijoins (NOT EXISTS joins) versus other outer joins (Tom Lane)

    This oversight in the planner has been observed to cause "could not find RelOptInfo for given relids" errors, but it seems possible that sometimes an incorrect query plan might get past that consistency check and result in silently-wrong query output.

  • Fix GEQO planner to cope with failure of its join order heuristic (Tom Lane)

    This oversight has been seen to lead to "failed to join all relations together" errors in queries involving LATERAL, and that might happen in other cases as well.

  • Ensure that row locking occurs properly when the target of an UPDATE or DELETE is a security-barrier view (Stephen Frost)

  • Use a file opened for read/write when syncing replication slot data during database startup (Andres Freund)

    On some platforms, the previous coding could result in errors like "could not fsync file "pg_replslot/...": Bad file descriptor".

  • Fix autovacuum launcher's possible failure to shut down, if an error occurs after it receives SIGTERM (Álvaro Herrera)

  • Fix failure to handle invalidation messages for system catalogs early in session startup (Tom Lane)

    This oversight could result in failures in sessions that start concurrently with a VACUUM FULL on a system catalog.

  • Fix crash in BackendIdGetTransactionIds() when trying to get status for a backend process that just exited (Tom Lane)

  • Cope with unexpected signals in LockBufferForCleanup() (Andres Freund)

    This oversight could result in spurious errors about "multiple backends attempting to wait for pincount 1".

  • Avoid busy-waiting with short recovery_min_apply_delay values (Andres Freund)

  • Fix memory leaks in GIN index vacuum (Heikki Linnakangas)

  • Add the name of the target server to object description strings for foreign-server user mappings (Álvaro Herrera)

  • Include the schema name in object identity strings for conversions (Álvaro Herrera)

  • Fix status reporting for terminated background workers that were never actually started (Robert Haas)

  • After a database crash, don't restart background workers that are marked BGW_NEVER_RESTART (Amit Khandekar)

  • Fix psql to sanely handle URIs and conninfo strings as the first parameter to \connect (David Fetter, Andrew Dunstan, Álvaro Herrera)

    This syntax has been accepted (but undocumented) for a long time, but previously some parameters might be taken from the old connection instead of the given string, which was agreed to be undesirable.

  • Ensure that a view's replication identity is correctly set to nothing during dump/restore (Marko Tiikkaja)

    Previously, if the view was involved in a circular dependency, it might wind up with an incorrect replication identity property.

• ⇑ Upgrade to 9.4.3 released on 2015-06-04 - docs

  • Fix pushJsonbValue() to unpack jbvBinary objects (Andrew Dunstan)

    This change does not affect any behavior in the core code as of 9.4, but it avoids a corner case for possible third-party callers.

• ⇑ Upgrade to 9.4.4 released on 2015-06-12 - docs

  • Fix possible failure to recover from an inconsistent database state (Robert Haas)

    Recent PostgreSQL releases introduced mechanisms to protect against multixact wraparound, but some of that code did not account for the possibility that it would need to run during crash recovery, when the database may not be in a consistent state. This could result in failure to restart after a crash, or failure to start up a secondary server. The lingering effects of a previously-fixed bug in pg_upgrade could also cause such a failure, in installations that had used pg_upgrade versions between 9.3.0 and 9.3.4.

    The pg_upgrade bug in question was that it would set oldestMultiXid to 1 in pg_control even if the true value should be higher. With the fixes introduced in this release, such a situation will result in immediate emergency autovacuuming until a correct oldestMultiXid value can be determined. If that would pose a hardship, users can avoid it by doing manual vacuuming before upgrading to this release. In detail:

    1. Check whether pg_controldata reports "Latest checkpoint's oldestMultiXid" to be 1. If not, there's nothing to do.

    2. Look in PGDATA/pg_multixact/offsets to see if there's a file named 0000. If there is, there's nothing to do.

    3. Otherwise, for each table that has pg_class.relminmxid equal to 1, VACUUM that table with both vacuum_multixact_freeze_min_age and vacuum_multixact_freeze_table_age set to zero. (You can use the vacuum cost delay parameters described in Section 18.4.4 to reduce the performance consequences for concurrent sessions.)

  • Fix rare failure to invalidate relation cache init file (Tom Lane)

    With just the wrong timing of concurrent activity, a VACUUM FULL on a system catalog might fail to update the "init file" that's used to avoid cache-loading work for new sessions. This would result in later sessions being unable to access that catalog at all. This is a very ancient bug, but it's so hard to trigger that no reproducible case had been seen until recently.

• ⇑ Upgrade to 9.4.5 released on 2015-10-08 - docs

  • Fix possible deadlock during WAL insertion when commit_delay is set (Heikki Linnakangas)

  • Fix insertion of relations into the relation cache "init file" (Tom Lane)

    An oversight in a patch in the most recent minor releases caused pg_trigger_tgrelid_tgname_index to be omitted from the init file. Subsequent sessions detected this, then deemed the init file to be broken and silently ignored it, resulting in a significant degradation in session startup time. In addition to fixing the bug, install some guards so that any similar future mistake will be more obvious.

  • Fix handling of DOW and DOY in datetime input (Greg Stark)

    These tokens aren't meant to be used in datetime values, but previously they resulted in opaque internal error messages rather than "invalid input syntax".

  • Fix "unexpected out-of-memory situation during sort" errors when using tuplestores with small work_mem settings (Tom Lane)

  • Fix "invalid memory alloc request size" failure in hash joins with large work_mem settings (Tomas Vondra, Tom Lane)

  • Fix assorted planner bugs (Tom Lane)

    These mistakes could lead to incorrect query plans that would give wrong answers, or to assertion failures in assert-enabled builds, or to odd planner errors such as "could not devise a query plan for the given query", "could not find pathkey item to sort", "plan should not reference subplan's variable", or "failed to assign all NestLoopParams to plan nodes". Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz testing that exposed these problems.

  • Ensure that the postmaster does not exit until all its child processes are gone, even in an immediate shutdown (Tom Lane)

    Like the previous item, this avoids possible race conditions against a subsequently-started postmaster.

  • Prevent autovacuum launcher from sleeping unduly long if the server clock is moved backwards a large amount (Álvaro Herrera)

  • Fix off-by-one error that led to otherwise-harmless warnings about "apparent wraparound" in subtrans/multixact truncation (Thomas Munro)

  • Fix some places in PL/Tcl that neglected to check for failure of malloc() calls (Michael Paquier, Álvaro Herrera)

  • Improve contrib/pg_stat_statements' handling of query-text garbage collection (Peter Geoghegan)

    The external file containing query texts could bloat to very large sizes; once it got past 1GB attempts to trim it would fail, soon leading to situations where the file could not be read at all.

  • Fix pgbench's progress-report behavior when a query, or pgbench itself, gets stuck (Fabien Coelho)

  • Fix spinlock assembly code for Alpha hardware (Tom Lane)

  • Translate encoding UHC as Windows code page 949 (Noah Misch)

    This fixes presentation of non-ASCII log messages from processes that are not attached to any particular database, such as the postmaster.

  • On Windows, avoid failure when doing encoding conversion to UTF16 outside a transaction, such as for log messages (Noah Misch)

  • Fix postmaster startup failure due to not copying setlocale()'s return value (Noah Misch)

    This has been reported on Windows systems with the ANSI code page set to CP936 ("Chinese (Simplified, PRC)"), and may occur with other multibyte code pages.

• ⇑ Upgrade to 9.5 released on 2016-01-07 - docs

  • Adjust operator precedence to match the SQL standard (Tom Lane)

    The precedence of <=, >= and <> has been reduced to match that of <, > and =. The precedence of IS tests (e.g., x IS NULL) has been reduced to be just below these six comparison operators. Also, multi-keyword operators beginning with NOT now have the precedence of their base operator (for example, NOT BETWEEN now has the same precedence as BETWEEN) whereas before they had inconsistent precedence, behaving like NOT with respect to their left operand but like their base operator with respect to their right operand. The new configuration parameter operator_precedence_warning can be enabled to warn about queries in which these precedence changes result in different parsing choices.

  • Change pg_ctl's default shutdown mode from smart to fast (Bruce Momjian)

    This means the default behavior will be to forcibly cancel existing database sessions, not simply wait for them to exit.

  • Use assignment cast behavior for data type conversions in PL/pgSQL assignments, rather than converting to and from text (Tom Lane)

    This change causes conversions of Booleans to strings to produce true or false, not t or f. Other type conversions may succeed in more cases than before; for example, assigning a numeric value 3.9 to an integer variable will now assign 4 rather than failing. If no assignment-grade cast is defined for the particular source and destination types, PL/pgSQL will fall back to its old I/O conversion behavior.

  • Allow characters in server command-line options to be escaped with a backslash (Andres Freund)

    Formerly, spaces in the options string always separated options, so there was no way to include a space in an option value. Including a backslash in an option value now requires writing \\.

  • Change the default value of the GSSAPI include_realm parameter to 1, so that by default the realm is not removed from a GSS or SSPI principal name (Stephen Frost)

  • Replace configuration parameter checkpoint_segments with min_wal_size and max_wal_size (Heikki Linnakangas)

    If you previously adjusted checkpoint_segments, the following formula will give you an approximately equivalent setting:

    max_wal_size = (3 * checkpoint_segments) * 16MB

    Note that the default setting for max_wal_size is much higher than the default checkpoint_segments used to be, so adjusting it might no longer be necessary.

  • Control the Linux OOM killer via new environment variables PG_OOM_ADJUST_FILE and PG_OOM_ADJUST_VALUE, instead of compile-time options LINUX_OOM_SCORE_ADJ and LINUX_OOM_ADJ (Gurjeet Singh)

  • Decommission server configuration parameter ssl_renegotiation_limit, which was deprecated in earlier releases (Andres Freund)

    While SSL renegotiation is a good idea in theory, it has caused enough bugs to be considered a net negative in practice, and it is due to be removed from future versions of the relevant standards. We have therefore removed support for it from PostgreSQL. The ssl_renegotiation_limit parameter still exists, but cannot be set to anything but zero (disabled). It's not documented anymore, either.

  • Remove server configuration parameter autocommit, which was already deprecated and non-operational (Tom Lane)

  • Remove the pg_authid catalog's rolcatupdate field, as it had no usefulness (Adam Brightwell)

  • The pg_stat_replication system view's sent field is now NULL, not zero, when it has no valid value (Magnus Hagander)

  • Allow json and jsonb array extraction operators to accept negative subscripts, which count from the end of JSON arrays (Peter Geoghegan, Andrew Dunstan)

    Previously, these operators returned NULL for negative subscripts.

  • Add Block Range Indexes (BRIN) (Álvaro Herrera)

    BRIN indexes store only summary data (such as minimum and maximum values) for ranges of heap blocks. They are therefore very compact and cheap to update; but if the data is naturally clustered, they can still provide substantial speedup of searches.

  • Allow queries to perform accurate distance filtering of bounding-box-indexed objects (polygons, circles) using GiST indexes (Alexander Korotkov, Heikki Linnakangas)

    Previously, to exploit such an index a subquery had to be used to select a large number of rows ordered by bounding-box distance, and the result then had to be filtered further with a more accurate distance calculation.

  • Allow GiST indexes to perform index-only scans (Anastasia Lubennikova, Heikki Linnakangas, Andreas Karlsson)

  • Add configuration parameter gin_pending_list_limit to control the size of GIN pending lists (Fujii Masao)

    This value can also be set on a per-index basis as an index storage parameter. Previously the pending-list size was controlled by work_mem, which was awkward because appropriate values for work_mem are often much too large for this purpose.

  • Issue a warning during the creation of hash indexes because they are not crash-safe (Bruce Momjian)

  • Improve the speed of sorting of varchar, text, and numeric fields via "abbreviated" keys (Peter Geoghegan, Andrew Gierth, Robert Haas)

  • Extend the infrastructure that allows sorting to be performed by inlined, non-SQL-callable comparison functions to cover CREATE INDEX, REINDEX, and CLUSTER (Peter Geoghegan)

  • Improve performance of hash joins (Tomas Vondra, Robert Haas)

  • Improve concurrency of shared buffer replacement (Robert Haas, Amit Kapila, Andres Freund)

  • Reduce the number of page locks and pins during index scans (Kevin Grittner)

    The primary benefit of this is to allow index vacuums to be blocked less often.

  • Make per-backend tracking of buffer pins more memory-efficient (Andres Freund)

  • Improve lock scalability (Andres Freund)

    This particularly addresses scalability problems when running on systems with multiple CPU sockets.

  • Allow the optimizer to remove unnecessary references to left-joined subqueries (David Rowley)

  • Allow pushdown of query restrictions into subqueries with window functions, where appropriate (David Rowley)

  • Allow a non-leakproof function to be pushed down into a security barrier view if the function does not receive any view output columns (Dean Rasheed)

  • Teach the planner to use statistics obtained from an expression index on a boolean-returning function, when a matching function call appears in WHERE (Tom Lane)

  • Make ANALYZE compute basic statistics (null fraction and average column width) even for columns whose data type lacks an equality function (Oleksandr Shulgin)

  • Speed up CRC (cyclic redundancy check) computations and switch to CRC-32C (Abhijit Menon-Sen, Heikki Linnakangas)

  • Improve bitmap index scan performance (Teodor Sigaev, Tom Lane)

  • Speed up CREATE INDEX by avoiding unnecessary memory copies (Robert Haas)

  • Increase the number of buffer mapping partitions (Amit Kapila, Andres Freund, Robert Haas)

    This improves performance for highly concurrent workloads.

  • Add per-table autovacuum logging control via new log_autovacuum_min_duration storage parameter (Michael Paquier)

  • Add new configuration parameter cluster_name (Thomas Munro)

    This string, typically set in postgresql.conf, allows clients to identify the cluster. This name also appears in the process title of all server processes, allowing for easier identification of processes belonging to the same cluster.

  • Prevent non-superusers from changing log_disconnections on connection startup (Fujii Masao)

  • Check "Subject Alternative Names" in SSL server certificates, if present (Alexey Klyukin)

    When they are present, this replaces checks against the certificate's "Common Name".

  • Add system view pg_stat_ssl to report SSL connection information (Magnus Hagander)

  • Add libpq functions to return SSL information in an implementation-independent way (Heikki Linnakangas)

    While PQgetssl() can still be used to call OpenSSL functions, it is now considered deprecated because future versions of libpq might support other SSL implementations. When possible, use the new functions PQsslAttribute(), PQsslAttributeNames(), and PQsslInUse() to obtain SSL information in an SSL-implementation-independent way.

  • Make libpq honor any OpenSSL thread callbacks (Jan Urbanski)

    Previously they were overwritten.

  • Replace configuration parameter checkpoint_segments with min_wal_size and max_wal_size (Heikki Linnakangas)

    This change allows the allocation of a large number of WAL files without keeping them after they are no longer needed. Therefore the default for max_wal_size has been set to 1GB, much larger than the old default for checkpoint_segments. Also note that standby servers perform restartpoints to try to limit their WAL space consumption to max_wal_size; previously they did not pay any attention to checkpoint_segments.

  • Control the Linux OOM killer via new environment variables PG_OOM_ADJUST_FILE and PG_OOM_ADJUST_VALUE (Gurjeet Singh)

    The previous OOM control infrastructure involved compile-time options LINUX_OOM_SCORE_ADJ and LINUX_OOM_ADJ, which are no longer supported. The new behavior is available in all builds.

  • Allow recording of transaction commit time stamps when configuration parameter track_commit_timestamp is enabled (Álvaro Herrera, Petr Jelínek)

    Time stamp information can be accessed using functions pg_xact_commit_timestamp() and pg_last_committed_xact().

  • Allow local_preload_libraries to be set by ALTER ROLE SET (Peter Eisentraut, Kyotaro Horiguchi)

  • Allow autovacuum workers to respond to configuration parameter changes during a run (Michael Paquier)

  • Make configuration parameter debug_assertions read-only (Andres Freund)

    This means that assertions can no longer be turned off if they were enabled at compile time, allowing for more efficient code optimization. This change also removes the postgres -A option.

  • Allow setting effective_io_concurrency on systems where it has no effect (Peter Eisentraut)

  • Add system view pg_file_settings to show the contents of the server's configuration files (Sawada Masahiko)

  • Add pending_restart to the system view pg_settings to indicate a change has been made but will not take effect until a database restart (Peter Eisentraut)

  • Allow ALTER SYSTEM values to be reset with ALTER SYSTEM RESET (Vik Fearing)

    This command removes the specified setting from postgresql.auto.conf.

  • Create mechanisms for tracking the progress of replication, including methods for identifying the origin of individual changes during logical replication (Andres Freund)

    This is helpful when implementing replication solutions.

  • Rework truncation of the multixact commit log to be properly WAL-logged (Andres Freund)

    This makes things substantially simpler and more robust.

  • Add recovery.conf parameter recovery_target_action to control post-recovery activity (Petr Jelínek)

    This replaces the old parameter pause_at_recovery_target.

  • Add new archive_mode value always to allow standbys to always archive received WAL files (Fujii Masao)

  • Add configuration parameter wal_retrieve_retry_interval to control WAL read retry after failure (Alexey Vasiliev, Michael Paquier)

    This is particularly helpful for warm standbys.

  • Allow compression of full-page images stored in WAL (Rahila Syed, Michael Paquier)

    This feature reduces WAL volume, at the cost of more CPU time spent on WAL logging and WAL replay. It is controlled by a new configuration parameter wal_compression, which currently is off by default.

  • Archive WAL files with suffix .partial during standby promotion (Heikki Linnakangas)

  • Add configuration parameter log_replication_commands to log replication commands (Fujii Masao)

    By default, replication commands, e.g. IDENTIFY_SYSTEM, are not logged, even when log_statement is set to all.

  • Report the processes holding replication slots in pg_replication_slots (Craig Ringer)

    The new output column is active_pid.

  • Allow recovery.conf's primary_conninfo setting to use connection URIs, e.g. postgres:// (Alexander Shulgin)

  • Allow INSERTs that would generate constraint conflicts to be turned into UPDATEs or ignored (Peter Geoghegan, Heikki Linnakangas, Andres Freund)

    The syntax is INSERT ... ON CONFLICT DO NOTHING/UPDATE. This is the Postgres implementation of the popular UPSERT command.

  • Add GROUP BY analysis features GROUPING SETS, CUBE and ROLLUP (Andrew Gierth, Atri Sharma)

  • Allow setting multiple target columns in an UPDATE from the result of a single sub-SELECT (Tom Lane)

    This is accomplished using the syntax UPDATE tab SET (col1, col2, ...) = (SELECT ...).

  • Add SELECT option SKIP LOCKED to skip locked rows (Thomas Munro)

    This does not throw an error for locked rows like NOWAIT does.

  • Add SELECT option TABLESAMPLE to return a subset of a table (Petr Jelínek)

    This feature supports the SQL-standard table sampling methods. In addition, there are provisions for user-defined table sampling methods.

  • Suggest possible matches for mistyped column names (Peter Geoghegan, Robert Haas)

  • Add more details about sort ordering in EXPLAIN output (Marius Timmer, Lukas Kreft, Arne Scheffer)

    Details include COLLATE, DESC, USING, and NULLS FIRST/LAST.

  • Make VACUUM log the number of pages skipped due to pins (Jim Nasby)

  • Make TRUNCATE properly update the pg_stat* tuple counters (Alexander Shulgin)

  • Allow REINDEX to reindex an entire schema using the SCHEMA option (Sawada Masahiko)

  • Add VERBOSE option to REINDEX (Sawada Masahiko)

  • Prevent REINDEX DATABASE and SCHEMA from outputting object names, unless VERBOSE is used (Simon Riggs)

  • Remove obsolete FORCE option from REINDEX (Fujii Masao)

  • Add row-level security control (Craig Ringer, KaiGai Kohei, Adam Brightwell, Dean Rasheed, Stephen Frost)

    This feature allows row-by-row control over which users can add, modify, or even see rows in a table. This is controlled by new commands CREATE/ALTER/DROP POLICY and ALTER TABLE ... ENABLE/DISABLE ROW SECURITY.

  • Allow changing of the WAL logging status of a table after creation with ALTER TABLE ... SET LOGGED / UNLOGGED (Fabrízio de Royes Mello)

  • Add IF NOT EXISTS clause to CREATE TABLE AS, CREATE INDEX, CREATE SEQUENCE, and CREATE MATERIALIZED VIEW (Fabrízio de Royes Mello)

  • Add support for IF EXISTS to ALTER TABLE ... RENAME CONSTRAINT (Bruce Momjian)

  • Allow some DDL commands to accept CURRENT_USER or SESSION_USER, meaning the current user or session user, in place of a specific user name (Kyotaro Horiguchi, Álvaro Herrera)

    This feature is now supported in ALTER USER, ALTER GROUP, ALTER ROLE, GRANT, and ALTER object OWNER TO commands.

  • Support comments on domain constraints (Álvaro Herrera)

  • Reduce lock levels of some create and alter trigger and foreign key commands (Simon Riggs, Andreas Karlsson)

  • Allow LOCK TABLE ... ROW EXCLUSIVE MODE for those with INSERT privileges on the target table (Stephen Frost)

    Previously this command required UPDATE, DELETE, or TRUNCATE privileges.

  • Apply table and domain CHECK constraints in order by name (Tom Lane)

    The previous ordering was indeterminate.

  • Allow CREATE/ALTER DATABASE to manipulate datistemplate and datallowconn (Vik Fearing)

    This allows these per-database settings to be changed without manually modifying the pg_database system catalog.

  • Add support for IMPORT FOREIGN SCHEMA (Ronan Dunklau, Michael Paquier, Tom Lane)

    This command allows automatic creation of local foreign tables that match the structure of existing tables on a remote server.

  • Allow CHECK constraints to be placed on foreign tables (Shigeru Hanada, Etsuro Fujita)

    Such constraints are assumed to be enforced on the remote server, and are not enforced locally. However, they are assumed to hold for purposes of query optimization, such as constraint exclusion.

  • Allow foreign tables to participate in inheritance (Shigeru Hanada, Etsuro Fujita)

    To let this work naturally, foreign tables are now allowed to have check constraints marked as not valid, and to set storage and OID characteristics, even though these operations are effectively no-ops for a foreign table.

  • Allow foreign data wrappers and custom scans to implement join pushdown (KaiGai Kohei)

  • Whenever a ddl_command_end event trigger is installed, capture details of DDL activity for it to inspect (Álvaro Herrera)

    This information is available through a set-returning function pg_event_trigger_ddl_commands(), or by inspection of C data structures if that function doesn't provide enough detail.

  • Allow event triggers on table rewrites caused by ALTER TABLE (Dimitri Fontaine)

  • Add event trigger support for database-level COMMENT, SECURITY LABEL, and GRANT/REVOKE (Álvaro Herrera)

  • Add columns to the output of pg_event_trigger_dropped_objects (Álvaro Herrera)

    This allows simpler processing of delete operations.

  • Allow the xml data type to accept empty or all-whitespace content values (Peter Eisentraut)

    This is required by the SQL/XML specification.

  • Allow macaddr input using the format xxxx-xxxx-xxxx (Herwin Weststrate)

  • Disallow non-SQL-standard syntax for interval with both precision and field specifications (Bruce Momjian)

    Per the standard, such type specifications should be written as, for example, INTERVAL MINUTE TO SECOND(2). PostgreSQL formerly allowed this to be written as INTERVAL(2) MINUTE TO SECOND, but it must now be written in the standard way.

  • Add selectivity estimators for inet/cidr operators and improve estimators for text search functions (Emre Hasegeli, Tom Lane)

  • Add data types regrole and regnamespace to simplify entering and pretty-printing the OID of a role or namespace (Kyotaro Horiguchi)

  • Add jsonb functions jsonb_set() and jsonb_pretty() (Dmitry Dolgov, Andrew Dunstan, Petr Jelínek)

  • Add jsonb generator functions to_jsonb(), jsonb_object(), jsonb_build_object(), jsonb_build_array(), jsonb_agg(), and jsonb_object_agg() (Andrew Dunstan)

    Equivalent functions already existed for type json.

  • Reduce casting requirements to/from json and jsonb (Tom Lane)

  • Allow text, text array, and integer values to be subtracted from jsonb documents (Dmitry Dolgov, Andrew Dunstan)

  • Add jsonb || operator (Dmitry Dolgov, Andrew Dunstan)

  • Add json_strip_nulls() and jsonb_strip_nulls() functions to remove JSON null values from documents (Andrew Dunstan)

  • Add generate_series() for numeric values (Plato Malugin)

  • Allow array_agg() and ARRAY() to take arrays as inputs (Ali Akbar, Tom Lane)

  • Add functions array_position() and array_positions() to return subscripts of array values (Pavel Stehule)

  • Add a point-to-polygon distance operator <-> (Alexander Korotkov)

  • Allow multibyte characters as escapes in SIMILAR TO and SUBSTRING (Jeff Davis)

    Previously, only a single-byte character was allowed as an escape.

  • Add a width_bucket() variant that supports any sortable data type and non-uniform bucket widths (Petr Jelínek)

  • Add an optional missing_ok argument to pg_read_file() and related functions (Michael Paquier, Heikki Linnakangas)

  • Allow => to specify named parameters in function calls (Pavel Stehule)

    Previously only := could be used. This requires removing the possibility for => to be a user-defined operator. Creation of user-defined => operators has been issuing warnings since PostgreSQL 9.0.

  • Add POSIX-compliant rounding for platforms that use PostgreSQL-supplied rounding functions (Pedro Gimeno Fortea)

  • Add function pg_get_object_address() to return OIDs that uniquely identify an object, and function pg_identify_object_as_address() to return object information based on OIDs (Álvaro Herrera)

  • Loosen security checks for viewing queries in pg_stat_activity, executing pg_cancel_backend(), and executing pg_terminate_backend() (Stephen Frost)

    Previously, only the specific role owning the target session could perform these operations; now membership in that role is sufficient.

  • Add pg_stat_get_snapshot_timestamp() to output the time stamp of the statistics snapshot (Matt Kelly)

    This represents the last time the snapshot file was written to the file system.

  • Add mxid_age() to compute multi-xid age (Bruce Momjian)

  • Add min()/max() aggregates for inet/cidr data types (Haribabu Kommi)

  • Use 128-bit integers, where supported, as accumulators for some aggregate functions (Andreas Karlsson)

  • Improve support for composite types in PL/Python (Ed Behn, Ronan Dunklau)

    This allows PL/Python functions to return arrays of composite types.

  • Reduce lossiness of PL/Python floating-point value conversions (Marko Kreen)

  • Allow specification of conversion routines between SQL data types and data types of procedural languages (Peter Eisentraut)

    This change adds new commands CREATE/DROP TRANSFORM. This also adds optional transformations between the hstore and ltree types to/from PL/Perl and PL/Python.

  • Improve PL/pgSQL array performance (Tom Lane)

  • Add an ASSERT statement in PL/pgSQL (Pavel Stehule)

  • Allow more PL/pgSQL keywords to be used as identifiers (Tom Lane)

  • Move pg_archivecleanup, pg_test_fsync, pg_test_timing, and pg_xlogdump from contrib to src/bin (Peter Eisentraut)

    This should result in these programs being installed by default in most installations.

  • Add pg_rewind, which allows re-synchronizing a master server after failback (Heikki Linnakangas)

  • Allow pg_receivexlog to manage physical replication slots (Michael Paquier)

    This is controlled via new --create-slot and --drop-slot options.

  • Allow pg_receivexlog to synchronously flush WAL to storage using new --synchronous option (Furuya Osamu, Fujii Masao)

    Without this, WAL files are fsync'ed only on close.

  • Allow vacuumdb to vacuum in parallel using new --jobs option (Dilip Kumar)

  • In vacuumdb, do not prompt for the same password repeatedly when multiple connections are necessary (Haribabu Kommi, Michael Paquier)

  • Add --verbose option to reindexdb (Sawada Masahiko)

  • Make pg_basebackup use a tablespace mapping file when using tar format, to support symbolic links and file paths of 100+ characters in length on MS Windows (Amit Kapila)

  • Add pg_xlogdump option --stats to display summary statistics (Abhijit Menon-Sen)

  • Allow psql to produce AsciiDoc output (Szymon Guz)

  • Add an errors mode that displays only failed commands to psql's ECHO variable (Pavel Stehule)

    This behavior can also be selected with psql's -b option.

  • Provide separate column, header, and border linestyle control in psql's unicode linestyle (Pavel Stehule)

    Single or double lines are supported; the default is single.

  • Add new option %l in psql's PROMPT variables to display the current multiline statement line number (Sawada Masahiko)

  • Add \pset option pager_min_lines to control pager invocation (Andrew Dunstan)

  • Improve psql line counting used when deciding to invoke the pager (Andrew Dunstan)

  • psql now fails if the file specified by an --output or --log-file switch cannot be written (Tom Lane, Daniel Vérité)

    Previously, it effectively ignored the switch in such cases.

  • Add psql tab completion when setting the search_path variable (Jeff Janes)

    Currently only the first schema can be tab-completed.

  • Improve psql's tab completion for triggers and rules (Andreas Karlsson)

  • Add psql \? help sections variables and options (Pavel Stehule)

    \? variables shows psql's special variables and \? options shows the command-line options. \? commands shows the meta-commands, which is the traditional output and remains the default. These help displays can also be obtained with the command-line option --help=section.

  • Show tablespace size in psql's \db+ (Fabrízio de Royes Mello)

  • Show data type owners in psql's \dT+ (Magnus Hagander)

  • Allow psql's \watch to output \timing information (Fujii Masao)

    Also prevent --echo-hidden from echoing \watch queries, since that is generally unwanted.

  • Make psql's \sf and \ef commands honor ECHO_HIDDEN (Andrew Dunstan)

  • Improve psql tab completion for \set, \unset, and :variable names (Pavel Stehule)

  • Allow tab completion of role names in psql \c commands (Ian Barwick)

  • Allow pg_dump to share a snapshot taken by another session using --snapshot (Simon Riggs, Michael Paquier)

    The remote snapshot must have been exported by pg_export_snapshot() or logical replication slot creation. This can be used to share a consistent snapshot across multiple pg_dump processes.

  • Support table sizes exceeding 8GB in tar archive format (Tom Lane)

    The POSIX standard for tar format does not allow elements of a tar archive to exceed 8GB, but most modern implementations of tar support an extension that does allow it. Use the extension format when necessary, rather than failing.

  • Make pg_dump always print the server and pg_dump versions (Jing Wang)

    Previously, version information was only printed in --verbose mode.

  • Remove the long-ignored -i/--ignore-version option from pg_dump, pg_dumpall, and pg_restore (Fujii Masao)

  • Support multiple pg_ctl -o options, concatenating their values (Bruce Momjian)

  • Allow control of pg_ctl's event source logging on MS Windows (MauMau)

    This only controls pg_ctl, not the server, which has separate settings in postgresql.conf.

  • If the server's listen address is set to a wildcard value (0.0.0.0 in IPv4 or :: in IPv6), connect via the loopback address rather than trying to use the wildcard address literally (Kondo Yuta)

    This fix primarily affects Windows, since on other platforms pg_ctl will prefer to use a Unix-domain socket.

  • Move pg_upgrade from contrib to src/bin (Peter Eisentraut)

    In connection with this change, the functionality previously provided by the pg_upgrade_support module has been moved into the core server.

  • Support multiple pg_upgrade -o/-O options, concatenating their values (Bruce Momjian)

  • Improve database collation comparisons in pg_upgrade (Heikki Linnakangas)

  • Remove support for upgrading from 8.3 clusters (Bruce Momjian)

  • Move pgbench from contrib to src/bin (Peter Eisentraut)

  • Fix calculation of TPS number "excluding connections establishing" (Tatsuo Ishii, Fabien Coelho)

    The overhead for connection establishment was miscalculated whenever the number of pgbench threads was less than the number of client connections. Although this is clearly a bug, we won't back-patch it into pre-9.5 branches since it makes TPS numbers not comparable to previous results.

  • Allow counting of pgbench transactions that take over a specified amount of time (Fabien Coelho)

    This is controlled by a new --latency-limit option.

  • Allow pgbench to generate Gaussian/exponential distributions using \setrandom (Kondo Mitsumasa, Fabien Coelho)

  • Allow pgbench's \set command to handle arithmetic expressions containing more than one operator, and add % (modulo) to the set of operators it supports (Robert Haas, Fabien Coelho)

  • Simplify WAL record format (Heikki Linnakangas)

    This allows external tools to more easily track what blocks are modified.

  • Improve the representation of transaction commit and abort WAL records (Andres Freund)

  • Add atomic memory operations API (Andres Freund)

  • Allow custom path and scan methods (KaiGai Kohei, Tom Lane)

    This allows extensions greater control over the optimizer and executor.

  • Allow foreign data wrappers to do post-filter locking (Etsuro Fujita)

  • Foreign tables can now take part in INSERT ... ON CONFLICT DO NOTHING queries (Peter Geoghegan, Heikki Linnakangas, Andres Freund)

    Foreign data wrappers must be modified to handle this. INSERT ... ON CONFLICT DO UPDATE is not supported on foreign tables.

  • Improve hash_create()'s API for selecting simple-binary-key hash functions (Teodor Sigaev, Tom Lane)

  • Improve parallel execution infrastructure (Robert Haas, Amit Kapila, Noah Misch, Rushabh Lathia, Jeevan Chalke)

  • Remove Alpha (CPU) and Tru64 (OS) ports (Andres Freund)

  • Remove swap-byte-based spinlock implementation for ARMv5 and earlier CPUs (Robert Haas)

    ARMv5's weak memory ordering made this locking implementation unsafe. Spinlock support is still possible on newer gcc implementations with atomics support.

  • Generate an error when excessively long (100+ character) file paths are written to tar files (Peter Eisentraut)

    Tar does not support such overly-long paths.

  • Change index operator class for columns pg_seclabel.provider and pg_shseclabel.provider to be text_pattern_ops (Tom Lane)

    This avoids possible problems with these indexes when different databases of a cluster have different default collations.

  • Change the spinlock primitives to function as compiler barriers (Robert Haas)

  • Allow higher-precision time stamp resolution on Windows 8, Windows Server 2012, and later Windows systems (Craig Ringer)

  • Install shared libraries to bin in MS Windows (Peter Eisentraut, Michael Paquier)

  • Install src/test/modules together with contrib on MSVC builds (Michael Paquier)

  • Allow configure's --with-extra-version option to be honored by the MSVC build (Michael Paquier)

  • Pass PGFILEDESC into MSVC contrib builds (Michael Paquier)

  • Add icons to all MSVC-built binaries and version information to all MS Windows binaries (Noah Misch)

    MinGW already had such icons.

  • Add optional-argument support to the internal getopt_long() implementation (Michael Paquier, Andres Freund)

    This is used by the MSVC build.

  • Add statistics for minimum, maximum, mean, and standard deviation times to pg_stat_statements (Mitsumasa Kondo, Andrew Dunstan)

  • Add pgcrypto function pgp_armor_headers() to extract PGP armor headers (Marko Tiikkaja, Heikki Linnakangas)

  • Allow empty replacement strings in unaccent (Mohammad Alhashash)

    This is useful in languages where diacritic signs are represented as separate characters.

  • Allow multicharacter source strings in unaccent (Tom Lane)

    This could be useful in languages where diacritic signs are represented as separate characters. It also allows more complex unaccent dictionaries.

  • Add contrib modules tsm_system_rows and tsm_system_time to allow additional table sampling methods (Petr Jelínek)

  • Add GIN index inspection functions to pageinspect (Heikki Linnakangas, Peter Geoghegan, Michael Paquier)

  • Add information about buffer pins to pg_buffercache display (Andres Freund)

  • Allow pgstattuple to report approximate answers with less overhead using pgstattuple_approx() (Abhijit Menon-Sen)

  • Move dummy_seclabel, test_shm_mq, test_parser, and worker_spi from contrib to src/test/modules (Álvaro Herrera)

    These modules are only meant for server testing, so they do not need to be built or installed when packaging PostgreSQL.

• ⇑ Upgrade to 9.5.1 released on 2016-02-11 - docs

  • Fix an oversight that caused hash joins to miss joining to some tuples of the inner relation in rare cases (Tomas Vondra, Tom Lane)

  • Avoid pushdown of HAVING clauses when grouping sets are used (Andrew Gierth)

  • Fix deparsing of ON CONFLICT arbiter WHERE clauses (Peter Geoghegan)

  • Make %h and %r escapes in log_line_prefix work for messages emitted due to log_connections (Tom Lane)

    Previously, %h/%r started to work just after a new session had emitted the "connection received" log message; now they work for that message too.

  • Fix improper quoting of domain constraint names in pg_dump (Elvis Pranskevichus)

  • Suppress useless warning message when pg_receivexlog connects to a pre-9.4 server (Marco Nenciarini)

  • In contrib/postgres_fdw, fix bugs triggered by use of tableoid in data-modifying commands (Etsuro Fujita, Robert Haas)

  • Fix ill-advised restriction of NAMEDATALEN to be less than 256 (Robert Haas, Tom Lane)

• ⇑ Upgrade to 9.5.2 released on 2016-03-31 - docs

  • Disable abbreviated keys for string sorting in non-C locales (Robert Haas)

    PostgreSQL 9.5 introduced logic for speeding up comparisons of string data types by using the standard C library function strxfrm() as a substitute for strcoll(). It now emerges that most versions of glibc (Linux's implementation of the C library) have buggy implementations of strxfrm() that, in some locales, can produce string comparison results that do not match strcoll(). Until this problem can be better characterized, disable the optimization in all non-C locales. (C locale is safe since it uses neither strcoll() nor strxfrm().)

    Unfortunately, this problem affects not only sorting but also entry ordering in B-tree indexes, which means that B-tree indexes on text, varchar, or char columns may now be corrupt if they sort according to an affected locale and were built or modified under PostgreSQL 9.5.0 or 9.5.1. Users should REINDEX indexes that might be affected.

    It is not possible at this time to give an exhaustive list of known-affected locales. C locale is known safe, and there is no evidence of trouble in English-based locales such as en_US, but some other popular locales such as de_DE are affected in most glibc versions.

  • Maintain row-security status properly in cached plans (Stephen Frost)

    In a session that performs queries as more than one role, the plan cache might incorrectly re-use a plan that was generated for another role ID, thus possibly applying the wrong set of policies when row-level security (RLS) is in use. (CVE-2016-2193)

  • Add must-be-superuser checks to some new contrib/pageinspect functions (Andreas Seltenreich)

    Most functions in the pageinspect extension that inspect bytea values disallow calls by non-superusers, but brin_page_type() and brin_metapage_info() failed to do so. Passing contrived bytea values to them might crash the server or disclose a few bytes of server memory. Add the missing permissions checks to prevent misuse. (CVE-2016-3065)

  • Fix incorrect handling of indexed ROW() comparisons (Simon Riggs)

    Flaws in a minor optimization introduced in 9.5 caused incorrect results if the ROW() comparison matches the index ordering partially but not exactly (for example, differing column order, or the index contains both ASC and DESC columns). Pending a better solution, the optimization has been removed.

  • Fix incorrect behavior when rechecking a just-modified row in a query that does SELECT FOR UPDATE/SHARE and contains some relations that need not be locked (Tom Lane)

    Rows from non-locked relations were incorrectly treated as containing all NULLs during the recheck, which could result in incorrectly deciding that the updated row no longer passes the WHERE condition, or in incorrectly outputting NULLs.

  • Fix bug in json_to_record() when a field of its input object contains a sub-object with a field name matching one of the requested output column names (Tom Lane)

  • Fix nonsense result from two-argument form of jsonb_object() when called with empty arrays (Michael Paquier, Andrew Dunstan)

  • Fix misbehavior in jsonb_set() when converting a path array element into an integer for use as an array subscript (Michael Paquier)

  • Fix misformatting of negative time zone offsets by to_char()'s OF format code (Thomas Munro, Tom Lane)

  • Fix possible incorrect logging of waits done by INSERT ... ON CONFLICT (Peter Geoghegan)

    Log messages would sometimes claim that the wait was due to an exclusion constraint although no such constraint was responsible.

  • Ignore recovery_min_apply_delay parameter until recovery has reached a consistent state (Michael Paquier)

    Previously, standby servers would delay application of WAL records in response to recovery_min_apply_delay even while replaying the initial portion of WAL needed to make their database state valid. Since the standby is useless until it's reached a consistent database state, this was deemed unhelpful.

  • Fix assorted bugs in logical decoding (Andres Freund)

    Trouble cases included tuples larger than one page when replica identity is FULL, UPDATEs that change a primary key within a transaction large enough to be spooled to disk, incorrect reports of "subxact logged without previous toplevel record", and incorrect reporting of a transaction's commit time.

  • Fix planner error with nested security barrier views when the outer view has a WHERE clause containing a correlated subquery (Dean Rasheed)

  • Fix memory leak in GIN index searches (Tom Lane)

  • Fix atomic-operations code used on PPC with IBM's xlc compiler (Noah Misch)

    This error led to rare failures of concurrent operations on that platform.

• ⇑ Upgrade to 9.5.3 released on 2016-05-12 - docs

  • Fix "failed to build any N-way joins" planner error with a full join enclosed in the right-hand side of a left join (Tom Lane)

  • Fix corner-case parser failures occurring when operator_precedence_warning is turned on (Tom Lane)

    An example is that SELECT (ARRAY[])::text[] gave an error, though it worked without the parentheses.

  • Fix query-lifespan memory leak in GIN index scans (Julien Rouhaud)

  • Fix query-lifespan memory leak and potential index corruption hazard in GIN index insertion (Tom Lane)

    The memory leak would typically not amount to much in simple queries, but it could be very substantial during a large GIN index build with high maintenance_work_mem.

  • Disallow newlines in ALTER SYSTEM parameter values (Tom Lane)

    The configuration-file parser doesn't support embedded newlines in string literals, so we mustn't allow them in values to be inserted by ALTER SYSTEM.

  • Fix ALTER TABLE ... REPLICA IDENTITY USING INDEX to work properly if an index on OID is selected (David Rowley)

  • Avoid possible misbehavior after failing to remove a tablespace symlink (Tom Lane)

  • Fix crash in logical decoding on alignment-picky platforms (Tom Lane, Andres Freund)

    The failure occurred only with a transaction large enough to spill to disk and a primary-key change within that transaction.

  • Avoid repeated requests for feedback from receiver while shutting down walsender (Nick Cleaton)

  • Fix atomic operations for PPC when using IBM's XLC compiler (Noah Misch)

  • Support building with Visual Studio 2015 (Michael Paquier, Petr Jelínek)

    Note that builds made with VS2015 will not run on Windows versions before Windows Vista.

• ⇑ Upgrade to 9.5.4 released on 2016-08-11 - docs

  • Fix "unrecognized node type" error for INSERT ... ON CONFLICT within a recursive CTE (a WITH item) (Peter Geoghegan)

  • Fix INSERT ... ON CONFLICT to successfully match index expressions or index predicates that are simplified during the planner's expression preprocessing phase (Tom Lane)

  • Correctly handle violations of exclusion constraints that apply to the target table of an INSERT ... ON CONFLICT command, but are not one of the selected arbiter indexes (Tom Lane)

    Such a case should raise a normal constraint-violation error, but it got into an infinite loop instead.

  • Fix INSERT ... ON CONFLICT to not fail if the target table has a unique index on OID (Tom Lane)

  • Avoid unnecessary "could not serialize access" errors when acquiring FOR KEY SHARE row locks in serializable mode (Álvaro Herrera)

  • Make sure "expanded" datums returned by a plan node are read-only (Tom Lane)

    This avoids failures in some cases where the result of a lower plan node is referenced in multiple places in upper nodes. So far as core PostgreSQL is concerned, only array values returned by PL/pgSQL functions are at risk; but extensions might use expanded datums for other things.

  • Prevent unintended waits for the receiver in WAL sender processes (Kyotaro Horiguchi)

  • Fix possible loss of large subtransactions in logical decoding (Petru-Florin Mihancea)

  • Fix failure of logical decoding when a subtransaction contains no actual changes (Marko Tiikkaja, Andrew Gierth)

  • Prevent possible failure when vacuuming multixact IDs in an installation that has been pg_upgrade'd from pre-9.3 (Andrew Gierth, Álvaro Herrera)

    The usual symptom of this bug is errors like "MultiXactId NNN has not been created yet -- apparent wraparound".

  • Prevent autovacuum from starting multiple workers for the same shared catalog (Álvaro Herrera)

    Normally this isn't much of a problem because the vacuum doesn't take long anyway; but in the case of a severely bloated catalog, it could result in all but one worker uselessly waiting instead of doing useful work on other tables.

  • Fix bug in b-tree mark/restore processing (Kevin Grittner)

    This error could lead to incorrect join results or assertion failures in a merge join whose inner source node is a b-tree indexscan.

  • Avoid duplicate buffer lock release when abandoning a b-tree index page deletion attempt (Tom Lane)

    This mistake prevented VACUUM from completing in some cases involving corrupt b-tree indexes.

  • Fix building of large (bigger than shared_buffers) hash indexes (Tom Lane)

    The code path used for large indexes contained a bug causing incorrect hash values to be inserted into the index, so that subsequent index searches always failed, except for tuples inserted into the index after the initial build.

  • Fix possible crash during a nearest-neighbor (ORDER BY distance) indexscan on a contrib/btree_gist index on an interval column (Peter Geoghegan)

  • Fix "PANIC: failed to add BRIN tuple" error when attempting to update a BRIN index entry (Álvaro Herrera)

  • Fix possible crash during background worker shutdown (Dmitry Ivanov)

  • Fix PL/pgSQL's handling of the INTO clause within IMPORT FOREIGN SCHEMA commands (Tom Lane)

  • Make parallel pg_dump fail cleanly when run against a standby server (Magnus Hagander)

    This usage is not supported unless --no-synchronized-snapshots is specified, but the error was not handled very well.

  • Be more predictable about reporting "statement timeout" versus "lock timeout" (Tom Lane)

    On heavily loaded machines, the regression tests sometimes failed due to reporting "lock timeout" even though the statement timeout should have occurred first.

• ⇑ Upgrade to 9.6 released on 2016-09-29 - docs

  • Improve the pg_stat_activity view's information about what a process is waiting for (Amit Kapila, Ildus Kurbangaliev)

    Historically a process has only been shown as waiting if it was waiting for a heavyweight lock. Now waits for lightweight locks and buffer pins are also shown in pg_stat_activity. Also, the type of lock being waited for is now visible. These changes replace the waiting column with wait_event_type and wait_event.

  • In to_char(), do not count a minus sign (when needed) as part of the field width for time-related fields (Bruce Momjian)

    For example, to_char('-4 years'::interval, 'YY') now returns -04, rather than -4.

  • Make extract() behave more reasonably with infinite inputs (Vitaly Burovoy)

    Historically the extract() function just returned zero given an infinite timestamp, regardless of the given field name. Make it return infinity or -infinity as appropriate when the requested field is one that is monotonically increasing (e.g, year, epoch), or NULL when it is not (e.g., day, hour). Also, throw the expected error for bad field names.

  • Remove PL/pgSQL's "feature" that suppressed the innermost line of CONTEXT for messages emitted by RAISE commands (Pavel Stehule)

    This ancient backwards-compatibility hack was agreed to have outlived its usefulness.

  • Fix the default text search parser to allow leading digits in email and host tokens (Artur Zakirov)

    In most cases this will result in few changes in the parsing of text. But if you have data where such addresses occur frequently, it may be worth rebuilding dependent tsvector columns and indexes so that addresses of this form will be found properly by text searches.

  • Extend contrib/unaccent's standard unaccent.rules file to handle all diacritics known to Unicode, and to expand ligatures correctly (Thomas Munro, Léonard Benedetti)

    The previous version neglected to convert some less-common letters with diacritic marks. Also, ligatures are now expanded into separate letters. Installations that use this rules file may wish to rebuild tsvector columns and indexes that depend on the result.

  • Remove the long-deprecated CREATEUSER/NOCREATEUSER options from CREATE ROLE and allied commands (Tom Lane)

    CREATEUSER actually meant SUPERUSER, for ancient backwards-compatibility reasons. This has been a constant source of confusion for people who (reasonably) expect it to mean CREATEROLE. It has been deprecated for ten years now, so fix the problem by removing it.

  • Treat role names beginning with pg_ as reserved (Stephen Frost)

    User creation of such role names is now disallowed. This prevents conflicts with built-in roles created by initdb.

  • Change a column name in the information_schema.routines view from result_cast_character_set_name to result_cast_char_set_name (Clément Prévost)

    The SQL:2011 standard specifies the longer name, but that appears to be a mistake, because adjacent column names use the shorter style, as do other information_schema views.

  • psql's -c option no longer implies --no-psqlrc (Pavel Stehule, Catalin Iacob)

    Write --no-psqlrc (or its abbreviation -X) explicitly to obtain the old behavior. Scripts so modified will still work with old versions of psql.

  • Improve pg_restore's -t option to match all types of relations, not only plain tables (Craig Ringer)

  • Change the display format used for NextXID in pg_controldata and related places (Joe Conway, Bruce Momjian)

    Display epoch-and-transaction-ID values in the format number:number. The previous format number/number was confusingly similar to that used for LSNs.

  • Update extension functions to be marked parallel-safe where appropriate (Andreas Karlsson)

    Many of the standard extensions have been updated to allow their functions to be executed within parallel query worker processes. These changes will not take effect in databases pg_upgrade'd from prior versions unless you apply ALTER EXTENSION UPDATE to each such extension (in each database of a cluster).

  • Parallel queries (Robert Haas, Amit Kapila, David Rowley, many others)

    With 9.6, PostgreSQL introduces initial support for parallel execution of large queries. Only strictly read-only queries where the driving table is accessed via a sequential scan can be parallelized. Hash joins and nested loops can be performed in parallel, as can aggregation (for supported aggregates). Much remains to be done, but this is already a useful set of features.

    Parallel query execution is not (yet) enabled by default. To allow it, set the new configuration parameter max_parallel_workers_per_gather to a value larger than zero. Additional control over use of parallelism is available through other new configuration parameters force_parallel_mode, parallel_setup_cost, parallel_tuple_cost, and min_parallel_relation_size.

  • Provide infrastructure for marking the parallel-safety status of functions (Robert Haas, Amit Kapila)

  • Allow GIN index builds to make effective use of maintenance_work_mem settings larger than 1 GB (Robert Abraham, Teodor Sigaev)

  • Add pages deleted from a GIN index's pending list to the free space map immediately (Jeff Janes, Teodor Sigaev)

    This reduces bloat if the table is not vacuumed often.

  • Add gin_clean_pending_list() function to allow manual invocation of pending-list cleanup for a GIN index (Jeff Janes)

    Formerly, such cleanup happened only as a byproduct of vacuuming or analyzing the parent table.

  • Improve handling of dead index tuples in GiST indexes (Anastasia Lubennikova)

    Dead index tuples are now marked as such when an index scan notices that the corresponding heap tuple is dead. When inserting tuples, marked-dead tuples will be removed if needed to make space on the page.

  • Add an SP-GiST operator class for type box (Alexander Lebedev)

  • Improve sorting performance by using quicksort, not replacement selection sort, when performing external sort steps (Peter Geoghegan)

    The new approach makes better use of the CPU cache for typical cache sizes and data volumes. Where necessary, the behavior can be adjusted via the new configuration parameter replacement_sort_tuples.

  • Speed up text sorts where the same string occurs multiple times (Peter Geoghegan)

  • Speed up sorting of uuid, bytea, and char(n) fields by using "abbreviated" keys (Peter Geoghegan)

    Support for abbreviated keys has also been added to the non-default operator classes text_pattern_ops, varchar_pattern_ops, and bpchar_pattern_ops. Processing of ordered-set aggregates can also now exploit abbreviated keys.

  • Speed up CREATE INDEX CONCURRENTLY by treating TIDs as 64-bit integers during sorting (Peter Geoghegan)

  • Reduce contention for the ProcArrayLock (Amit Kapila, Robert Haas)

  • Improve performance by moving buffer content locks into the buffer descriptors (Andres Freund, Simon Riggs)

  • Replace shared-buffer header spinlocks with atomic operations to improve scalability (Alexander Korotkov, Andres Freund)

  • Use atomic operations, rather than a spinlock, to protect an LWLock's wait queue (Andres Freund)

  • Partition the shared hash table freelist to reduce contention on multi-CPU-socket servers (Aleksander Alekseev)

  • Reduce interlocking on standby servers during the replay of btree index vacuuming operations (Simon Riggs)

    This change avoids substantial replication delays that sometimes occurred while replaying such operations.

  • Improve ANALYZE's estimates for columns with many nulls (Tomas Vondra, Alex Shulgin)

    Previously ANALYZE tended to underestimate the number of non-NULL distinct values in a column with many NULLs, and was also inaccurate in computing the most-common values.

  • Improve planner's estimate of the number of distinct values in a query result (Tomas Vondra)

  • Use foreign key relationships to infer selectivity for join predicates (Tomas Vondra, David Rowley)

    If a table t has a foreign key restriction, say (a,b) REFERENCES r (x,y), then a WHERE condition such as t.a = r.x AND t.b = r.y cannot select more than one r row per t row. The planner formerly considered these AND conditions to be independent and would often drastically misestimate selectivity as a result. Now it compares the WHERE conditions to applicable foreign key constraints and produces better estimates.

  • Avoid re-vacuuming pages containing only frozen tuples (Masahiko Sawada, Robert Haas, Andres Freund)

    Formerly, anti-wraparound vacuum had to visit every page of a table, even pages where there was nothing to do. Now, pages containing only already-frozen tuples are identified in the table's visibility map, and can be skipped by vacuum even when doing transaction wraparound prevention. This should greatly reduce the cost of maintaining large tables containing mostly-unchanging data.

    If necessary, vacuum can be forced to process all-frozen pages using the new DISABLE_PAGE_SKIPPING option. Normally this should never be needed, but it might help in recovering from visibility-map corruption.

  • Avoid useless heap-truncation attempts during VACUUM (Jeff Janes, Tom Lane)

    This change avoids taking an exclusive table lock in some cases where no truncation is possible. The main benefit comes from avoiding unnecessary query cancellations on standby servers.

  • Allow old MVCC snapshots to be invalidated after a configurable timeout (Kevin Grittner)

    Normally, deleted tuples cannot be physically removed by vacuuming until the last transaction that could "see" them is gone. A transaction that stays open for a long time can thus cause considerable table bloat because space cannot be recycled. This feature allows setting a time-based limit, via the new configuration parameter old_snapshot_threshold, on how long an MVCC snapshot is guaranteed to be valid. After that, dead tuples are candidates for removal. A transaction using an outdated snapshot will get an error if it attempts to read a page that potentially could have contained such data.

  • Ignore GROUP BY columns that are functionally dependent on other columns (David Rowley)

    If a GROUP BY clause includes all columns of a non-deferred primary key, as well as other columns of the same table, those other columns are redundant and can be dropped from the grouping. This saves computation in many common cases.

  • Allow use of an index-only scan on a partial index when the index's WHERE clause references columns that are not indexed (Tomas Vondra, Kyotaro Horiguchi)

    For example, an index defined by CREATE INDEX tidx_partial ON t(b) WHERE a > 0 can now be used for an index-only scan by a query that specifies WHERE a > 0 and does not otherwise use a. Previously this was disallowed because a is not listed as an index column.

  • Perform checkpoint writes in sorted order (Fabien Coelho, Andres Freund)

    Previously, checkpoints wrote out dirty pages in whatever order they happen to appear in shared buffers, which usually is nearly random. That performs poorly, especially on rotating media. This change causes checkpoint-driven writes to be done in order by file and block number, and to be balanced across tablespaces.

  • Where feasible, trigger kernel writeback after a configurable number of writes, to prevent accumulation of dirty data in kernel disk buffers (Fabien Coelho, Andres Freund)

    PostgreSQL writes data to the kernel's disk cache, from where it will be flushed to physical storage in due time. Many operating systems are not smart about managing this and allow large amounts of dirty data to accumulate before deciding to flush it all at once, causing long delays for new I/O requests until the flushing finishes. This change attempts to alleviate this problem by explicitly requesting data flushes after a configurable interval.

    On Linux, sync_file_range() is used for this purpose, and the feature is on by default on Linux because that function has few downsides. This flushing capability is also available on other platforms if they have msync() or posix_fadvise(), but those interfaces have some undesirable side-effects so the feature is disabled by default on non-Linux platforms.

    The new configuration parameters backend_flush_after, bgwriter_flush_after, checkpoint_flush_after, and wal_writer_flush_after control this behavior.

  • Improve aggregate-function performance by sharing calculations across multiple aggregates if they have the same arguments and transition functions (David Rowley)

    For example, SELECT AVG(x), VARIANCE(x) FROM tab can use a single per-row computation for both aggregates.

  • Speed up visibility tests for recently-created tuples by checking the current transaction's snapshot, not pg_clog, to decide if the source transaction should be considered committed (Jeff Janes, Tom Lane)

  • Allow tuple hint bits to be set sooner than before (Andres Freund)

  • Improve performance of short-lived prepared transactions (Stas Kelvich, Simon Riggs, Pavan Deolasee)

    Two-phase commit information is now written only to WAL during PREPARE TRANSACTION, and will be read back from WAL during COMMIT PREPARED if that happens soon thereafter. A separate state file is created only if the pending transaction does not get committed or aborted by the time of the next checkpoint.

  • Improve performance of memory context destruction (Jan Wieck)

  • Improve performance of resource owners with many tracked objects (Aleksander Alekseev)

  • Improve speed of the output functions for timestamp, time, and date data types (David Rowley, Andres Freund)

  • Avoid some unnecessary cancellations of hot-standby queries during replay of actions that take AccessExclusive locks (Jeff Janes)

  • Extend relations multiple blocks at a time when there is contention for the relation's extension lock (Dilip Kumar)

    This improves scalability by decreasing contention.

  • Increase the number of clog buffers for better scalability (Amit Kapila, Andres Freund)

  • Speed up expression evaluation in PL/pgSQL by keeping ParamListInfo entries for simple variables valid at all times (Tom Lane)

  • Avoid reducing the SO_SNDBUF setting below its default on recent Windows versions (Chen Huajun)

  • Disable update_process_title by default on Windows (Takayuki Tsunakawa)

    The overhead of updating the process title is much larger on Windows than most other platforms, and it is also less useful to do it since most Windows users do not have tools that can display process titles.

  • Add pg_stat_progress_vacuum system view to provide progress reporting for VACUUM operations (Amit Langote, Robert Haas, Vinayak Pokale, Rahila Syed)

  • Add pg_control_system(), pg_control_checkpoint(), pg_control_recovery(), and pg_control_init() functions to expose fields of pg_control to SQL (Joe Conway, Michael Paquier)

  • Add pg_config system view (Joe Conway)

    This view exposes the same information available from the pg_config command-line utility, namely assorted compile-time configuration information for PostgreSQL.

  • Add a confirmed_flush_lsn column to the pg_replication_slots system view (Marko Tiikkaja)

  • Add pg_stat_wal_receiver system view to provide information about the state of a hot-standby server's WAL receiver process (Michael Paquier)

  • Add pg_blocking_pids() function to reliably identify which sessions block which others (Tom Lane)

    This function returns an array of the process IDs of any sessions that are blocking the session with the given process ID. Historically users have obtained such information using a self-join on the pg_locks view. However, it is unreasonably tedious to do it that way with any modicum of correctness, and the addition of parallel queries has made the old approach entirely impractical, since locks might be held or awaited by child worker processes rather than the session's main process.

  • Add function pg_current_xlog_flush_location() to expose the current transaction log flush location (Tomas Vondra)

  • Add function pg_notification_queue_usage() to report how full the NOTIFY queue is (Brendan Jurd)

  • Limit the verbosity of memory context statistics dumps (Tom Lane)

    The memory usage dump that is output to the postmaster log during an out-of-memory failure now summarizes statistics when there are a large number of memory contexts, rather than possibly generating a very large report. There is also a "grand total" summary line now.

  • Add a BSD authentication method to allow use of the BSD Authentication service for PostgreSQL client authentication (Marisa Emerson)

    BSD Authentication is currently only available on OpenBSD.

  • When using PAM authentication, provide the client IP address or host name to PAM modules via the PAM_RHOST item (Grzegorz Sampolski)

  • Provide detail in the postmaster log for more types of password authentication failure (Tom Lane)

    All ordinarily-reachable password authentication failure cases should now provide specific DETAIL fields in the log.

  • Support RADIUS passwords up to 128 characters long (Marko Tiikkaja)

  • Add new SSPI authentication parameters compat_realm and upn_username to control whether NetBIOS or Kerberos realm names and user names are used during SSPI authentication (Christian Ullrich)

  • Allow sessions to be terminated automatically if they are in idle-in-transaction state for too long (Vik Fearing)

    This behavior is controlled by the new configuration parameter idle_in_transaction_session_timeout. It can be useful to prevent forgotten transactions from holding locks or preventing vacuum cleanup for too long.

  • Raise the maximum allowed value of checkpoint_timeout to 24 hours (Simon Riggs)

  • Allow effective_io_concurrency to be set per-tablespace to support cases where different tablespaces have different I/O characteristics (Julien Rouhaud)

  • Add log_line_prefix option %n to print the current time in Unix epoch form, with milliseconds (Tomas Vondra, Jeff Davis)

  • Add syslog_sequence_numbers and syslog_split_messages configuration parameters to provide more control over the message format when logging to syslog (Peter Eisentraut)

  • Merge the archive and hot_standby values of the wal_level configuration parameter into a single new value replica (Peter Eisentraut)

    Making a distinction between these settings is no longer useful, and merging them is a step towards a planned future simplification of replication setup. The old names are still accepted but are converted to replica internally.

  • Add configure option --with-systemd to enable calling sd_notify() at server start and stop (Peter Eisentraut)

    This allows the use of systemd service units of type notify, which greatly simplifies the management of PostgreSQL under systemd.

  • Allow the server's SSL key file to have group read access if it is owned by root (Christoph Berg)

    Formerly, we insisted the key file be owned by the user running the PostgreSQL server, but that is inconvenient on some systems (such as Debian) that are configured to manage certificates centrally. Therefore, allow the case where the key file is owned by root and has group read access. It is up to the operating system administrator to ensure that the group does not include any untrusted users.

  • Force backends to exit if the postmaster dies (Rajeev Rastogi, Robert Haas)

    Under normal circumstances the postmaster should always outlive its child processes. If for some reason the postmaster dies, force backend sessions to exit with an error. Formerly, existing backends would continue to run until their clients disconnect, but that is unsafe and inefficient. It also prevents a new postmaster from being started until the last old backend has exited. Backends will detect postmaster death when waiting for client I/O, so the exit will not be instantaneous, but it should happen no later than the end of the current query.

  • Ensure that invalidation messages are recorded in WAL even when issued by a transaction that has no XID assigned (Andres Freund)

    This fixes some corner cases in which transactions on standby servers failed to notice changes, such as new indexes.

  • Prevent multiple processes from trying to clean a GIN index's pending list concurrently (Teodor Sigaev, Jeff Janes)

    This had been intentionally allowed, but it causes race conditions that can result in vacuum missing index entries it needs to delete.

  • Allow synchronous replication to support multiple simultaneous synchronous standby servers, not just one (Masahiko Sawada, Beena Emerson, Michael Paquier, Fujii Masao, Kyotaro Horiguchi)

    The number of standby servers that must acknowledge a commit before it is considered complete is now configurable as part of the synchronous_standby_names parameter.

  • Add new setting remote_apply for configuration parameter synchronous_commit (Thomas Munro)

    In this mode, the master waits for the transaction to be applied on the standby server, not just written to disk. That means that you can count on a transaction started on the standby to see all commits previously acknowledged by the master.

  • Add a feature to the replication protocol, and a corresponding option to pg_create_physical_replication_slot(), to allow reserving WAL immediately when creating a replication slot (Gurjeet Singh, Michael Paquier)

    This allows the creation of a replication slot to guarantee that all the WAL needed for a base backup will be available.

  • Add a --slot option to pg_basebackup (Peter Eisentraut)

    This lets pg_basebackup use a replication slot defined for WAL streaming. After the base backup completes, selecting the same slot for regular streaming replication allows seamless startup of the new standby server.

  • Extend pg_start_backup() and pg_stop_backup() to support non-exclusive backups (Magnus Hagander)

  • Allow functions that return sets of tuples to return simple NULLs (Andrew Gierth, Tom Lane)

    In the context of SELECT FROM function(...), a function that returned a set of composite values was previously not allowed to return a plain NULL value as part of the set. Now that is allowed and interpreted as a row of NULLs. This avoids corner-case errors with, for example, unnesting an array of composite values.

  • Fully support array subscripts and field selections in the target column list of an INSERT with multiple VALUES rows (Tom Lane)

    Previously, such cases failed if the same target column was mentioned more than once, e.g., INSERT INTO tab (x[1], x[2]) VALUES (...).

  • When appropriate, postpone evaluation of SELECT output expressions until after an ORDER BY sort (Konstantin Knizhnik)

    This change ensures that volatile or expensive functions in the output list are executed in the order suggested by ORDER BY, and that they are not evaluated more times than required when there is a LIMIT clause. Previously, these properties held if the ordering was performed by an index scan or pre-merge-join sort, but not if it was performed by a top-level sort.

  • Widen counters recording the number of tuples processed to 64 bits (Andreas Scherbaum)

    This change allows command tags, e.g. SELECT, to correctly report tuple counts larger than 4 billion. This also applies to PL/pgSQL's GET DIAGNOSTICS ... ROW_COUNT command.

  • Avoid doing encoding conversions by converting through the MULE_INTERNAL encoding (Tom Lane)

    Previously, many conversions for Cyrillic and Central European single-byte encodings were done by converting to a related MULE_INTERNAL coding scheme and then to the destination encoding. Aside from being inefficient, this meant that when the conversion encountered an untranslatable character, the error message would confusingly complain about failure to convert to or from MULE_INTERNAL, rather than the user-visible encoding.

  • Consider performing joins of foreign tables remotely only when the tables will be accessed under the same role ID (Shigeru Hanada, Ashutosh Bapat, Etsuro Fujita)

    Previously, the foreign join pushdown infrastructure left the question of security entirely up to individual foreign data wrappers, but that made it too easy for an FDW to inadvertently create subtle security holes. So, make it the core code's job to determine which role ID will access each table, and do not attempt join pushdown unless the role is the same for all relevant relations.

  • Allow COPY to copy the output of an INSERT/UPDATE/DELETE ... RETURNING query (Marko Tiikkaja)

    Previously, an intermediate CTE had to be written to get this result.

  • Introduce ALTER object DEPENDS ON EXTENSION (Abhijit Menon-Sen)

    This command allows a database object to be marked as depending on an extension, so that it will be dropped automatically if the extension is dropped (without needing CASCADE). However, the object is not part of the extension, and thus will be dumped separately by pg_dump.

  • Make ALTER object SET SCHEMA do nothing when the object is already in the requested schema, rather than throwing an error as it historically has for most object types (Marti Raudsepp)

  • Add options to ALTER OPERATOR to allow changing the selectivity functions associated with an existing operator (Yury Zhuravlev)

  • Add an IF NOT EXISTS option to ALTER TABLE ADD COLUMN (Fabrízio de Royes Mello)

  • Reduce the lock strength needed by ALTER TABLE when setting fillfactor and autovacuum-related relation options (Fabrízio de Royes Mello, Simon Riggs)

  • Introduce CREATE ACCESS METHOD to allow extensions to create index access methods (Alexander Korotkov, Petr Jelínek)

  • Add a CASCADE option to CREATE EXTENSION to automatically create any extensions the requested one depends on (Petr Jelínek)

  • Make CREATE TABLE ... LIKE include an OID column if any source table has one (Bruce Momjian)

  • If a CHECK constraint is declared NOT VALID in a table creation command, automatically mark it as valid (Amit Langote, Amul Sul)

    This is safe because the table has no existing rows. This matches the longstanding behavior of FOREIGN KEY constraints.

  • Fix DROP OPERATOR to clear pg_operator.oprcom and pg_operator.oprnegate links to the dropped operator (Roma Sokolov)

    Formerly such links were left as-is, which could pose a problem in the somewhat unlikely event that the dropped operator's OID was reused for another operator.

  • Do not show the same subplan twice in EXPLAIN output (Tom Lane)

    In certain cases, typically involving SubPlan nodes in index conditions, EXPLAIN would print data for the same subplan twice.

  • Disallow creation of indexes on system columns, except for OID columns (David Rowley)

    Such indexes were never considered supported, and would very possibly misbehave since the system might change the system-column fields of a tuple without updating indexes. However, previously there were no error checks to prevent them from being created.

  • Use the privilege system to manage access to sensitive functions (Stephen Frost)

    Formerly, many security-sensitive functions contained hard-wired checks that would throw an error if they were called by a non-superuser. This forced the use of superuser roles for some relatively pedestrian tasks. The hard-wired error checks are now gone in favor of making initdb revoke the default public EXECUTE privilege on these functions. This allows installations to choose to grant usage of such functions to trusted roles that do not need all superuser privileges.

  • Create some built-in roles that can be used to grant access to what were previously superuser-only functions (Stephen Frost)

    Currently the only such role is pg_signal_backend, but more are expected to be added in future.

  • Improve full-text search to support searching for phrases, that is, lexemes appearing adjacent to each other in a specific order, or with a specified distance between them (Teodor Sigaev, Oleg Bartunov, Dmitry Ivanov)

    A phrase-search query can be specified in tsquery input using the new operators <-> and <N>. The former means that the lexemes before and after it must appear adjacent to each other in that order. The latter means they must be exactly N lexemes apart.

  • Allow omitting one or both boundaries in an array slice specifier, e.g. array_col[3:] (Yury Zhuravlev)

    Omitted boundaries are taken as the upper or lower limit of the corresponding array subscript. This allows simpler specification for many common use-cases.

  • Be more careful about out-of-range dates and timestamps (Vitaly Burovoy)

    This change prevents unexpected out-of-range errors for timestamp with time zone values very close to the implementation limits. Previously, the "same" value might be accepted or not depending on the timezone setting, meaning that a dump and reload could fail on a value that had been accepted when presented. Now the limits are enforced according to the equivalent UTC time, not local time, so as to be independent of timezone.

    Also, PostgreSQL is now more careful to detect overflow in operations that compute new date or timestamp values, such as date + integer.

  • For geometric data types, make sure infinity and NaN component values are treated consistently during input and output (Tom Lane)

    Such values will now always print the same as they would in a simple float8 column, and be accepted the same way on input. Previously the behavior was platform-dependent.

  • Upgrade the ispell dictionary type to handle modern Hunspell files and support more languages (Artur Zakirov)

  • Implement look-behind constraints in regular expressions (Tom Lane)

    A look-behind constraint is like a lookahead constraint in that it consumes no text; but it checks for existence (or nonexistence) of a match ending at the current point in the string, rather than one starting at the current point. Similar features exist in many other regular-expression engines.

  • In regular expressions, if an apparent three-digit octal escape \nnn would exceed 377 (255 decimal), assume it is a two-digit octal escape instead (Tom Lane)

    This makes the behavior match current Tcl releases.

  • Add transaction ID operators xid <> xid and xid <> int4, for consistency with the corresponding equality operators (Michael Paquier)

  • Add jsonb_insert() function to insert a new element into a jsonb array, or a not-previously-existing key into a jsonb object (Dmitry Dolgov)

  • Improve the accuracy of the ln(), log(), exp(), and pow() functions for type numeric (Dean Rasheed)

  • Add a scale(numeric) function to extract the display scale of a numeric value (Marko Tiikkaja)

  • Add trigonometric functions that work in degrees (Dean Rasheed)

    For example, sind() measures its argument in degrees, whereas sin() measures in radians. These functions go to some lengths to deliver exact results for values where an exact result can be expected, for instance sind(30) = 0.5.

  • Ensure that trigonometric functions handle infinity and NaN inputs per the POSIX standard (Dean Rasheed)

    The POSIX standard says that these functions should return NaN for NaN input, and should throw an error for out-of-range inputs including infinity. Previously our behavior varied across platforms.

  • Make to_timestamp(float8) convert float infinity to timestamp infinity (Vitaly Burovoy)

    Formerly it just failed on an infinite input.

  • Add new functions for tsvector data (Stas Kelvich)

    The new functions are ts_delete(), ts_filter(), unnest(), tsvector_to_array(), array_to_tsvector(), and a variant of setweight() that sets the weight only for specified lexeme(s).

  • Allow ts_stat() and tsvector_update_trigger() to operate on values that are of types binary-compatible with the expected argument type, not just exactly that type; for example allow citext where text is expected (Teodor Sigaev)

  • Add variadic functions num_nulls() and num_nonnulls() that count the number of their arguments that are null or non-null (Marko Tiikkaja)

    An example usage is CHECK(num_nonnulls(a,b,c) = 1) which asserts that exactly one of a,b,c is not NULL. These functions can also be used to count the number of null or nonnull elements in an array.

  • Add function parse_ident() to split a qualified, possibly quoted SQL identifier into its parts (Pavel Stehule)

  • In to_number(), interpret a V format code as dividing by 10 to the power of the number of digits following V (Bruce Momjian)

    This makes it operate in an inverse fashion to to_char().

  • Make the to_reg*() functions accept type text not cstring (Petr Korobeinikov)

    This avoids the need to write an explicit cast in most cases where the argument is not a simple literal constant.

  • Add pg_size_bytes() function to convert human-readable size strings to numbers (Pavel Stehule, Vitaly Burovoy, Dean Rasheed)

    This function converts strings like those produced by pg_size_pretty() into bytes. An example usage is SELECT oid::regclass FROM pg_class WHERE pg_total_relation_size(oid) > pg_size_bytes('10 GB').

  • In pg_size_pretty(), format negative numbers similarly to positive ones (Adrian Vondendriesch)

    Previously, negative numbers were never abbreviated, just printed in bytes.

  • Add an optional missing_ok argument to the current_setting() function (David Christensen)

    This allows avoiding an error for an unrecognized parameter name, instead returning a NULL.

  • Change various catalog-inspection functions to return NULL for invalid input (Michael Paquier)

    pg_get_viewdef() now returns NULL if given an invalid view OID, and several similar functions likewise return NULL for bad input. Previously, such cases usually led to "cache lookup failed" errors, which are not meant to occur in user-facing cases.

  • Fix pg_replication_origin_xact_reset() to not have any arguments (Fujii Masao)

    The documentation said that it has no arguments, and the C code did not expect any arguments, but the entry in pg_proc mistakenly specified two arguments.

  • In PL/pgSQL, detect mismatched CONTINUE and EXIT statements while compiling a function, rather than at execution time (Jim Nasby)

  • Extend PL/Python's error-reporting and message-reporting functions to allow specifying additional message fields besides the primary error message (Pavel Stehule)

  • Allow PL/Python functions to call themselves recursively via SPI, and fix the behavior when multiple set-returning PL/Python functions are called within one query (Alexey Grishchenko, Tom Lane)

  • Fix session-lifespan memory leaks in PL/Python (Heikki Linnakangas, Haribabu Kommi, Tom Lane)

  • Modernize PL/Tcl to use Tcl's "object" APIs instead of simple strings (Jim Nasby, Karl Lehenbauer)

    This can improve performance substantially in some cases. Note that PL/Tcl now requires Tcl 8.4 or later.

  • In PL/Tcl, make database-reported errors return additional information in Tcl's errorCode global variable (Jim Nasby, Tom Lane)

    This feature follows the Tcl convention for returning auxiliary data about an error.

  • Fix PL/Tcl to perform encoding conversion between the database encoding and UTF-8, which is what Tcl expects (Tom Lane)

    Previously, strings were passed through without conversion, leading to misbehavior with non-ASCII characters when the database encoding was not UTF-8.

  • Add a nonlocalized version of the severity field in error and notice messages (Tom Lane)

    This change allows client code to determine severity of an error or notice without having to worry about localized variants of the severity strings.

  • Introduce a feature in libpq whereby the CONTEXT field of messages can be suppressed, either always or only for non-error messages (Pavel Stehule)

    The default behavior of PQerrorMessage() is now to print CONTEXT only for errors. The new function PQsetErrorContextVisibility() can be used to adjust this.

  • Add support in libpq for regenerating an error message with a different verbosity level (Alex Shulgin)

    This is done with the new function PQresultVerboseErrorMessage(). This supports psql's new \errverbose feature, and may be useful for other clients as well.

  • Improve libpq's PQhost() function to return useful data for default Unix-socket connections (Tom Lane)

    Previously it would return NULL if no explicit host specification had been given; now it returns the default socket directory path.

  • Fix ecpg's lexer to handle line breaks within comments starting on preprocessor directive lines (Michael Meskes)

  • Add a --strict-names option to pg_dump and pg_restore (Pavel Stehule)

    This option causes the program to complain if there is no match for a -t or -n option, rather than silently doing nothing.

  • In pg_dump, dump locally-made changes of privilege assignments for system objects (Stephen Frost)

    While it has always been possible for a superuser to change the privilege assignments for built-in or extension-created objects, such changes were formerly lost in a dump and reload. Now, pg_dump recognizes and dumps such changes. (This works only when dumping from a 9.6 or later server, however.)

  • Allow pg_dump to dump non-extension-owned objects that are within an extension-owned schema (Martín Marqués)

    Previously such objects were ignored because they were mistakenly assumed to belong to the extension owning their schema.

  • In pg_dump output, include the table name in object tags for object types that are only uniquely named per-table (for example, triggers) (Peter Eisentraut)

  • Support multiple -c and -f command-line options (Pavel Stehule, Catalin Iacob)

    The specified operations are carried out in the order in which the options are given, and then psql terminates.

  • Add a \crosstabview command that prints the results of a query in a cross-tabulated display (Daniel Vérité)

    In the crosstab display, data values from one query result column are placed in a grid whose column and row headers come from other query result columns.

  • Add an \errverbose command that shows the last server error at full verbosity (Alex Shulgin)

    This is useful after getting an unexpected error — you no longer need to adjust the VERBOSITY variable and recreate the failure in order to see error fields that are not shown by default.

  • Add \ev and \sv commands for editing and showing view definitions (Petr Korobeinikov)

    These are parallel to the existing \ef and \sf commands for functions.

  • Add a \gexec command that executes a query and re-submits the result(s) as new queries (Corey Huinker)

  • Allow \pset C string to set the table title, for consistency with \C string (Bruce Momjian)

  • In \pset expanded auto mode, do not use expanded format for query results with only one column (Andreas Karlsson, Robert Haas)

  • Improve the headers output by the \watch command (Michael Paquier, Tom Lane)

    Include the \pset title string if one has been set, and shorten the prefabricated part of the header to be timestamp (every Ns). Also, the timestamp format now obeys psql's locale environment.

  • Improve tab-completion logic to consider the entire input query, not only the current line (Tom Lane)

    Previously, breaking a command into multiple lines defeated any tab completion rules that needed to see words on earlier lines.

  • Numerous minor improvements in tab-completion behavior (Peter Eisentraut, Vik Fearing, Kevin Grittner, Kyotaro Horiguchi, Jeff Janes, Andreas Karlsson, Fujii Masao, Thomas Munro, Masahiko Sawada, Pavel Stehule)

  • Add a PROMPT option %p to insert the process ID of the connected backend (Julien Rouhaud)

  • Introduce a feature whereby the CONTEXT field of messages can be suppressed, either always or only for non-error messages (Pavel Stehule)

    Printing CONTEXT only for errors is now the default behavior. This can be changed by setting the special variable SHOW_CONTEXT.

  • Make \df+ show function access privileges and parallel-safety attributes (Michael Paquier)

  • SQL commands in pgbench scripts are now ended by semicolons, not newlines (Kyotaro Horiguchi, Tom Lane)

    This change allows SQL commands in scripts to span multiple lines. Existing custom scripts will need to be modified to add a semicolon at the end of each line that does not have one already. (Doing so does not break the script for use with older versions of pgbench.)

  • Support floating-point arithmetic, as well as some built-in functions, in expressions in backslash commands (Fabien Coelho)

  • Replace \setrandom with built-in functions (Fabien Coelho)

    The new built-in functions include random(), random_exponential(), and random_gaussian(), which perform the same work as \setrandom, but are easier to use since they can be embedded in larger expressions. Since these additions have made \setrandom obsolete, remove it.

  • Allow invocation of multiple copies of the built-in scripts, not only custom scripts (Fabien Coelho)

    This is done with the new -b switch, which works similarly to -f for custom scripts.

  • Allow changing the selection probabilities (weights) for scripts (Fabien Coelho)

    When multiple scripts are specified, each pgbench transaction randomly chooses one to execute. Formerly this was always done with uniform probability, but now different selection probabilities can be specified for different scripts.

  • Collect statistics for each script in a multi-script run (Fabien Coelho)

    This feature adds an intermediate level of detail to existing global and per-command statistics printouts.

  • Add a --progress-timestamp option to report progress with Unix epoch timestamps, instead of time since the run started (Fabien Coelho)

  • Allow the number of client connections (-c) to not be an exact multiple of the number of threads (-j) (Fabien Coelho)

  • When the -T option is used, stop promptly at the end of the specified time (Fabien Coelho)

    Previously, specifying a low transaction rate could cause pgbench to wait significantly longer than specified.

  • Improve error reporting during initdb's post-bootstrap phase (Tom Lane)

    Previously, an error here led to reporting the entire input file as the "failing query"; now just the current query is reported. To get the desired behavior, queries in initdb's input files must be separated by blank lines.

  • Speed up initdb by using just one standalone-backend session for all the post-bootstrap steps (Tom Lane)

  • Improve pg_rewind so that it can work when the target timeline changes (Alexander Korotkov)

    This allows, for example, rewinding a promoted standby back to some state of the old master's timeline.

  • Remove obsolete heap_formtuple/heap_modifytuple/heap_deformtuple functions (Peter Geoghegan)

  • Add macros to make AllocSetContextCreate() calls simpler and safer (Tom Lane)

    Writing out the individual sizing parameters for a memory context is now deprecated in favor of using one of the new macros ALLOCSET_DEFAULT_SIZES, ALLOCSET_SMALL_SIZES, or ALLOCSET_START_SMALL_SIZES. Existing code continues to work, however.

  • Unconditionally use static inline functions in header files (Andres Freund)

    This may result in warnings and/or wasted code space with very old compilers, but the notational improvement seems worth it.

  • Improve TAP testing infrastructure (Michael Paquier, Craig Ringer, Álvaro Herrera, Stephen Frost)

    Notably, it is now possible to test recovery scenarios using this infrastructure.

  • Make trace_lwlocks identify individual locks by name (Robert Haas)

  • Improve psql's tab-completion code infrastructure (Thomas Munro, Michael Paquier)

    Tab-completion rules are now considerably easier to write, and more compact.

  • Nail the pg_shseclabel system catalog into cache, so that it is available for access during connection authentication (Adam Brightwell)

    The core code does not use this catalog for authentication, but extensions might wish to consult it.

  • Restructure index access method API to hide most of it at the C level (Alexander Korotkov, Andrew Gierth)

    This change modernizes the index AM API to look more like the designs we have adopted for foreign data wrappers and tablesample handlers. This simplifies the C code and makes it much more practical to define index access methods in installable extensions. A consequence is that most of the columns of the pg_am system catalog have disappeared. New inspection functions have been added to allow SQL queries to determine index AM properties that used to be discoverable from pg_am.

  • Add pg_init_privs system catalog to hold original privileges of initdb-created and extension-created objects (Stephen Frost)

    This infrastructure allows pg_dump to dump changes that an installation may have made in privileges attached to system objects. Formerly, such changes would be lost in a dump and reload, but now they are preserved.

  • Change the way that extensions allocate custom LWLocks (Amit Kapila, Robert Haas)

    The RequestAddinLWLocks() function is removed, and replaced by RequestNamedLWLockTranche(). This allows better identification of custom LWLocks, and is less error-prone.

  • Improve the isolation tester to allow multiple sessions to wait concurrently, allowing testing of deadlock scenarios (Robert Haas)

  • Introduce extensible node types (KaiGai Kohei)

    This change allows FDWs or custom scan providers to store data in a plan tree in a more convenient format than was previously possible.

  • Make the planner deal with post-scan/join query steps by generating and comparing Paths, replacing a lot of ad-hoc logic (Tom Lane)

    This change provides only marginal user-visible improvements today, but it enables future work on a lot of upper-planner improvements that were impractical to tackle using the old code structure.

  • Support partial aggregation (David Rowley, Simon Riggs)

    This change allows the computation of an aggregate function to be split into separate parts, for example so that parallel worker processes can cooperate on computing an aggregate. In future it might allow aggregation across local and remote data to occur partially on the remote end.

  • Add a generic command progress reporting facility (Vinayak Pokale, Rahila Syed, Amit Langote, Robert Haas)

  • Separate out psql's flex lexer to make it usable by other client programs (Tom Lane, Kyotaro Horiguchi)

    This eliminates code duplication for programs that need to be able to parse SQL commands well enough to identify command boundaries. Doing that in full generality is more painful than one could wish, and up to now only psql has really gotten it right among our supported client programs.

    A new source-code subdirectory src/fe_utils/ has been created to hold this and other code that is shared across our client programs. Formerly such sharing was accomplished by symbolic linking or copying source files at build time, which was ugly and required duplicate compilation.

  • Introduce WaitEventSet API to allow efficient waiting for event sets that usually do not change from one wait to the next (Andres Freund, Amit Kapila)

  • Add a generic interface for writing WAL records (Alexander Korotkov, Petr Jelínek, Markus Nullmeier)

    This change allows extensions to write WAL records for changes to pages using a standard layout. The problem of needing to replay WAL without access to the extension is solved by having generic replay code. This allows extensions to implement, for example, index access methods and have WAL support for them.

  • Support generic WAL messages for logical decoding (Petr Jelínek, Andres Freund)

    This feature allows extensions to insert data into the WAL stream that can be read by logical-decoding plugins, but is not connected to physical data restoration.

  • Allow SP-GiST operator classes to store an arbitrary "traversal value" while descending the index (Alexander Lebedev, Teodor Sigaev)

    This is somewhat like the "reconstructed value", but it could be any arbitrary chunk of data, not necessarily of the same data type as the indexed column.

  • Introduce a LOG_SERVER_ONLY message level for ereport() (David Steele)

    This level acts like LOG except that the message is never sent to the client. It is meant for use in auditing and similar applications.

  • Provide a Makefile target to build all generated headers (Michael Paquier, Tom Lane)

    submake-generated-headers can now be invoked to ensure that generated backend header files are up-to-date. This is useful in subdirectories that might be built "standalone".

  • Support OpenSSL 1.1.0 (Andreas Karlsson, Heikki Linnakangas)

  • Add configuration parameter auto_explain.sample_rate to allow contrib/auto_explain to capture just a configurable fraction of all queries (Craig Ringer, Julien Rouhaud)

    This allows reduction of overhead for heavy query traffic, while still getting useful information on average.

  • Add contrib/bloom module that implements an index access method based on Bloom filtering (Teodor Sigaev, Alexander Korotkov)

    This is primarily a proof-of-concept for non-core index access methods, but it could be useful in its own right for queries that search many columns.

  • In contrib/cube, introduce distance operators for cubes, and support kNN-style searches in GiST indexes on cube columns (Stas Kelvich)

  • Make contrib/hstore's hstore_to_jsonb_loose() and hstore_to_json_loose() functions agree on what is a number (Tom Lane)

    Previously, hstore_to_jsonb_loose() would convert numeric-looking strings to JSON numbers, rather than strings, even if they did not exactly match the JSON syntax specification for numbers. This was inconsistent with hstore_to_json_loose(), so tighten the test to match the JSON syntax.

  • Add selectivity estimation functions for contrib/intarray operators to improve plans for queries using those operators (Yury Zhuravlev, Alexander Korotkov)

  • Make contrib/pageinspect's heap_page_items() function show the raw data in each tuple, and add new functions tuple_data_split() and heap_page_item_attrs() for inspection of individual tuple fields (Nikolay Shaplov)

  • Add an optional S2K iteration count parameter to contrib/pgcrypto's pgp_sym_encrypt() function (Jeff Janes)

  • Add support for "word similarity" to contrib/pg_trgm (Alexander Korotkov, Artur Zakirov)

    These functions and operators measure the similarity between one string and the most similar single word of another string.

  • Add configuration parameter pg_trgm.similarity_threshold for contrib/pg_trgm's similarity threshold (Artur Zakirov)

    This threshold has always been configurable, but formerly it was controlled by special-purpose functions set_limit() and show_limit(). Those are now deprecated.

  • Improve contrib/pg_trgm's GIN operator class to speed up index searches in which both common and rare keys appear (Jeff Janes)

  • Improve performance of similarity searches in contrib/pg_trgm GIN indexes (Christophe Fornaroli)

  • Add contrib/pg_visibility module to allow examining table visibility maps (Robert Haas)

  • Add ssl_extension_info() function to contrib/sslinfo, to print information about SSL extensions present in the X509 certificate used for the current connection (Dmitry Voronin)

  • Allow extension-provided operators and functions to be sent for remote execution, if the extension is whitelisted in the foreign server's options (Paul Ramsey)

    Users can enable this feature when the extension is known to exist in a compatible version in the remote database. It allows more efficient execution of queries involving extension operators.

  • Consider performing sorts on the remote server (Ashutosh Bapat)

  • Consider performing joins on the remote server (Shigeru Hanada, Ashutosh Bapat)

  • When feasible, perform UPDATE or DELETE entirely on the remote server (Etsuro Fujita)

    Formerly, remote updates involved sending a SELECT FOR UPDATE command and then updating or deleting the selected rows one-by-one. While that is still necessary if the operation requires any local processing, it can now be done remotely if all elements of the query are safe to send to the remote server.

  • Allow the fetch size to be set as a server or table option (Corey Huinker)

    Formerly, postgres_fdw always fetched 100 rows at a time from remote queries; now that behavior is configurable.

  • Use a single foreign-server connection for local user IDs that all map to the same remote user (Ashutosh Bapat)

  • Transmit query cancellation requests to the remote server (Michael Paquier, Etsuro Fujita)

    Previously, a local query cancellation request did not cause an already-sent remote query to terminate early.

• ⇑ Upgrade to 9.6.1 released on 2016-10-27 - docs

  • Fix WAL-logging of truncation of relation free space maps and visibility maps (Pavan Deolasee, Heikki Linnakangas)

    It was possible for these files to not be correctly restored during crash recovery, or to be written incorrectly on a standby server. Bogus entries in a free space map could lead to attempts to access pages that have been truncated away from the relation itself, typically producing errors like "could not read block XXX: read only 0 of 8192 bytes". Checksum failures in the visibility map are also possible, if checksumming is enabled.

    Procedures for determining whether there is a problem and repairing it if so are discussed at https://wiki.postgresql.org/wiki/Free_Space_Map_Problems.

  • Fix possible data corruption when pg_upgrade rewrites a relation visibility map into 9.6 format (Tom Lane)

    On big-endian machines, bytes of the new visibility map were written in the wrong order, leading to a completely incorrect map. On Windows, the old map was read using text mode, leading to incorrect results if the map happened to contain consecutive bytes that matched a carriage return/line feed sequence. The latter error would almost always lead to a pg_upgrade failure due to the map file appearing to be the wrong length.

    If you are using a big-endian machine (many non-Intel architectures are big-endian) and have used pg_upgrade to upgrade from a pre-9.6 release, you should assume that all visibility maps are incorrect and need to be regenerated. It is sufficient to truncate each relation's visibility map with contrib/pg_visibility's pg_truncate_visibility_map() function. For more information see https://wiki.postgresql.org/wiki/Visibility_Map_Problems.

  • Don't throw serialization errors for self-conflicting insertions in INSERT ... ON CONFLICT (Thomas Munro, Peter Geoghegan)

  • Fix use-after-free hazard in execution of aggregate functions using DISTINCT (Peter Geoghegan)

    This could lead to a crash or incorrect query results.

  • Fix incorrect handling of polymorphic aggregates used as window functions (Tom Lane)

    The aggregate's transition function was told that its first argument and result were of the aggregate's output type, rather than the state type. This led to errors or crashes with polymorphic transition functions.

  • Fix COPY with a column name list from a table that has row-level security enabled (Adam Brightwell)

  • Fix statistics update for TRUNCATE in a prepared transaction (Stas Kelvich)

  • Show a sensible value in pg_settings.unit for min_wal_size and max_wal_size (Tom Lane)

  • Fix replacement of array elements in jsonb_set() (Tom Lane)

    If the target is an existing JSON array element, it got deleted instead of being replaced with a new value.

  • Preserve commit timestamps across server restart (Julien Rouhaud, Craig Ringer)

    With track_commit_timestamp turned on, old commit timestamps became inaccessible after a clean server restart.

  • Fix logical WAL decoding to work properly when a subtransaction's WAL output is large enough to spill to disk (Andres Freund)

  • Fix dangling-pointer problem in logical WAL decoding (Stas Kelvich)

  • Round shared-memory allocation request to a multiple of the actual huge page size when attempting to use huge pages on Linux (Tom Lane)

    This avoids possible failures during munmap() on systems with atypical default huge page sizes. Except in crash-recovery cases, there were no ill effects other than a log message.

  • In pg_upgrade, check library loadability in name order (Tom Lane)

    This is a workaround to deal with cross-extension dependencies from language transform modules to their base language and data type modules.

  • Fix pg_upgrade to work correctly for extensions containing index access methods (Tom Lane)

    To allow this, the server has been extended to support ALTER EXTENSION ADD/DROP ACCESS METHOD. That functionality should have been included in the original patch to support dynamic creation of access methods, but it was overlooked.

  • Improve error reporting in pg_upgrade's file copying/linking/rewriting steps (Tom Lane, Álvaro Herrera)

  • Fix pg_dump to work against pre-7.4 servers (Amit Langote, Tom Lane)

  • Disallow specifying both --source-server and --source-target options to pg_rewind (Michael Banck)

  • Make pg_rewind turn off synchronous_commit in its session on the source server (Michael Banck, Michael Paquier)

    This allows pg_rewind to work even when the source server is using synchronous replication that is not working for some reason.

  • Fix contrib/pg_visibility to report the correct TID for a corrupt tuple that has been the subject of a rolled-back update (Tom Lane)

  • Fix makefile dependencies so that parallel make of PL/Python by itself will succeed reliably (Pavel Raiskup)

• ⇑ Upgrade to 9.6.2 released on 2017-02-09 - docs

  • Ensure that the special snapshot used for catalog scans is not invalidated by premature data pruning (Tom Lane)

    Backends failed to account for this snapshot when advertising their oldest xmin, potentially allowing concurrent vacuuming operations to remove data that was still needed. This led to transient failures along the lines of "cache lookup failed for relation 1255".

  • Fix incorrect WAL logging for BRIN indexes (Kuntal Ghosh)

    The WAL record emitted for a BRIN "revmap" page when moving an index tuple to a different page was incorrect. Replay would make the related portion of the index useless, forcing it to be recomputed.

  • Unconditionally WAL-log creation of the "init fork" for an unlogged table (Michael Paquier)

    Previously, this was skipped when wal_level = minimal, but actually it's necessary even in that case to ensure that the unlogged table is properly reset to empty after a crash.

  • Disallow setting the num_sync field to zero in synchronous_standby_names (Fujii Masao)

    The correct way to disable synchronous standby is to set the whole value to an empty string.

  • Don't count background worker processes against a user's connection limit (David Rowley)

  • Fix tracking of initial privileges for extension member objects so that it works correctly with ALTER EXTENSION ... ADD/DROP (Stephen Frost)

    An object's current privileges at the time it is added to the extension will now be considered its default privileges; only later changes in its privileges will be dumped by subsequent pg_dump runs.

  • Fix incorrect updating of trigger function properties when changing a foreign-key constraint's deferrability properties with ALTER TABLE ... ALTER CONSTRAINT (Tom Lane)

    This led to odd failures during subsequent exercise of the foreign key, as the triggers were fired at the wrong times.

  • Prevent dropping a foreign-key constraint if there are pending trigger events for the referenced relation (Tom Lane)

    This avoids "could not find trigger NNN" or "relation NNN has no triggers" errors.

  • Fix ALTER TABLE ... SET DATA TYPE ... USING when child table has different column ordering than the parent (Álvaro Herrera)

    Failure to adjust the column numbering in the USING expression led to errors, typically "attribute N has wrong type".

  • Ensure that CREATE TABLE ... LIKE ... WITH OIDS creates a table with OIDs, whether or not the LIKE-referenced table(s) have OIDs (Tom Lane)

  • Fix CREATE OR REPLACE VIEW to update the view query before attempting to apply the new view options (Dean Rasheed)

    Previously the command would fail if the new options were inconsistent with the old view definition.

  • Fix commit timestamp mechanism to not fail when queried about the special XIDs FrozenTransactionId and BootstrapTransactionId (Craig Ringer)

  • Fix incorrect use of view reloptions as regular table reloptions (Tom Lane)

    The symptom was spurious "ON CONFLICT is not supported on table ... used as a catalog table" errors when the target of INSERT ... ON CONFLICT is a view with cascade option.

  • Fix incorrect "target lists can have at most N entries" complaint when using ON CONFLICT with wide tables (Tom Lane)

  • Fix spurious "query provides a value for a dropped column" errors during INSERT or UPDATE on a table with a dropped column (Tom Lane)

  • Prevent multicolumn expansion of foo.* in an UPDATE source expression (Tom Lane)

    This led to "UPDATE target count mismatch --- internal error". Now the syntax is understood as a whole-row variable, as it would be in other contexts.

  • Fix execution of DISTINCT and ordered aggregates when multiple such aggregates are able to share the same transition state (Heikki Linnakangas)

  • Fix implementation of phrase search operators in tsquery (Tom Lane)

    Remove incorrect, and inconsistently-applied, rewrite rules that tried to transform away AND/OR/NOT operators appearing below a PHRASE operator; instead upgrade the execution engine to handle such cases correctly. This fixes assorted strange behavior and possible crashes for text search queries containing such combinations. Also fix nested PHRASE operators to work sanely in combinations other than simple left-deep trees, correct the behavior when removing stopwords from a phrase search clause, and make sure that index searches behave consistently with simple sequential-scan application of such queries.

  • Improve speed of user-defined aggregates that use array_append() as transition function (Tom Lane)

  • Fix possible crash in array_position() or array_positions() when processing arrays of records (Junseok Yang)

  • Disable transform that attempted to remove no-op AT TIME ZONE conversions (Tom Lane)

    This resulted in wrong answers when the simplified expression was used in an index condition.

  • Fix crash if the number of workers available to a parallel query decreases during a rescan (Andreas Seltenreich)

  • Fix bugs in transmitting GUC parameter values to parallel workers (Michael Paquier, Tom Lane)

  • Allow statements prepared with PREPARE to be given parallel plans (Amit Kapila, Tobias Bussmann)

  • Fix incorrect generation of parallel plans for semi-joins (Tom Lane)

  • Fix planner's cardinality estimates for parallel joins (Robert Haas)

    Ensure that these estimates reflect the number of rows predicted to be seen by each worker, rather than the total.

  • Fix planner to avoid trying to parallelize plan nodes containing initplans or subplans (Tom Lane, Amit Kapila)

  • Fix the plan generated for sorted partial aggregation with a constant GROUP BY clause (Tom Lane)

  • Fix "could not find plan for CTE" planner error when dealing with a UNION ALL containing CTE references (Tom Lane)

  • Fix mishandling of initplans when forcibly adding a Material node to a subplan (Tom Lane)

    The typical consequence of this mistake was a "plan should not reference subplan's variable" error.

  • Fix foreign-key-based join selectivity estimation for semi-joins and anti-joins, as well as inheritance cases (Tom Lane)

    The new code for taking the existence of a foreign key relationship into account did the wrong thing in these cases, making the estimates worse not better than the pre-9.6 code.

  • Fix pg_dump to emit the data of a sequence that is marked as an extension configuration table (Michael Paquier)

  • Fix mishandling of ALTER DEFAULT PRIVILEGES ... REVOKE in pg_dump (Stephen Frost)

    pg_dump missed issuing the required REVOKE commands in cases where ALTER DEFAULT PRIVILEGES had been used to reduce privileges to less than they would normally be.

  • Fix pg_restore with --create --if-exists to behave more sanely if an archive contains unrecognized DROP commands (Tom Lane)

    This doesn't fix any live bug, but it may improve the behavior in future if pg_restore is used with an archive generated by a later pg_dump version.

  • Fix pg_basebackup's rate limiting in the presence of slow I/O (Antonin Houska)

    If disk I/O was transiently much slower than the specified rate limit, the calculation overflowed, effectively disabling the rate limit for the rest of the run.

  • Fix pg_basebackup's handling of symlinked pg_stat_tmp and pg_replslot subdirectories (Magnus Hagander, Michael Paquier)

  • Improve initdb to insert the correct platform-specific default values for the xxx_flush_after parameters into postgresql.conf (Fabien Coelho, Tom Lane)

    This is a cleaner way of documenting the default values than was used previously.

  • Fix possible mishandling of expanded arrays in domain check constraints and CASE execution (Tom Lane)

    It was possible for a PL/pgSQL function invoked in these contexts to modify or even delete an array value that needs to be preserved for additional operations.

  • Fix nested uses of PL/pgSQL functions in contexts such as domain check constraints evaluated during assignment to a PL/pgSQL variable (Tom Lane)

  • Fix incorrect error reporting for duplicate data in psql's \crosstabview (Tom Lane)

    psql sometimes quoted the wrong row and/or column values when complaining about multiple entries for the same crosstab cell.

  • Fix psql's tab completion for ALTER TABLE t ALTER c DROP ... (Kyotaro Horiguchi)

  • In psql, treat an empty or all-blank setting of the PAGER environment variable as meaning "no pager" (Tom Lane)

    Previously, such a setting caused output intended for the pager to vanish entirely.

  • Fix portability problems in contrib/pageinspect's functions for GIN indexes (Peter Eisentraut, Tom Lane)

  • Fix possible miss of socket read events while waiting on Windows (Amit Kapila)

    This error was harmless for most uses, but it is known to cause hangs when trying to use the pldebugger extension.

• ⇑ Upgrade to 9.6.3 released on 2017-05-11 - docs

  • Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options (Michael Paquier, Feike Steenbergen)

    The previous coding allowed the owner of a foreign server object, or anyone he has granted server USAGE permission to, to see the options for all user mappings associated with that server. This might well include passwords for other users. Adjust the view definition to match the behavior of information_schema.user_mapping_options, namely that these options are visible to the user being mapped, or if the mapping is for PUBLIC and the current user is the server owner, or if the current user is a superuser. (CVE-2017-7486)

    By itself, this patch will only fix the behavior in newly initdb'd databases. If you wish to apply this change in an existing database, follow the corrected procedure shown in the changelog entry for CVE-2017-7547, in Section E.13.

  • Fix possibly-invalid initial snapshot during logical decoding (Petr Jelinek, Andres Freund)

    The initial snapshot created for a logical decoding replication slot was potentially incorrect. This could cause third-party tools that use logical decoding to copy incomplete/inconsistent initial data. This was more likely to happen if the source server was busy at the time of slot creation, or if another logical slot already existed.

    If you are using a replication tool that depends on logical decoding, and it should have copied a nonempty data set at the start of replication, it is advisable to recreate the replica after installing this update, or to verify its contents against the source server.

  • Fix possible corruption of "init forks" of unlogged indexes (Robert Haas, Michael Paquier)

    This could result in an unlogged index being set to an invalid state after a crash and restart. Such a problem would persist until the index was dropped and rebuilt.

  • Avoid possible crash in walsender due to failure to initialize a string buffer (Stas Kelvich, Fujii Masao)

  • Fix possible crash when rescanning a nearest-neighbor index-only scan on a GiST index (Tom Lane)

  • Prevent delays in postmaster's launching of multiple parallel worker processes (Tom Lane)

    There could be a significant delay (up to tens of seconds) before satisfying a query's request for more than one worker process, or when multiple queries requested workers simultaneously. On most platforms this required unlucky timing, but on some it was the typical case.

  • Fix postmaster's handling of fork() failure for a background worker process (Tom Lane)

    Previously, the postmaster updated portions of its state as though the process had been launched successfully, resulting in subsequent confusion.

  • Fix possible "no relation entry for relid 0" error when planning nested set operations (Tom Lane)

  • Fix assorted minor issues in planning of parallel queries (Robert Haas)

  • Avoid applying "physical targetlist" optimization to custom scans (Dmitry Ivanov, Tom Lane)

    This optimization supposed that retrieving all columns of a tuple is inexpensive, which is true for ordinary Postgres tuples; but it might not be the case for a custom scan provider.

  • Use the correct sub-expression when applying a FOR ALL row-level-security policy (Stephen Frost)

    In some cases the WITH CHECK restriction would be applied when the USING restriction is more appropriate.

  • Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse to child tables when the constraint is marked NO INHERIT (Amit Langote)

    This fix prevents unwanted "constraint does not exist" failures when no matching constraint is present in the child tables.

  • Avoid dangling pointer in COPY ... TO when row-level security is active for the source table (Tom Lane)

    Usually this had no ill effects, but sometimes it would cause unexpected errors or crashes.

  • Avoid accessing an already-closed relcache entry in CLUSTER and VACUUM FULL (Tom Lane)

    With some bad luck, this could lead to indexes on the target relation getting rebuilt with the wrong persistence setting.

  • Fix incorrect support for certain box operators in SP-GiST (Nikita Glukhov)

    SP-GiST index scans using the operators &< &> &<| and |&> would yield incorrect answers.

  • Fix integer-overflow problems in interval comparison (Kyotaro Horiguchi, Tom Lane)

    The comparison operators for type interval could yield wrong answers for intervals larger than about 296000 years. Indexes on columns containing such large values should be reindexed, since they may be corrupt.

  • Fix roundoff problems in float8_timestamptz() and make_interval() (Tom Lane)

    These functions truncated, rather than rounded, when converting a floating-point value to integer microseconds; that could cause unexpectedly off-by-one results.

  • Fix pg_get_object_address() to handle members of operator families correctly (Álvaro Herrera)

  • Fix cancelling of pg_stop_backup() when attempting to stop a non-exclusive backup (Michael Paquier, David Steele)

    If pg_stop_backup() was cancelled while waiting for a non-exclusive backup to end, related state was left inconsistent; a new exclusive backup could not be started, and there were other minor problems.

  • Reduce memory management overhead for contexts containing many large blocks (Tom Lane)

  • Fix pgbench to handle the combination of --connect and --rate options correctly (Fabien Coelho)

  • Fix pgbench to honor the long-form option spelling --builtin, as per its documentation (Tom Lane)

  • Fix pg_dump/pg_restore to correctly handle privileges for the public schema when using --clean option (Stephen Frost)

    Other schemas start out with no privileges granted, but public does not; this requires special-case treatment when it is dropped and restored due to the --clean option.

  • Fix typo in pg_dump's query for initial privileges of a procedural language (Peter Eisentraut)

    This resulted in pg_dump always believing that the language had no initial privileges. Since that's true for most procedural languages, ill effects from this bug are probably rare.

  • Fix pg_upgrade to transfer comments and security labels attached to "large objects" (blobs) (Stephen Frost)

    Previously, blobs were correctly transferred to the new database, but any comments or security labels attached to them were lost.

  • In contrib/postgres_fdw, allow join conditions that contain shippable extension-provided functions to be pushed to the remote server (David Rowley, Ashutosh Bapat)

  • Support Tcl 8.6 in MSVC builds (Álvaro Herrera)

  • Use correct daylight-savings rules for POSIX-style time zone names in MSVC builds (David Rowley)

    The Microsoft MSVC build scripts neglected to install the posixrules file in the timezone directory tree. This resulted in the timezone code falling back to its built-in rule about what DST behavior to assume for a POSIX-style time zone name. For historical reasons that still corresponds to the DST rules the USA was using before 2007 (i.e., change on first Sunday in April and last Sunday in October). With this fix, a POSIX-style zone name will use the current and historical DST transition dates of the US/Eastern zone. If you don't want that, remove the posixrules file, or replace it with a copy of some other zone file (see Section 8.5.3). Note that due to caching, you may need to restart the server to get such changes to take effect.

• ⇑ Upgrade to 9.6.4 released on 2017-08-10 - docs

  • Make lo_put() check for UPDATE privilege on the target large object (Tom Lane, Michael Paquier)

    lo_put() should surely require the same permissions as lowrite(), but the check was missing, allowing any user to change the data in a large object. (CVE-2017-7548)

  • Correct the documentation about the process for upgrading standby servers with pg_upgrade (Bruce Momjian)

    The previous documentation instructed users to start/stop the primary server after running pg_upgrade but before syncing the standby servers. This sequence is unsafe.

  • Fix concurrent locking of tuple update chains (Álvaro Herrera)

    If several sessions concurrently lock a tuple update chain with nonconflicting lock modes using an old snapshot, and they all succeed, it was possible for some of them to nonetheless fail (and conclude there is no live tuple version) due to a race condition. This had consequences such as foreign-key checks failing to see a tuple that definitely exists but is being updated concurrently.

  • Avoid integer overflow and ensuing crash when sorting more than one billion tuples in-memory (Sergey Koposov)

  • Fix walsender to exit promptly when client requests shutdown (Tom Lane)

  • Prevent walsender-triggered panics during shutdown checkpoints (Andres Freund, Michael Paquier)

  • Fix leakage of small subtransactions spilled to disk during logical decoding (Andres Freund)

    This resulted in temporary files consuming excessive disk space.

  • Reduce the work needed to build snapshots during creation of logical-decoding slots (Andres Freund, Petr Jelinek)

    The previous algorithm was infeasibly expensive on a server with a lot of open transactions.

  • Fix race condition that could indefinitely delay creation of logical-decoding slots (Andres Freund, Petr Jelinek)

  • Reduce overhead in processing syscache invalidation events (Tom Lane)

    This is particularly helpful for logical decoding, which triggers frequent cache invalidation.

  • Remove incorrect heuristic used in some cases to estimate join selectivity based on the presence of foreign-key constraints (David Rowley)

    In some cases where a multi-column foreign key constraint existed but did not exactly match a query's join structure, the planner used an estimation heuristic that turns out not to work well at all. Revert such cases to the way they were estimated before 9.6.

  • Ensure that a view's CHECK OPTIONS clause is enforced properly when the underlying table is a foreign table (Etsuro Fujita)

    Previously, the update might get pushed entirely to the foreign server, but the need to verify the view conditions was missed if so.

  • Fix dangling pointer in ALTER TABLE when there is a comment on a constraint belonging to the table (David Rowley)

    Re-applying the comment to the reconstructed constraint could fail with a weird error message, or even crash.

  • Allow a foreign table's CHECK constraints to be initially NOT VALID (Amit Langote)

    CREATE TABLE silently drops NOT VALID specifiers for CHECK constraints, reasoning that the table must be empty so the constraint can be validated immediately. But this is wrong for CREATE FOREIGN TABLE, where there's no reason to suppose that the underlying table is empty, and even if it is it's no business of ours to decide that the constraint can be treated as valid going forward. Skip this "optimization" for foreign tables.

  • Allow parallelism in the query plan when COPY copies from a query's result (Andres Freund)

  • Use relevant #define symbols from Perl while compiling PL/Perl (Ashutosh Sharma, Tom Lane)

    This avoids portability problems, typically manifesting as a "handshake" mismatch during library load, when working with recent Perl versions.

  • Improve pg_dump/pg_restore's reporting of error conditions originating in zlib (Vladimir Kunschikov, Álvaro Herrera)

  • Fix pg_dump with the --clean option to not fail when the public schema doesn't exist (Stephen Frost)

  • Fix pg_rewind to correctly handle files exceeding 2GB (Kuntal Ghosh, Michael Paquier)

    Ordinarily such files won't appear in PostgreSQL data directories, but they could be present in some cases.

  • Fix pg_xlogdump's computation of WAL record length (Andres Freund)

  • Increase MAX_SYSCACHE_CALLBACKS to provide more room for extensions (Tom Lane)

  • In MSVC builds, honor PROVE_FLAGS settings on vcregress.pl's command line (Andrew Dunstan)

• ⇑ Upgrade to 9.6.5 released on 2017-08-31 - docs

  • Clean up handling of a fatal exit (e.g., due to receipt of SIGTERM) that occurs while trying to execute a ROLLBACK of a failed transaction (Tom Lane)

    This situation could result in an assertion failure. In production builds, the exit would still occur, but it would log an unexpected message about "cannot drop active portal".

  • Prevent crash when passing fixed-length pass-by-reference data types to parallel worker processes (Tom Lane)

  • Fix crash in pg_restore when using parallel mode and using a list file to select a subset of items to restore (Fabrízio de Royes Mello)

  • Change ecpg's parser to recognize backslash continuation of C preprocessor command lines (Michael Meskes)

  • Fix make check to behave correctly when invoked via a non-GNU make program (Thomas Munro)

• ⇑ Upgrade to 10 released on 2017-10-05 - docs

  • Hash indexes must be rebuilt after pg_upgrade-ing from any previous major PostgreSQL version (Mithun Cy, Robert Haas, Amit Kapila)

    Major hash index improvements necessitated this requirement. pg_upgrade will create a script to assist with this.

  • Rename write-ahead log directory pg_xlog to pg_wal, and rename transaction status directory pg_clog to pg_xact (Michael Paquier)

    Users have occasionally thought that these directories contained only inessential log files, and proceeded to remove write-ahead log files or transaction status files manually, causing irrecoverable data loss. These name changes are intended to discourage such errors in future.

  • Rename SQL functions, tools, and options that reference “xlog” to “wal” (Robert Haas)

    For example, pg_switch_xlog() becomes pg_switch_wal(), pg_receivexlog becomes pg_receivewal, and --xlogdir becomes --waldir. This is for consistency with the change of the pg_xlog directory name; in general, the “xlog” terminology is no longer used in any user-facing places.

  • Rename WAL-related functions and views to use lsn instead of location (David Rowley)

    There was previously an inconsistent mixture of the two terminologies.

  • Change the implementation of set-returning functions appearing in a query's SELECT list (Andres Freund)

    Set-returning functions are now evaluated before evaluation of scalar expressions in the SELECT list, much as though they had been placed in a LATERAL FROM-clause item. This allows saner semantics for cases where multiple set-returning functions are present. If they return different numbers of rows, the shorter results are extended to match the longest result by adding nulls. Previously the results were cycled until they all terminated at the same time, producing a number of rows equal to the least common multiple of the functions' periods. In addition, set-returning functions are now disallowed within CASE and COALESCE constructs. For more information see Section 37.4.8.

  • Use standard row constructor syntax in UPDATE ... SET (column_list) = row_constructor (Tom Lane)

    The row_constructor can now begin with the keyword ROW; previously that had to be omitted. If just one column name appears in the column_list, then the row_constructor now must use the ROW keyword, since otherwise it is not a valid row constructor but just a parenthesized expression. Also, an occurrence of table_name.* within the row_constructor is now expanded into multiple columns, as occurs in other uses of row_constructors.

  • When ALTER TABLE ... ADD PRIMARY KEY marks columns NOT NULL, that change now propagates to inheritance child tables as well (Michael Paquier)

  • Prevent statement-level triggers from firing more than once per statement (Tom Lane)

    Cases involving writable CTEs updating the same table updated by the containing statement, or by another writable CTE, fired BEFORE STATEMENT or AFTER STATEMENT triggers more than once. Also, if there were statement-level triggers on a table affected by a foreign key enforcement action (such as ON DELETE CASCADE), they could fire more than once per outer SQL statement. This is contrary to the SQL standard, so change it.

  • Move sequences' metadata fields into a new pg_sequence system catalog (Peter Eisentraut)

    A sequence relation now stores only the fields that can be modified by nextval(), that is last_value, log_cnt, and is_called. Other sequence properties, such as the starting value and increment, are kept in a corresponding row of the pg_sequence catalog. ALTER SEQUENCE updates are now fully transactional, implying that the sequence is locked until commit. The nextval() and setval() functions remain nontransactional.

    The main incompatibility introduced by this change is that selecting from a sequence relation now returns only the three fields named above. To obtain the sequence's other properties, applications must look into pg_sequence. The new system view pg_sequences can also be used for this purpose; it provides column names that are more compatible with existing code.

    Also, sequences created for SERIAL columns now generate positive 32-bit wide values, whereas previous versions generated 64-bit wide values. This has no visible effect if the values are only stored in a column.

    The output of psql's \d command for a sequence has been redesigned, too.

  • Make pg_basebackup stream the WAL needed to restore the backup by default (Magnus Hagander)

    This changes pg_basebackup's -X/--wal-method default to stream. An option value none has been added to reproduce the old behavior. The pg_basebackup option -x has been removed (instead, use -X fetch).

  • Change how logical replication uses pg_hba.conf (Peter Eisentraut)

    In previous releases, a logical replication connection required the replication keyword in the database column. As of this release, logical replication matches a normal entry with a database name or keywords such as all. Physical replication continues to use the replication keyword. Since built-in logical replication is new in this release, this change only affects users of third-party logical replication plugins.

  • Make all pg_ctl actions wait for completion by default (Peter Eisentraut)

    Previously some pg_ctl actions didn't wait for completion, and required the use of -w to do so.

  • Change the default value of the log_directory server parameter from pg_log to log (Andreas Karlsson)

  • Add configuration option ssl_dh_params_file to specify file name for custom OpenSSL DH parameters (Heikki Linnakangas)

    This replaces the hardcoded, undocumented file name dh1024.pem. Note that dh1024.pem is no longer examined by default; you must set this option if you want to use custom DH parameters.

  • Increase the size of the default DH parameters used for OpenSSL ephemeral DH ciphers to 2048 bits (Heikki Linnakangas)

    The size of the compiled-in DH parameters has been increased from 1024 to 2048 bits, making DH key exchange more resistant to brute-force attacks. However, some old SSL implementations, notably some revisions of Java Runtime Environment version 6, will not accept DH parameters longer than 1024 bits, and hence will not be able to connect over SSL. If it's necessary to support such old clients, you can use custom 1024-bit DH parameters instead of the compiled-in defaults. See ssl_dh_params_file.

  • Remove the ability to store unencrypted passwords on the server (Heikki Linnakangas)

    The password_encryption server parameter no longer supports off or plain. The UNENCRYPTED option is no longer supported in CREATE/ALTER USER ... PASSWORD. Similarly, the --unencrypted option has been removed from createuser. Unencrypted passwords migrated from older versions will be stored encrypted in this release. The default setting for password_encryption is still md5.

  • Add min_parallel_table_scan_size and min_parallel_index_scan_size server parameters to control parallel queries (Amit Kapila, Robert Haas)

    These replace min_parallel_relation_size, which was found to be too generic.

  • Don't downcase unquoted text within shared_preload_libraries and related server parameters (QL Zhuo)

    These settings are really lists of file names, but they were previously treated as lists of SQL identifiers, which have different parsing rules.

  • Remove sql_inheritance server parameter (Robert Haas)

    Changing this setting from the default value caused queries referencing parent tables to not include child tables. The SQL standard requires them to be included, however, and this has been the default since PostgreSQL 7.1.

  • Allow multi-dimensional arrays to be passed into PL/Python functions, and returned as nested Python lists (Alexey Grishchenko, Dave Cramer, Heikki Linnakangas)

    This feature requires a backwards-incompatible change to the handling of arrays of composite types in PL/Python. Previously, you could return an array of composite values by writing, e.g., [[col1, col2], [col1, col2]]; but now that is interpreted as a two-dimensional array. Composite types in arrays must now be written as Python tuples, not lists, to resolve the ambiguity; that is, write [(col1, col2), (col1, col2)] instead.

  • Remove PL/Tcl's “module” auto-loading facility (Tom Lane)

    This functionality has been replaced by new server parameters pltcl.start_proc and pltclu.start_proc, which are easier to use and more similar to features available in other PLs.

  • Remove pg_dump/pg_dumpall support for dumping from pre-8.0 servers (Tom Lane)

    Users needing to dump from pre-8.0 servers will need to use dump programs from PostgreSQL 9.6 or earlier. The resulting output should still load successfully into newer servers.

  • Remove support for floating-point timestamps and intervals (Tom Lane)

    This removes configure's --disable-integer-datetimes option. Floating-point timestamps have few advantages and have not been the default since PostgreSQL 8.3.

  • Remove server support for client/server protocol version 1.0 (Tom Lane)

    This protocol hasn't had client support since PostgreSQL 6.3.

  • Remove contrib/tsearch2 module (Robert Haas)

    This module provided compatibility with the version of full text search that shipped in pre-8.3 PostgreSQL releases.

  • Remove createlang and droplang command-line applications (Peter Eisentraut)

    These had been deprecated since PostgreSQL 9.1. Instead, use CREATE EXTENSION and DROP EXTENSION directly.

  • Remove support for version-0 function calling conventions (Andres Freund)

    Extensions providing C-coded functions must now conform to version 1 calling conventions. Version 0 has been deprecated since 2001.

  • Support parallel B-tree index scans (Rahila Syed, Amit Kapila, Robert Haas, Rafia Sabih)

    This change allows B-tree index pages to be searched by separate parallel workers.

  • Support parallel bitmap heap scans (Dilip Kumar)

    This allows a single index scan to dispatch parallel workers to process different areas of the heap.

  • Allow merge joins to be performed in parallel (Dilip Kumar)

  • Allow non-correlated subqueries to be run in parallel (Amit Kapila)

  • Improve ability of parallel workers to return pre-sorted data (Rushabh Lathia)

  • Increase parallel query usage in procedural language functions (Robert Haas, Rafia Sabih)

  • Add max_parallel_workers server parameter to limit the number of worker processes that can be used for query parallelism (Julien Rouhaud)

    This parameter can be set lower than max_worker_processes to reserve worker processes for purposes other than parallel queries.

  • Enable parallelism by default by changing the default setting of max_parallel_workers_per_gather to 2.

  • Add write-ahead logging support to hash indexes (Amit Kapila)

    This makes hash indexes crash-safe and replicatable. The former warning message about their use is removed.

  • Improve hash index performance (Amit Kapila, Mithun Cy, Ashutosh Sharma)

  • Add SP-GiST index support for INET and CIDR data types (Emre Hasegeli)

  • Add option to allow BRIN index summarization to happen more aggressively (Álvaro Herrera)

    A new CREATE INDEX option enables auto-summarization of the previous BRIN page range when a new page range is created.

  • Add functions to remove and re-add BRIN summarization for BRIN index ranges (Álvaro Herrera)

    The new SQL function brin_summarize_range() updates BRIN index summarization for a specified range and brin_desummarize_range() removes it. This is helpful to update summarization of a range that is now smaller due to UPDATEs and DELETEs.

  • Improve accuracy in determining if a BRIN index scan is beneficial (David Rowley, Emre Hasegeli)

  • Allow faster GiST inserts and updates by reusing index space more efficiently (Andrey Borodin)

  • Reduce page locking during vacuuming of GIN indexes (Andrey Borodin)

  • Reduce locking required to change table parameters (Simon Riggs, Fabrízio Mello)

    For example, changing a table's effective_io_concurrency setting can now be done with a more lightweight lock.

  • Allow tuning of predicate lock promotion thresholds (Dagfinn Ilmari Mannsåker)

    Lock promotion can now be controlled through two new server parameters, max_pred_locks_per_relation and max_pred_locks_per_page.

  • Add multi-column optimizer statistics to compute the correlation ratio and number of distinct values (Tomas Vondra, David Rowley, Álvaro Herrera)

    New commands are CREATE STATISTICS, ALTER STATISTICS, and DROP STATISTICS. This feature is helpful in estimating query memory usage and when combining the statistics from individual columns.

  • Improve performance of queries affected by row-level security restrictions (Tom Lane)

    The optimizer now has more knowledge about where it can place RLS filter conditions, allowing better plans to be generated while still enforcing the RLS conditions safely.

  • Speed up aggregate functions that calculate a running sum using numeric-type arithmetic, including some variants of SUM(), AVG(), and STDDEV() (Heikki Linnakangas)

  • Improve performance of character encoding conversions by using radix trees (Kyotaro Horiguchi, Heikki Linnakangas)

  • Reduce expression evaluation overhead during query execution, as well as plan node calling overhead (Andres Freund)

    This is particularly helpful for queries that process many rows.

  • Allow hashed aggregation to be used with grouping sets (Andrew Gierth)

  • Use uniqueness guarantees to optimize certain join types (David Rowley)

  • Improve sort performance of the macaddr data type (Brandur Leach)

  • Reduce statistics tracking overhead in sessions that reference many thousands of relations (Aleksander Alekseev)

  • Allow explicit control over EXPLAIN's display of planning and execution time (Ashutosh Bapat)

    By default planning and execution time are displayed by EXPLAIN ANALYZE and are not displayed in other cases. The new EXPLAIN option SUMMARY allows explicit control of this.

  • Add default monitoring roles (Dave Page)

    New roles pg_monitor, pg_read_all_settings, pg_read_all_stats, and pg_stat_scan_tables allow simplified permission configuration.

  • Properly update the statistics collector during REFRESH MATERIALIZED VIEW (Jim Mlodgenski)

  • Change the default value of log_line_prefix to include current timestamp (with milliseconds) and the process ID in each line of postmaster log output (Christoph Berg)

    The previous default was an empty prefix.

  • Add functions to return the log and WAL directory contents (Dave Page)

    The new functions are pg_ls_logdir() and pg_ls_waldir() and can be executed by non-superusers with the proper permissions.

  • Add function pg_current_logfile() to read logging collector's current stderr and csvlog output file names (Gilles Darold)

  • Report the address and port number of each listening socket in the server log during postmaster startup (Tom Lane)

    Also, when logging failure to bind a listening socket, include the specific address we attempted to bind to.

  • Reduce log chatter about the starting and stopping of launcher subprocesses (Tom Lane)

    These are now DEBUG1-level messages.

  • Reduce message verbosity of lower-numbered debug levels controlled by log_min_messages (Robert Haas)

    This also changes the verbosity of client_min_messages debug levels.

  • Add pg_stat_activity reporting of low-level wait states (Michael Paquier, Robert Haas, Rushabh Lathia)

    This change enables reporting of numerous low-level wait conditions, including latch waits, file reads/writes/fsyncs, client reads/writes, and synchronous replication.

  • Show auxiliary processes, background workers, and walsender processes in pg_stat_activity (Kuntal Ghosh, Michael Paquier)

    This simplifies monitoring. A new column backend_type identifies the process type.

  • Allow pg_stat_activity to show the SQL query being executed by parallel workers (Rafia Sabih)

  • Rename pg_stat_activity.wait_event_type values LWLockTranche and LWLockNamed to LWLock (Robert Haas)

    This makes the output more consistent.

  • Add SCRAM-SHA-256 support for password negotiation and storage (Michael Paquier, Heikki Linnakangas)

    This provides better security than the existing md5 negotiation and storage method.

  • Change the password_encryption server parameter from boolean to enum (Michael Paquier)

    This was necessary to support additional password hashing options.

  • Add view pg_hba_file_rules to display the contents of pg_hba.conf (Haribabu Kommi)

    This shows the file contents, not the currently active settings.

  • Support multiple RADIUS servers (Magnus Hagander)

    All the RADIUS related parameters are now plural and support a comma-separated list of servers.

  • Allow SSL configuration to be updated during configuration reload (Andreas Karlsson, Tom Lane)

    This allows SSL to be reconfigured without a server restart, by using pg_ctl reload, SELECT pg_reload_conf(), or sending a SIGHUP signal. However, reloading the SSL configuration does not work if the server's SSL key requires a passphrase, as there is no way to re-prompt for the passphrase. The original configuration will apply for the life of the postmaster in that case.

  • Make the maximum value of bgwriter_lru_maxpages effectively unlimited (Jim Nasby)

  • After creating or unlinking files, perform an fsync on their parent directory (Michael Paquier)

    This reduces the risk of data loss after a power failure.

  • Prevent unnecessary checkpoints and WAL archiving on otherwise-idle systems (Michael Paquier)

  • Add wal_consistency_checking server parameter to add details to WAL that can be sanity-checked on the standby (Kuntal Ghosh, Robert Haas)

    Any sanity-check failure generates a fatal error on the standby.

  • Increase the maximum configurable WAL segment size to one gigabyte (Beena Emerson)

    A larger WAL segment size allows for fewer archive_command invocations and fewer WAL files to manage.

  • Add the ability to logically replicate tables to standby servers (Petr Jelinek)

    Logical replication allows more flexibility than physical replication does, including replication between different major versions of PostgreSQL and selective replication.

  • Allow waiting for commit acknowledgment from standby servers irrespective of the order they appear in synchronous_standby_names (Masahiko Sawada)

    Previously the server always waited for the active standbys that appeared first in synchronous_standby_names. The new synchronous_standby_names keyword ANY allows waiting for any number of standbys irrespective of their ordering. This is known as quorum commit.

  • Reduce configuration changes necessary to perform streaming backup and replication (Magnus Hagander, Dang Minh Huong)

    Specifically, the defaults were changed for wal_level, max_wal_senders, max_replication_slots, and hot_standby to make them suitable for these usages out-of-the-box.

  • Enable replication from localhost connections by default in pg_hba.conf (Michael Paquier)

    Previously pg_hba.conf's replication connection lines were commented out by default. This is particularly useful for pg_basebackup.

  • Add columns to pg_stat_replication to report replication delay times (Thomas Munro)

    The new columns are write_lag, flush_lag, and replay_lag.

  • Allow specification of the recovery stopping point by Log Sequence Number (LSN) in recovery.conf (Michael Paquier)

    Previously the stopping point could only be selected by timestamp or XID.

  • Allow users to disable pg_stop_backup()'s waiting for all WAL to be archived (David Steele)

    An optional second argument to pg_stop_backup() controls that behavior.

  • Allow creation of temporary replication slots (Petr Jelinek)

    Temporary slots are automatically removed on session exit or error.

  • Improve performance of hot standby replay with better tracking of Access Exclusive locks (Simon Riggs, David Rowley)

  • Speed up two-phase commit recovery performance (Stas Kelvich, Nikhil Sontakke, Michael Paquier)

  • Add XMLTABLE function that converts XML-formatted data into a row set (Pavel Stehule, Álvaro Herrera)

  • Fix regular expressions' character class handling for large character codes, particularly Unicode characters above U+7FF (Tom Lane)

    Previously, such characters were never recognized as belonging to locale-dependent character classes such as [[:alpha:]].

  • Add table partitioning syntax that automatically creates partition constraints and handles routing of tuple insertions and updates (Amit Langote)

    The syntax supports range and list partitioning.

  • Add AFTER trigger transition tables to record changed rows (Kevin Grittner, Thomas Munro)

    Transition tables are accessible from triggers written in server-side languages.

  • Allow restrictive row-level security policies (Stephen Frost)

    Previously all security policies were permissive, meaning that any matching policy allowed access. A restrictive policy must match for access to be granted. These policy types can be combined.

  • When creating a foreign-key constraint, check for REFERENCES permission on only the referenced table (Tom Lane)

    Previously REFERENCES permission on the referencing table was also required. This appears to have stemmed from a misreading of the SQL standard. Since creating a foreign key (or any other type of) constraint requires ownership privilege on the constrained table, additionally requiring REFERENCES permission seems rather pointless.

  • Allow default permissions on schemas (Matheus Oliveira)

    This is done using the ALTER DEFAULT PRIVILEGES command.

  • Add CREATE SEQUENCE AS command to create a sequence matching an integer data type (Peter Eisentraut)

    This simplifies the creation of sequences matching the range of base columns.

  • Allow COPY view FROM source on views with INSTEAD INSERT triggers (Haribabu Kommi)

    The triggers are fed the data rows read by COPY.

  • Allow the specification of a function name without arguments in DDL commands, if it is unique (Peter Eisentraut)

    For example, allow DROP FUNCTION on a function name without arguments if there is only one function with that name. This behavior is required by the SQL standard.

  • Allow multiple functions, operators, and aggregates to be dropped with a single DROP command (Peter Eisentraut)

  • Support IF NOT EXISTS in CREATE SERVER, CREATE USER MAPPING, and CREATE COLLATION (Anastasia Lubennikova, Peter Eisentraut)

  • Make VACUUM VERBOSE report the number of skipped frozen pages and oldest xmin (Masahiko Sawada, Simon Riggs)

    This information is also included in log_autovacuum_min_duration output.

  • Improve speed of VACUUM's removal of trailing empty heap pages (Claudio Freire, Álvaro Herrera)

  • Add full text search support for JSON and JSONB (Dmitry Dolgov)

    The functions ts_headline() and to_tsvector() can now be used on these data types.

  • Add support for EUI-64 MAC addresses, as a new data type macaddr8 (Haribabu Kommi)

    This complements the existing support for EUI-48 MAC addresses (type macaddr).

  • Add identity columns for assigning a numeric value to columns on insert (Peter Eisentraut)

    These are similar to SERIAL columns, but are SQL standard compliant.

  • Allow ENUM values to be renamed (Dagfinn Ilmari Mannsåker)

    This uses the syntax ALTER TYPE ... RENAME VALUE.

  • Properly treat array pseudotypes (anyarray) as arrays in to_json() and to_jsonb() (Andrew Dunstan)

    Previously columns declared as anyarray (particularly those in the pg_stats view) were converted to JSON strings rather than arrays.

  • Add operators for multiplication and division of money values with int8 values (Peter Eisentraut)

    Previously such cases would result in converting the int8 values to float8 and then using the money-and-float8 operators. The new behavior avoids possible precision loss. But note that division of money by int8 now truncates the quotient, like other integer-division cases, while the previous behavior would have rounded.

  • Check for overflow in the money type's input function (Peter Eisentraut)

  • Add simplified regexp_match() function (Emre Hasegeli)

    This is similar to regexp_matches(), but it only returns results from the first match so it does not need to return a set, making it easier to use for simple cases.

  • Add a version of jsonb's delete operator that takes an array of keys to delete (Magnus Hagander)

  • Make json_populate_record() and related functions process JSON arrays and objects recursively (Nikita Glukhov)

    With this change, array-type fields in the destination SQL type are properly converted from JSON arrays, and composite-type fields are properly converted from JSON objects. Previously, such cases would fail because the text representation of the JSON value would be fed to array_in() or record_in(), and its syntax would not match what those input functions expect.

  • Add function txid_current_if_assigned() to return the current transaction ID or NULL if no transaction ID has been assigned (Craig Ringer)

    This is different from txid_current(), which always returns a transaction ID, assigning one if necessary. Unlike that function, this function can be run on standby servers.

  • Add function txid_status() to check if a transaction was committed (Craig Ringer)

    This is useful for checking after an abrupt disconnection whether your previous transaction committed and you just didn't receive the acknowledgment.

  • Allow make_date() to interpret negative years as BC years (Álvaro Herrera)

  • Make to_timestamp() and to_date() reject out-of-range input fields (Artur Zakirov)

    For example, previously to_date('2009-06-40','YYYY-MM-DD') was accepted and returned 2009-07-10. It will now generate an error.

  • Allow PL/Python's cursor() and execute() functions to be called as methods of their plan-object arguments (Peter Eisentraut)

    This allows a more object-oriented programming style.

  • Allow PL/pgSQL's GET DIAGNOSTICS statement to retrieve values into array elements (Tom Lane)

    Previously, a syntactic restriction prevented the target variable from being an array element.

  • Allow PL/Tcl functions to return composite types and sets (Karl Lehenbauer)

  • Add a subtransaction command to PL/Tcl (Victor Wagner)

    This allows PL/Tcl queries to fail without aborting the entire function.

  • Add server parameters pltcl.start_proc and pltclu.start_proc, to allow initialization functions to be called on PL/Tcl startup (Tom Lane)

  • Allow specification of multiple host names or addresses in libpq connection strings and URIs (Robert Haas, Heikki Linnakangas)

    libpq will connect to the first responsive server in the list.

  • Allow libpq connection strings and URIs to request a read/write host, that is a master server rather than a standby server (Victor Wagner, Mithun Cy)

    This is useful when multiple host names are specified. It is controlled by libpq connection parameter target_session_attrs.

  • Allow the password file name to be specified as a libpq connection parameter (Julian Markwort)

    Previously this could only be specified via an environment variable.

  • Add function PQencryptPasswordConn() to allow creation of more types of encrypted passwords on the client side (Michael Paquier, Heikki Linnakangas)

    Previously only MD5-encrypted passwords could be created using PQencryptPassword(). This new function can also create SCRAM-SHA-256-encrypted passwords.

  • Change ecpg preprocessor version from 4.12 to 10 (Tom Lane)

    Henceforth the ecpg version will match the PostgreSQL distribution version number.

  • Add conditional branch support to psql (Corey Huinker)

    This feature adds psql meta-commands \if, \elif, \else, and \endif. This is primarily helpful for scripting.

  • Add psql \gx meta-command to execute (\g) a query in expanded mode (\x) (Christoph Berg)

  • Expand psql variable references in backtick-executed strings (Tom Lane)

    This is particularly useful in the new psql conditional branch commands.

  • Prevent psql's special variables from being set to invalid values (Daniel Vérité, Tom Lane)

    Previously, setting one of psql's special variables to an invalid value silently resulted in the default behavior. \set on a special variable now fails if the proposed new value is invalid. As a special exception, \set with an empty or omitted new value, on a boolean-valued special variable, still has the effect of setting the variable to on; but now it actually acquires that value rather than an empty string. \unset on a special variable now explicitly sets the variable to its default value, which is also the value it acquires at startup. In sum, a control variable now always has a displayable value that reflects what psql is actually doing.

  • Add variables showing server version and psql version (Fabien Coelho)

  • Improve psql's \d (display relation) and \dD (display domain) commands to show collation, nullable, and default properties in separate columns (Peter Eisentraut)

    Previously they were shown in a single “Modifiers” column.

  • Make the various \d commands handle no-matching-object cases more consistently (Daniel Gustafsson)

    They now all print the message about that to stderr, not stdout, and the message wording is more consistent.

  • Improve psql's tab completion (Jeff Janes, Ian Barwick, Andreas Karlsson, Sehrope Sarkuni, Thomas Munro, Kevin Grittner, Dagfinn Ilmari Mannsåker)

  • Add pgbench option --log-prefix to control the log file prefix (Masahiko Sawada)

  • Allow pgbench's meta-commands to span multiple lines (Fabien Coelho)

    A meta-command can now be continued onto the next line by writing backslash-return.

  • Remove restriction on placement of -M option relative to other command line options (Tom Lane)

  • Add pg_receivewal option -Z/--compress to specify compression (Michael Paquier)

  • Add pg_recvlogical option --endpos to specify the ending position (Craig Ringer)

    This complements the existing --startpos option.

  • Rename initdb options --noclean and --nosync to be spelled --no-clean and --no-sync (Vik Fearing, Peter Eisentraut)

    The old spellings are still supported.

  • Allow pg_restore to exclude schemas (Michael Banck)

    This adds a new -N/--exclude-schema option.

  • Add --no-blobs option to pg_dump (Guillaume Lelarge)

    This suppresses dumping of large objects.

  • Add pg_dumpall option --no-role-passwords to omit role passwords (Robins Tharakan, Simon Riggs)

    This allows use of pg_dumpall by non-superusers; without this option, it fails due to inability to read passwords.

  • Support using synchronized snapshots when dumping from a standby server (Petr Jelinek)

  • Issue fsync() on the output files generated by pg_dump and pg_dumpall (Michael Paquier)

    This provides more security that the output is safely stored on disk before the program exits. This can be disabled with the new --no-sync option.

  • Allow pg_basebackup to stream write-ahead log in tar mode (Magnus Hagander)

    The WAL will be stored in a separate tar file from the base backup.

  • Make pg_basebackup use temporary replication slots (Magnus Hagander)

    Temporary replication slots will be used by default when pg_basebackup uses WAL streaming with default options.

  • Be more careful about fsync'ing in all required places in pg_basebackup and pg_receivewal (Michael Paquier)

  • Add pg_basebackup option --no-sync to disable fsync (Michael Paquier)

  • Improve pg_basebackup's handling of which directories to skip (David Steele)

  • Add wait option for pg_ctl's promote operation (Peter Eisentraut)

  • Add long options for pg_ctl wait (--wait) and no-wait (--no-wait) (Vik Fearing)

  • Add long option for pg_ctl server options (--options) (Peter Eisentraut)

  • Make pg_ctl start --wait detect server-ready by watching postmaster.pid, not by attempting connections (Tom Lane)

    The postmaster has been changed to report its ready-for-connections status in postmaster.pid, and pg_ctl now examines that file to detect whether startup is complete. This is more efficient and reliable than the old method, and it eliminates postmaster log entries about rejected connection attempts during startup.

  • Reduce pg_ctl's reaction time when waiting for postmaster start/stop (Tom Lane)

    pg_ctl now probes ten times per second when waiting for a postmaster state change, rather than once per second.

  • Ensure that pg_ctl exits with nonzero status if an operation being waited for does not complete within the timeout (Peter Eisentraut)

    The start and promote operations now return exit status 1, not 0, in such cases. The stop operation has always done that.

  • Change to two-part release version numbering (Peter Eisentraut, Tom Lane)

    Release numbers will now have two parts (e.g., 10.1) rather than three (e.g., 9.6.3). Major versions will now increase just the first number, and minor releases will increase just the second number. Release branches will be referred to by single numbers (e.g., 10 rather than 9.6). This change is intended to reduce user confusion about what is a major or minor release of PostgreSQL.

  • Improve behavior of pgindent (Piotr Stefaniak, Tom Lane)

    We have switched to a new version of pg_bsd_indent based on recent improvements made by the FreeBSD project. This fixes numerous small bugs that led to odd C code formatting decisions. Most notably, lines within parentheses (such as in a multi-line function call) are now uniformly indented to match the opening paren, even if that would result in code extending past the right margin.

  • Allow the ICU library to optionally be used for collation support (Peter Eisentraut)

    The ICU library has versioning that allows detection of collation changes between versions. It is enabled via configure option --with-icu. The default still uses the operating system's native collation library.

  • Automatically mark all PG_FUNCTION_INFO_V1 functions as DLLEXPORT-ed on Windows (Laurenz Albe)

    If third-party code is using extern function declarations, they should also add DLLEXPORT markers to those declarations.

  • Remove SPI functions SPI_push(), SPI_pop(), SPI_push_conditional(), SPI_pop_conditional(), and SPI_restore_connection() as unnecessary (Tom Lane)

    Their functionality now happens automatically. There are now no-op macros by these names so that external modules don't need to be updated immediately, but eventually such calls should be removed.

    A side effect of this change is that SPI_palloc() and allied functions now require an active SPI connection; they do not degenerate to simple palloc() if there is none. That previous behavior was not very useful and posed risks of unexpected memory leaks.

  • Allow shared memory to be dynamically allocated (Thomas Munro, Robert Haas)

  • Add slab-like memory allocator for efficient fixed-size allocations (Tomas Vondra)

  • Use POSIX semaphores rather than SysV semaphores on Linux and FreeBSD (Tom Lane)

    This avoids platform-specific limits on SysV semaphore usage.

  • Improve support for 64-bit atomics (Andres Freund)

  • Enable 64-bit atomic operations on ARM64 (Roman Shaposhnik)

  • Switch to using clock_gettime(), if available, for duration measurements (Tom Lane)

    gettimeofday() is still used if clock_gettime() is not available.

  • Add more robust random number generators to be used for cryptographically secure uses (Magnus Hagander, Michael Paquier, Heikki Linnakangas)

    If no strong random number generator can be found, configure will fail unless the --disable-strong-random option is used. However, with this option, pgcrypto functions requiring a strong random number generator will be disabled.

  • Allow WaitLatchOrSocket() to wait for socket connection on Windows (Andres Freund)

  • tupconvert.c functions no longer convert tuples just to embed a different composite-type OID in them (Ashutosh Bapat, Tom Lane)

    The majority of callers don't care about the composite-type OID; but if the result tuple is to be used as a composite Datum, steps should be taken to make sure the correct OID is inserted in it.

  • Remove SCO and Unixware ports (Tom Lane)

  • Overhaul documentation build process (Alexander Lakhin)

  • Use XSLT to build the PostgreSQL documentation (Peter Eisentraut)

    Previously Jade, DSSSL, and JadeTex were used.

  • Build HTML documentation using XSLT stylesheets by default (Peter Eisentraut)

  • Allow file_fdw to read from program output as well as files (Corey Huinker, Adam Gomaa)

  • In postgres_fdw, push aggregate functions to the remote server, when possible (Jeevan Chalke, Ashutosh Bapat)

    This reduces the amount of data that must be passed from the remote server, and offloads aggregate computation from the requesting server.

  • In postgres_fdw, push joins to the remote server in more cases (David Rowley, Ashutosh Bapat, Etsuro Fujita)

  • Properly support OID columns in postgres_fdw tables (Etsuro Fujita)

    Previously OID columns always returned zeros.

  • Allow btree_gist and btree_gin to index enum types (Andrew Dunstan)

    This allows enums to be used in exclusion constraints.

  • Add indexing support to btree_gist for the UUID data type (Paul Jungwirth)

  • Add amcheck which can check the validity of B-tree indexes (Peter Geoghegan)

  • Show ignored constants as $N rather than ? in pg_stat_statements (Lukas Fittl)

  • Improve cube's handling of zero-dimensional cubes (Tom Lane)

    This also improves handling of infinite and NaN values.

  • Allow pg_buffercache to run with fewer locks (Ivan Kartyshov)

    This makes it less disruptive when run on production systems.

  • Add pgstattuple function pgstathashindex() to view hash index statistics (Ashutosh Sharma)

  • Use GRANT permissions to control pgstattuple function usage (Stephen Frost)

    This allows DBAs to allow non-superusers to run these functions.

  • Reduce locking when pgstattuple examines hash indexes (Amit Kapila)

  • Add pageinspect function page_checksum() to show a page's checksum (Tomas Vondra)

  • Add pageinspect function bt_page_items() to print page items from a page image (Tomas Vondra)

  • Add hash index support to pageinspect (Jesper Pedersen, Ashutosh Sharma)

• ⇑ Upgrade to 10.1 released on 2017-11-09 - docs

  • Ensure that INSERT ... ON CONFLICT DO UPDATE checks table permissions and RLS policies in all cases (Dean Rasheed)

    The update path of INSERT ... ON CONFLICT DO UPDATE requires SELECT permission on the columns of the arbiter index, but it failed to check for that in the case of an arbiter specified by constraint name. In addition, for a table with row level security enabled, it failed to check updated rows against the table's SELECT policies (regardless of how the arbiter index was specified). (CVE-2017-15099)

  • Fix BRIN index summarization to handle concurrent table extension correctly (Álvaro Herrera)

    Previously, a race condition allowed some table rows to be omitted from the index. It may be necessary to reindex existing BRIN indexes to recover from past occurrences of this problem.

  • Fix possible failures during concurrent updates of a BRIN index (Tom Lane)

    These race conditions could result in errors like “invalid index offnum” or “inconsistent range map”.

  • Prevent logical replication from setting non-replicated columns to nulls when replicating an UPDATE (Petr Jelinek)

  • Fix logical replication to fire BEFORE ROW DELETE triggers when expected (Masahiko Sawada)

    Previously, that failed to happen unless the table also had a BEFORE ROW UPDATE trigger.

  • Fix crash when logical decoding is invoked from a SPI-using function, in particular any function written in a PL language (Tom Lane)

  • Ignore CTEs when looking up the target table for INSERT/UPDATE/DELETE, and prevent matching schema-qualified target table names to trigger transition table names (Thomas Munro)

    This restores the pre-v10 behavior for CTEs attached to DML commands.

  • Avoid evaluating an aggregate function's argument expression(s) at rows where its FILTER test fails (Tom Lane)

    This restores the pre-v10 (and SQL-standard) behavior.

  • Fix incorrect query results when multiple GROUPING SETS columns contain the same simple variable (Tom Lane)

  • Fix query-lifespan memory leakage while evaluating a set-returning function in a SELECT's target list (Tom Lane)

  • Allow parallel execution of prepared statements with generic plans (Amit Kapila, Kuntal Ghosh)

  • Fix incorrect parallelization decisions for nested queries (Amit Kapila, Kuntal Ghosh)

  • Fix parallel query handling to not fail when a recently-used role is dropped (Amit Kapila)

  • Fix crash in parallel execution of a bitmap scan having a BitmapAnd plan node below a BitmapOr node (Dilip Kumar)

  • Fix json_build_array(), json_build_object(), and their jsonb equivalents to handle explicit VARIADIC arguments correctly (Michael Paquier)

  • Fix autovacuum's “work item” logic to prevent possible crashes and silent loss of work items (Álvaro Herrera)

  • Correctly ignore RelabelType expression nodes when examining functional-dependency statistics (David Rowley)

    This allows, e.g., extended statistics on varchar columns to be used properly.

  • Prevent sharing transition states between ordered-set aggregates (David Rowley)

    This causes a crash with the built-in ordered-set aggregates, and probably with user-written ones as well. v11 and later will include provisions for dealing with such cases safely, but in released branches, just disable the optimization.

  • Prevent idle_in_transaction_session_timeout from being ignored when a statement_timeout occurred earlier (Lukas Fittl)

  • Reduce the frequency of data flush requests during bulk file copies to avoid performance problems on macOS, particularly with its new APFS file system (Tom Lane)

  • Allow COPY's FREEZE option to work when the transaction isolation level is REPEATABLE READ or higher (Noah Misch)

    This case was unintentionally broken by a previous bug fix.

  • Fix AggGetAggref() to return the correct Aggref nodes to aggregate final functions whose transition calculations have been merged (Tom Lane)

  • Fix insufficient schema-qualification in some new queries in pg_dump and psql (Vitaly Burovoy, Tom Lane, Noah Misch)

  • Avoid use of @> operator in psql's queries for \d (Tom Lane)

    This prevents problems when the parray_gin extension is installed, since that defines a conflicting operator.

  • Fix pg_basebackup's matching of tablespace paths to canonicalize both paths before comparing (Michael Paquier)

    This is particularly helpful on Windows.

  • In ecpglib, correctly handle backslashes in string literals depending on whether standard_conforming_strings is set (Tsunakawa Takayuki)

  • Fix missing temp-install prerequisites for check-like Make targets (Noah Misch)

    Some non-default test procedures that are meant to work like make check failed to ensure that the temporary installation was up to date.

  • In the documentation, restore HTML anchors to being upper-case strings (Peter Eisentraut)

    Due to a toolchain change, the 10.0 user manual had lower-case strings for intrapage anchors, thus breaking some external links into our website documentation. Return to our previous convention of using upper-case strings.

• ⇑ Upgrade to 10.2 released on 2018-02-08 - docs

  • Fix processing of partition keys containing multiple expressions (Álvaro Herrera, David Rowley)

    This error led to crashes or, with carefully crafted input, disclosure of arbitrary backend memory. (CVE-2018-1052)

  • Fix vacuuming of tuples that were updated while key-share locked (Andres Freund, Álvaro Herrera)

    In some cases VACUUM would fail to remove such tuples even though they are now dead, leading to assorted data corruption scenarios.

  • Fix failure to mark a hash index's metapage dirty after adding a new overflow page, potentially leading to index corruption (Lixian Zou, Amit Kapila)

  • Ensure that vacuum will always clean up the pending-insertions list of a GIN index (Masahiko Sawada)

    This is necessary to ensure that dead index entries get removed. The old code got it backwards, allowing vacuum to skip the cleanup if some other process were running cleanup concurrently, thus risking invalid entries being left behind in the index.

  • Fix incorrect query results from cases involving flattening of subqueries whose outputs are used in GROUPING SETS (Heikki Linnakangas)

  • Fix handling of list partitioning constraints for partition keys of boolean or array types (Amit Langote)

  • Fix spurious deadlock failures when multiple sessions are running CREATE INDEX CONCURRENTLY (Jeff Janes)

  • During VACUUM FULL, update the table's size fields in pg_class sooner (Amit Kapila)

    This prevents poor behavior when rebuilding hash indexes on the table, since those use the pg_class statistics to govern the initial hash size.

  • Fix UNION/INTERSECT/EXCEPT over zero columns (Tom Lane)

  • Disallow identity columns on typed tables and partitions (Michael Paquier)

    These cases will be treated as unsupported features for now.

  • Fix assorted failures to apply the correct default value when inserting into an identity column (Michael Paquier, Peter Eisentraut)

    In several contexts, notably COPY and ALTER TABLE ADD COLUMN, the expected default value was not applied and instead a null value was inserted.

  • Fix failures when an inheritance tree contains foreign child tables (Etsuro Fujita)

    A mix of regular and foreign tables in an inheritance tree resulted in creation of incorrect plans for UPDATE and DELETE queries. This led to visible failures in some cases, notably when there are row-level triggers on a foreign child table.

  • Fix “could not devise a query plan for the given query” planner failure for some cases involving nested UNION ALL inside a lateral subquery (Tom Lane)

  • Allow functional dependency statistics to be used for boolean columns (Tom Lane)

    Previously, although extended statistics could be declared and collected on boolean columns, the planner failed to apply them.

  • Avoid underestimating the number of groups emitted by subqueries containing set-returning functions in their grouping columns (Tom Lane)

    Cases similar to SELECT DISTINCT unnest(foo) got a lower output rowcount estimate in 10.0 than they did in earlier releases, possibly resulting in unfavorable plan choices. Restore the prior estimation behavior.

  • Fix use of triggers in logical replication workers (Petr Jelinek)

  • Fix logical decoding to correctly clean up disk files for crashed transactions (Atsushi Torikoshi)

    Logical decoding may spill WAL records to disk for transactions generating many WAL records. Normally these files are cleaned up after the transaction's commit or abort record arrives; but if no such record is ever seen, the removal code misbehaved.

  • Fix walsender timeout failure and failure to respond to interrupts when processing a large transaction (Petr Jelinek)

  • Fix race condition during replication origin drop that could allow the dropping process to wait indefinitely (Tom Lane)

  • Allow members of the pg_read_all_stats role to see walsender statistics in the pg_stat_replication view (Feike Steenbergen)

  • Show walsenders that are sending base backups as active in the pg_stat_activity view (Magnus Hagander)

  • Fix reporting of scram-sha-256 authentication method in the pg_hba_file_rules view (Michael Paquier)

    Previously this was printed as scram-sha256, possibly confusing users as to the correct spelling.

  • Allow a client that supports SCRAM channel binding (such as v11 or later libpq) to connect to a v10 server (Michael Paquier)

    v10 does not have this feature, and the connection-time negotiation about whether to use it was done incorrectly.

  • Avoid live-lock in ConditionVariableBroadcast() (Tom Lane, Thomas Munro)

    Given repeatedly-unlucky timing, a process attempting to awaken all waiters for a condition variable could loop indefinitely. Due to the limited usage of condition variables in v10, this affects only parallel index scans and some operations on replication slots.

  • Clean up waits for condition variables correctly during subtransaction abort (Robert Haas)

  • Ensure that child processes that are waiting for a condition variable will exit promptly if the postmaster process dies (Tom Lane)

  • Fix crashes in parallel queries using more than one Gather node (Thomas Munro)

  • Fix hang in parallel index scan when processing a deleted or half-dead index page (Amit Kapila)

  • Avoid crash if parallel bitmap heap scan is unable to allocate a shared memory segment (Robert Haas)

  • Cope with failure to start a parallel worker process (Amit Kapila, Robert Haas)

    Parallel query previously tended to hang indefinitely if a worker could not be started, as the result of fork() failure or other low-probability problems.

  • Avoid unnecessary failure when no parallel workers can be obtained during parallel query startup (Robert Haas)

  • Fix collection of EXPLAIN statistics from parallel workers (Amit Kapila, Thomas Munro)

  • Ensure that query strings passed to parallel workers are correctly null-terminated (Thomas Munro)

    This prevents emitting garbage in postmaster log output from such workers.

  • Avoid unsafe alignment assumptions when working with __int128 (Tom Lane)

    Typically, compilers assume that __int128 variables are aligned on 16-byte boundaries, but our memory allocation infrastructure isn't prepared to guarantee that, and increasing the setting of MAXALIGN seems infeasible for multiple reasons. Adjust the code to allow use of __int128 only when we can tell the compiler to assume lesser alignment. The only known symptom of this problem so far is crashes in some parallel aggregation queries.

  • Avoid crash during an EvalPlanQual recheck of an indexscan that is the inner child of a merge join (Tom Lane)

    This could only happen during an update or SELECT FOR UPDATE of a join, when there is a concurrent update of some selected row.

  • Fix crash in autovacuum when extended statistics are defined for a table but can't be computed (Álvaro Herrera)

  • Prevent out-of-memory failures due to excessive growth of simple hash tables (Tomas Vondra, Andres Freund)

  • Fix sample INSTR() functions in the PL/pgSQL documentation (Yugo Nagata, Tom Lane)

    These functions are stated to be Oracle® compatible, but they weren't exactly. In particular, there was a discrepancy in the interpretation of a negative third parameter: Oracle thinks that a negative value indicates the last place where the target substring can begin, whereas our functions took it as the last place where the target can end. Also, Oracle throws an error for a zero or negative fourth parameter, whereas our functions returned zero.

    The sample code has been adjusted to match Oracle's behavior more precisely. Users who have copied this code into their applications may wish to update their copies.

  • Fix pg_dump to make ACL (permissions), comment, and security label entries reliably identifiable in archive output formats (Tom Lane)

    The “tag” portion of an ACL archive entry was usually just the name of the associated object. Make it start with the object type instead, bringing ACLs into line with the convention already used for comment and security label archive entries. Also, fix the comment and security label entries for the whole database, if present, to make their tags start with DATABASE so that they also follow this convention. This prevents false matches in code that tries to identify large-object-related entries by seeing if the tag starts with LARGE OBJECT. That could have resulted in misclassifying entries as data rather than schema, with undesirable results in a schema-only or data-only dump.

    Note that this change has user-visible results in the output of pg_restore --list.

  • Rename pg_rewind's copy_file_range function to avoid conflict with new Linux system call of that name (Andres Freund)

    This change prevents build failures with newer glibc versions.

  • Change the behavior of contrib/cube's cube ~> int operator to make it compatible with KNN search (Alexander Korotkov)

    The meaning of the second argument (the dimension selector) has been changed to make it predictable which value is selected even when dealing with cubes of varying dimensionalities.

    This is an incompatible change, but since the point of the operator was to be used in KNN searches, it seems rather useless as-is. After installing this update, any expression indexes or materialized views using this operator will need to be reindexed/refreshed.

  • Fix incorrect display of tuples' null bitmaps in contrib/pageinspect (Maksim Milyutin)

  • Fix incorrect output from contrib/pageinspect's hash_page_items() function (Masahiko Sawada)

  • In contrib/postgres_fdw, avoid “outer pathkeys do not match mergeclauses” planner error when constructing a plan involving a remote join (Robert Haas)

  • In contrib/postgres_fdw, avoid planner failure when there are duplicate GROUP BY entries (Jeevan Chalke)

• ⇑ Upgrade to 10.3 released on 2018-03-01 - docs

  • Document how to configure installations and applications to guard against search-path-dependent trojan-horse attacks from other users (Noah Misch)

    Using a search_path setting that includes any schemas writable by a hostile user enables that user to capture control of queries and then run arbitrary SQL code with the permissions of the attacked user. While it is possible to write queries that are proof against such hijacking, it is notationally tedious, and it's very easy to overlook holes. Therefore, we now recommend configurations in which no untrusted schemas appear in one's search path. Relevant documentation appears in Section 5.8.6 (for database administrators and users), Section 33.1 (for application authors), Section 37.15.1 (for extension authors), and CREATE FUNCTION (for authors of SECURITY DEFINER functions). (CVE-2018-1058)

  • Avoid use of insecure search_path settings in pg_dump and other client programs (Noah Misch, Tom Lane)

    pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications were themselves vulnerable to the type of hijacking described in the previous changelog entry; since these applications are commonly run by superusers, they present particularly attractive targets. To make them secure whether or not the installation as a whole has been secured, modify them to include only the pg_catalog schema in their search_path settings. Autovacuum worker processes now do the same, as well.

    In cases where user-provided functions are indirectly executed by these programs — for example, user-provided functions in index expressions — the tighter search_path may result in errors, which will need to be corrected by adjusting those user-provided functions to not assume anything about what search path they are invoked under. That has always been good practice, but now it will be necessary for correct behavior. (CVE-2018-1058)

  • Prevent logical replication from trying to ship changes for unpublishable relations (Peter Eisentraut)

    A publication marked FOR ALL TABLES would incorrectly ship changes in materialized views and information_schema tables, which are supposed to be omitted from the change stream.

  • Fix planner failures with overlapping mergejoin clauses in an outer join (Tom Lane)

    These mistakes led to “left and right pathkeys do not match in mergejoin” or “outer pathkeys do not match mergeclauses” planner errors in corner cases.

  • Repair pg_upgrade's failure to preserve relfrozenxid for materialized views (Tom Lane, Andres Freund)

    This oversight could lead to data corruption in materialized views after an upgrade, manifesting as “could not access status of transaction” or “found xmin from before relfrozenxid” errors. The problem would be more likely to occur in seldom-refreshed materialized views, or ones that were maintained only with REFRESH MATERIALIZED VIEW CONCURRENTLY.

    If such corruption is observed, it can be repaired by refreshing the materialized view (without CONCURRENTLY).

  • Fix incorrect pg_dump output for some non-default sequence limit values (Alexey Bashtanov)

  • Fix pg_dump's mishandling of STATISTICS objects (Tom Lane)

    An extended statistics object's schema was mislabeled in the dump's table of contents, possibly leading to the wrong results in a schema-selective restore. Its ownership was not correctly restored, either. Also, change the logic so that statistics objects are dumped/restored, or not, as independent objects rather than tying them to the dump/restore decision for the table they are on. The original definition could not scale to the planned future extension to cross-table statistics.

  • Mark assorted GUC variables as PGDLLIMPORT, to ease porting extension modules to Windows (Metin Doslu)

• ⇑ Upgrade to 10.4 released on 2018-05-10 - docs

  • Remove public execute privilege from contrib/adminpack's pg_logfile_rotate() function (Stephen Frost)

    pg_logfile_rotate() is a deprecated wrapper for the core function pg_rotate_logfile(). When that function was changed to rely on SQL privileges for access control rather than a hard-coded superuser check, pg_logfile_rotate() should have been updated as well, but the need for this was missed. Hence, if adminpack is installed, any user could request a logfile rotation, creating a minor security issue.

    After installing this update, administrators should update adminpack by performing ALTER EXTENSION adminpack UPDATE in each database in which adminpack is installed. (CVE-2018-1115)

  • Fix incorrect volatility markings on a few built-in functions (Thomas Munro, Tom Lane)

    The functions query_to_xml, cursor_to_xml, cursor_to_xmlschema, query_to_xmlschema, and query_to_xml_and_xmlschema should be marked volatile because they execute user-supplied queries that might contain volatile operations. They were not, leading to a risk of incorrect query optimization. This has been repaired for new installations by correcting the initial catalog data, but existing installations will continue to contain the incorrect markings. Practical use of these functions seems to pose little hazard, but in case of trouble, it can be fixed by manually updating these functions' pg_proc entries, for example ALTER FUNCTION pg_catalog.query_to_xml(text, boolean, boolean, text) VOLATILE. (Note that that will need to be done in each database of the installation.) Another option is to pg_upgrade the database to a version containing the corrected initial data.

  • Fix incorrect parallel-safety markings on a few built-in functions (Thomas Munro, Tom Lane)

    The functions brin_summarize_new_values, brin_summarize_range, brin_desummarize_range, gin_clean_pending_list, cursor_to_xml, cursor_to_xmlschema, ts_rewrite, ts_stat, binary_upgrade_create_empty_extension, and pg_import_system_collations should be marked parallel-unsafe; some because they perform database modifications directly, and others because they execute user-supplied queries that might do so. They were marked parallel-restricted instead, leading to a risk of unexpected query errors. This has been repaired for new installations by correcting the initial catalog data, but existing installations will continue to contain the incorrect markings. Practical use of these functions seems to pose little hazard unless force_parallel_mode is turned on. In case of trouble, it can be fixed by manually updating these functions' pg_proc entries, for example ALTER FUNCTION pg_catalog.brin_summarize_new_values(regclass) PARALLEL UNSAFE. (Note that that will need to be done in each database of the installation.) Another option is to pg_upgrade the database to a version containing the corrected initial data.

  • Avoid re-using TOAST value OIDs that match dead-but-not-yet-vacuumed TOAST entries (Pavan Deolasee)

    Once the OID counter has wrapped around, it's possible to assign a TOAST value whose OID matches a previously deleted entry in the same TOAST table. If that entry were not yet vacuumed away, this resulted in “unexpected chunk number 0 (expected 1) for toast value nnnnn” errors, which would persist until the dead entry was removed by VACUUM. Fix by not selecting such OIDs when creating a new TOAST entry.

  • Correctly enforce any CHECK constraints on individual partitions during COPY to a partitioned table (Etsuro Fujita)

    Previously, only constraints declared for the partitioned table as a whole were checked.

  • Accept TRUE and FALSE as partition bound values (Amit Langote)

    Previously, only string-literal values were accepted for a boolean partitioning column. But then pg_dump would print such values as TRUE or FALSE, leading to dump/reload failures.

  • Fix memory management for partition key comparison functions (Álvaro Herrera, Amit Langote)

    This error could lead to crashes when using user-defined operator classes for partition keys.

  • Fix possible crash when a query inserts tuples in several partitions of a partitioned table, and those partitions don't have identical row types (Etsuro Fujita, Amit Langote)

  • Change ANALYZE's algorithm for updating pg_class.reltuples (David Gould)

    Previously, pages not actually scanned by ANALYZE were assumed to retain their old tuple density. In a large table where ANALYZE samples only a small fraction of the pages, this meant that the overall tuple density estimate could not change very much, so that reltuples would change nearly proportionally to changes in the table's physical size (relpages) regardless of what was actually happening in the table. This has been observed to result in reltuples becoming so much larger than reality as to effectively shut off autovacuuming. To fix, assume that ANALYZE's sample is a statistically unbiased sample of the table (as it should be), and just extrapolate the density observed within those pages to the whole table.

  • Include extended-statistics objects in the set of table properties duplicated by CREATE TABLE ... LIKE ... INCLUDING ALL (David Rowley)

    Also add an INCLUDING STATISTICS option, to allow finer-grained control over whether this happens.

  • Fix CREATE TABLE ... LIKE with bigint identity columns (Peter Eisentraut)

    On platforms where long is 32 bits (which includes 64-bit Windows as well as most 32-bit machines), copied sequence parameters would be truncated to 32 bits.

  • Avoid deadlocks in concurrent CREATE INDEX CONCURRENTLY commands that are run under SERIALIZABLE or REPEATABLE READ transaction isolation (Tom Lane)

  • Fix possible slow execution of REFRESH MATERIALIZED VIEW CONCURRENTLY (Thomas Munro)

  • Fix UPDATE/DELETE ... WHERE CURRENT OF to not fail when the referenced cursor uses an index-only-scan plan (Yugo Nagata, Tom Lane)

  • Fix incorrect planning of join clauses pushed into parameterized paths (Andrew Gierth, Tom Lane)

    This error could result in misclassifying a condition as a “join filter” for an outer join when it should be a plain “filter” condition, leading to incorrect join output.

  • Fix possibly incorrect generation of an index-only-scan plan when the same table column appears in multiple index columns, and only some of those index columns use operator classes that can return the column value (Kyotaro Horiguchi)

  • Fix misoptimization of CHECK constraints having provably-NULL subclauses of top-level AND/OR conditions (Tom Lane, Dean Rasheed)

    This could, for example, allow constraint exclusion to exclude a child table that should not be excluded from a query.

  • Prevent planner crash when a query has multiple GROUPING SETS, none of which can be implemented by sorting (Andrew Gierth)

  • Fix executor crash due to double free in some GROUPING SETS usages (Peter Geoghegan)

  • Fix misexecution of self-joins on transition tables (Thomas Munro)

  • Avoid crash if a table rewrite event trigger is added concurrently with a command that could call such a trigger (Álvaro Herrera, Andrew Gierth, Tom Lane)

  • Avoid failure if a query-cancel or session-termination interrupt occurs while committing a prepared transaction (Stas Kelvich)

  • Fix query-lifespan memory leakage in repeatedly executed hash joins (Tom Lane)

  • Fix possible leak or double free of visibility map buffer pins (Amit Kapila)

  • Avoid spuriously marking pages as all-visible (Dan Wood, Pavan Deolasee, Álvaro Herrera)

    This could happen if some tuples were locked (but not deleted). While queries would still function correctly, vacuum would normally ignore such pages, with the long-term effect that the tuples were never frozen. In recent releases this would eventually result in errors such as “found multixact nnnnn from before relminmxid nnnnn”.

  • Fix overly strict sanity check in heap_prepare_freeze_tuple (Álvaro Herrera)

    This could result in incorrect “cannot freeze committed xmax” failures in databases that have been pg_upgrade'd from 9.2 or earlier.

  • Prevent dangling-pointer dereference when a C-coded before-update row trigger returns the “old” tuple (Rushabh Lathia)

  • Reduce locking during autovacuum worker scheduling (Jeff Janes)

    The previous behavior caused drastic loss of potential worker concurrency in databases with many tables.

  • Ensure client hostname is copied while copying pg_stat_activity data to local memory (Edmund Horner)

    Previously the supposedly-local snapshot contained a pointer into shared memory, allowing the client hostname column to change unexpectedly if any existing session disconnected.

  • Handle pg_stat_activity information for auxiliary processes correctly (Edmund Horner)

    The application_name, client_hostname, and query fields might show incorrect data for such processes.

  • Fix incorrect processing of multiple compound affixes in ispell dictionaries (Arthur Zakirov)

  • Fix collation-aware searches (that is, indexscans using inequality operators) in SP-GiST indexes on text columns (Tom Lane)

    Such searches would return the wrong set of rows in most non-C locales.

  • Prevent query-lifespan memory leakage with SP-GiST operator classes that use traversal values (Anton Dignös)

  • Count the number of index tuples correctly during initial build of an SP-GiST index (Tomas Vondra)

    Previously, the tuple count was reported to be the same as that of the underlying table, which is wrong if the index is partial.

  • Count the number of index tuples correctly during vacuuming of a GiST index (Andrey Borodin)

    Previously it reported the estimated number of heap tuples, which might be inaccurate, and is certainly wrong if the index is partial.

  • Fix a corner case where a streaming standby gets stuck at a WAL continuation record (Kyotaro Horiguchi)

  • In logical decoding, avoid possible double processing of WAL data when a walsender restarts (Craig Ringer)

  • Fix logical replication to not assume that type OIDs match between the local and remote servers (Masahiko Sawada)

  • Allow scalarltsel and scalargtsel to be used on non-core datatypes (Tomas Vondra)

  • Reduce libpq's memory consumption when a server error is reported after a large amount of query output has been collected (Tom Lane)

    Discard the previous output before, not after, processing the error message. On some platforms, notably Linux, this can make a difference in the application's subsequent memory footprint.

  • Fix double-free crashes in ecpg (Patrick Krecker, Jeevan Ladhe)

  • Fix ecpg to handle long long int variables correctly in MSVC builds (Michael Meskes, Andrew Gierth)

  • Fix mis-quoting of values for list-valued GUC variables in dumps (Michael Paquier, Tom Lane)

    The local_preload_libraries, session_preload_libraries, shared_preload_libraries, and temp_tablespaces variables were not correctly quoted in pg_dump output. This would cause problems if settings for these variables appeared in CREATE FUNCTION ... SET or ALTER DATABASE/ROLE ... SET clauses.

  • Fix pg_recvlogical to not fail against pre-v10 PostgreSQL servers (Michael Paquier)

    A previous fix caused pg_recvlogical to issue a command regardless of server version, but it should only be issued to v10 and later servers.

  • Ensure that pg_rewind deletes files on the target server if they are deleted from the source server during the run (Takayuki Tsunakawa)

    Failure to do this could result in data inconsistency on the target, particularly if the file in question is a WAL segment.

  • Fix pg_rewind to handle tables in non-default tablespaces correctly (Takayuki Tsunakawa)

  • Fix overflow handling in PL/pgSQL integer FOR loops (Tom Lane)

    The previous coding failed to detect overflow of the loop variable on some non-gcc compilers, leading to an infinite loop.

  • Adjust PL/Python regression tests to pass under Python 3.7 (Peter Eisentraut)

  • Support testing PL/Python and related modules when building with Python 3 and MSVC (Andrew Dunstan)

  • Fix errors in initial build of contrib/bloom indexes (Tomas Vondra, Tom Lane)

    Fix possible omission of the table's last tuple from the index. Count the number of index tuples correctly, in case it is a partial index.

  • Rename internal b64_encode and b64_decode functions to avoid conflict with Solaris 11.4 built-in functions (Rainer Orth)

  • Sync our copy of the timezone library with IANA tzcode release 2018e (Tom Lane)

    This fixes the zic timezone data compiler to cope with negative daylight-savings offsets. While the PostgreSQL project will not immediately ship such timezone data, zic might be used with timezone data obtained directly from IANA, so it seems prudent to update zic now.

  • Update time zone data files to tzdata release 2018d for DST law changes in Palestine and Antarctica (Casey Station), plus historical corrections for Portugal and its colonies, as well as Enderbury, Jamaica, Turks & Caicos Islands, and Uruguay.

• ⇑ Upgrade to 10.5 released on 2018-08-09 - docs

  • Fix failure to reset libpq's state fully between connection attempts (Tom Lane)

    An unprivileged user of dblink or postgres_fdw could bypass the checks intended to prevent use of server-side credentials, such as a ~/.pgpass file owned by the operating-system user running the server. Servers allowing peer authentication on local connections are particularly vulnerable. Other attacks such as SQL injection into a postgres_fdw session are also possible. Attacking postgres_fdw in this way requires the ability to create a foreign server object with selected connection parameters, but any user with access to dblink could exploit the problem. In general, an attacker with the ability to select the connection parameters for a libpq-using application could cause mischief, though other plausible attack scenarios are harder to think of. Our thanks to Andrew Krasichkov for reporting this issue. (CVE-2018-10915)

  • Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT * FROM ... (Dean Rasheed, Amit Langote)

    Erroneous expansion of an updatable view could lead to crashes or “attribute ... has the wrong type” errors, if the view's SELECT list doesn't match one-to-one with the underlying table's columns. Furthermore, this bug could be leveraged to allow updates of columns that an attacking user lacks UPDATE privilege for, if that user has INSERT and UPDATE privileges for some other column(s) of the table. Any user could also use it for disclosure of server memory. (CVE-2018-10925)

  • Ensure that updates to the relfrozenxid and relminmxid values for “nailed” system catalogs are processed in a timely fashion (Andres Freund)

    Overoptimistic caching rules could prevent these updates from being seen by other sessions, leading to spurious errors and/or data corruption. The problem was significantly worse for shared catalogs, such as pg_authid, because the stale cache data could persist into new sessions as well as existing ones.

  • Fix case where a freshly-promoted standby crashes before having completed its first post-recovery checkpoint (Michael Paquier, Kyotaro Horiguchi, Pavan Deolasee, Álvaro Herrera)

    This led to a situation where the server did not think it had reached a consistent database state during subsequent WAL replay, preventing restart.

  • Avoid emitting a bogus WAL record when recycling an all-zero btree page (Amit Kapila)

    This mistake has been seen to cause assertion failures, and potentially it could result in unnecessary query cancellations on hot standby servers.

  • During WAL replay, guard against corrupted record lengths exceeding 1GB (Michael Paquier)

    Treat such a case as corrupt data. Previously, the code would try to allocate space and get a hard error, making recovery impossible.

  • When ending recovery, delay writing the timeline history file as long as possible (Heikki Linnakangas)

    This avoids some situations where a failure during recovery cleanup (such as a problem with a two-phase state file) led to inconsistent timeline state on-disk.

  • Improve performance of WAL replay for transactions that drop many relations (Fujii Masao)

    This change reduces the number of times that shared buffers are scanned, so that it is of most benefit when that setting is large.

  • Improve performance of lock releasing in standby server WAL replay (Thomas Munro)

  • Make logical WAL senders report streaming state correctly (Simon Riggs, Sawada Masahiko)

    The code previously mis-detected whether or not it had caught up with the upstream server.

  • Ensure that a snapshot is provided when executing data type input functions in logical replication subscribers (Minh-Quan Tran, Álvaro Herrera)

    This omission led to failures in some cases, such as domains with constraints using SQL-language functions.

  • Fix bugs in snapshot handling during logical decoding, allowing wrong decoding results in rare cases (Arseny Sher, Álvaro Herrera)

  • Add subtransaction handling in logical-replication table synchronization workers (Amit Khandekar, Robert Haas)

    Previously, table synchronization could misbehave if any subtransactions were aborted after modifying a table being synchronized.

  • Ensure a table's cached index list is correctly rebuilt after an index creation fails partway through (Peter Geoghegan)

    Previously, the failed index's OID could remain in the list, causing problems later in the same session.

  • Fix mishandling of empty uncompressed posting list pages in GIN indexes (Sivasubramanian Ramasubramanian, Alexander Korotkov)

    This could result in an assertion failure after pg_upgrade of a pre-9.4 GIN index (9.4 and later will not create such pages).

  • Pad arrays of unnamed POSIX semaphores to reduce cache line sharing (Thomas Munro)

    This reduces contention on many-CPU systems, fixing a performance regression (compared to previous releases) on Linux and FreeBSD.

  • Ensure that a process doing a parallel index scan will respond to signals (Amit Kapila)

    Previously, parallel workers could get stuck waiting for a lock on an index page, and not notice requests to abort the query.

  • Ensure that VACUUM will respond to signals within btree page deletion loops (Andres Freund)

    Corrupted btree indexes could result in an infinite loop here, and that previously wasn't interruptible without forcing a crash.

  • Fix hash-join costing mistake introduced with inner_unique optimization (David Rowley)

    This could lead to bad plan choices in situations where that optimization was applicable.

  • Fix misoptimization of equivalence classes involving composite-type columns (Tom Lane)

    This resulted in failure to recognize that an index on a composite column could provide the sort order needed for a mergejoin on that column.

  • Fix planner to avoid “ORDER/GROUP BY expression not found in targetlist” errors in some queries with set-returning functions (Tom Lane)

  • Fix handling of partition keys whose data type uses a polymorphic btree operator class, such as arrays (Amit Langote, Álvaro Herrera)

  • Fix SQL-standard FETCH FIRST syntax to allow parameters ($n), as the standard expects (Andrew Gierth)

  • Remove undocumented restriction against duplicate partition key columns (Yugo Nagata)

  • Disallow temporary tables from being partitions of non-temporary tables (Amit Langote, Michael Paquier)

    While previously allowed, this case didn't work reliably.

  • Fix EXPLAIN's accounting for resource usage, particularly buffer accesses, in parallel workers (Amit Kapila, Robert Haas)

  • Fix SHOW ALL to show all settings to roles that are members of pg_read_all_settings, and also allow such roles to see source filename and line number in the pg_settings view (Laurenz Albe, Álvaro Herrera)

  • Fix failure to schema-qualify some object names in getObjectDescription and getObjectIdentity output (Kyotaro Horiguchi, Tom Lane)

    Names of collations, conversions, text search objects, publication relations, and extended statistics objects were not schema-qualified when they should be.

  • Fix CREATE AGGREGATE type checking so that parallelism support functions can be attached to variadic aggregates (Alexey Bashtanov)

  • Widen COPY FROM's current-line-number counter from 32 to 64 bits (David Rowley)

    This avoids two problems with input exceeding 4G lines: COPY FROM WITH HEADER would drop a line every 4G lines, not only the first line, and error reports could show a wrong line number.

  • Allow replication slots to be dropped in single-user mode (Álvaro Herrera)

    This use-case was accidentally broken in release 10.0.

  • Fix incorrect results from variance(int4) and related aggregates when run in parallel aggregation mode (David Rowley)

  • Process TEXT and CDATA nodes correctly in xmltable() column expressions (Markus Winand)

  • Cope with possible failure of OpenSSL's RAND_bytes() function (Dean Rasheed, Michael Paquier)

    Under rare circumstances, this oversight could result in “could not generate random cancel key” failures that could only be resolved by restarting the postmaster.

  • Fix libpq's handling of some cases where hostaddr is specified (Hari Babu, Tom Lane, Robert Haas)

    PQhost() gave misleading or incorrect results in some cases. Now, it uniformly returns the host name if specified, or the host address if only that is specified, or the default host name (typically /tmp or localhost) if both parameters are omitted.

    Also, the wrong value might be compared to the server name when verifying an SSL certificate.

    Also, the wrong value might be compared to the host name field in ~/.pgpass. Now, that field is compared to the host name if specified, or the host address if only that is specified, or localhost if both parameters are omitted.

    Also, an incorrect error message was reported for an unparseable hostaddr value.

    Also, when the host, hostaddr, or port parameters contain comma-separated lists, libpq is now more careful to treat empty elements of a list as selecting the default behavior.

  • Add a string freeing function to ecpg's pgtypes library, so that cross-module memory management problems can be avoided on Windows (Takayuki Tsunakawa)

    On Windows, crashes can ensue if the free call for a given chunk of memory is not made from the same DLL that malloc'ed the memory. The pgtypes library sometimes returns strings that it expects the caller to free, making it impossible to follow this rule. Add a PGTYPESchar_free() function that just wraps free, allowing applications to follow this rule.

  • Fix ecpg's support for long long variables on Windows, as well as other platforms that declare strtoll/strtoull nonstandardly or not at all (Dang Minh Huong, Tom Lane)

  • Fix misidentification of SQL statement type in PL/pgSQL, when a rule change causes a change in the semantics of a statement intra-session (Tom Lane)

    This error led to assertion failures, or in rare cases, failure to enforce the INTO STRICT option as expected.

  • Fix password prompting in client programs so that echo is properly disabled on Windows when stdin is not the terminal (Matthew Stickney)

  • Further fix mis-quoting of values for list-valued GUC variables in dumps (Tom Lane)

    The previous fix for quoting of search_path and other list-valued variables in pg_dump output turned out to misbehave for empty-string list elements, and it risked truncation of long file paths.

  • Fix pg_dump's failure to dump REPLICA IDENTITY properties for constraint indexes (Tom Lane)

    Manually created unique indexes were properly marked, but not those created by declaring UNIQUE or PRIMARY KEY constraints.

  • Make pg_upgrade check that the old server was shut down cleanly (Bruce Momjian)

    The previous check could be fooled by an immediate-mode shutdown.

  • Fix contrib/hstore_plperl to look through Perl scalar references, and to not crash if it doesn't find a hash reference where it expects one (Tom Lane)

  • Fix crash in contrib/ltree's lca() function when the input array is empty (Pierre Ducroquet)

  • Fix various error-handling code paths in which an incorrect error code might be reported (Michael Paquier, Tom Lane, Magnus Hagander)

  • Rearrange makefiles to ensure that programs link to freshly-built libraries (such as libpq.so) rather than ones that might exist in the system library directories (Tom Lane)

    This avoids problems when building on platforms that supply old copies of PostgreSQL libraries.

  • Update time zone data files to tzdata release 2018e for DST law changes in North Korea, plus historical corrections for Czechoslovakia.

    This update includes a redefinition of “daylight savings” in Ireland, as well as for some past years in Namibia and Czechoslovakia. In those jurisdictions, legally standard time is observed in summer, and daylight savings time in winter, so that the daylight savings offset is one hour behind standard time not one hour ahead. This does not affect either the actual UTC offset or the timezone abbreviations in use; the only known effect is that the is_dst column in the pg_timezone_names view will now be true in winter and false in summer in these cases.

• ⇑ Upgrade to 11 released on 2018-10-18 - docs

  • Make pg_dump dump the properties of a database, not just its contents (Haribabu Kommi)

    Previously, attributes of the database itself, such as database-level GRANT/REVOKE permissions and ALTER DATABASE SET variable settings, were only dumped by pg_dumpall. Now pg_dump --create and pg_restore --create will restore these database properties in addition to the objects within the database. pg_dumpall -g now only dumps role- and tablespace-related attributes. pg_dumpall's complete output (without -g) is unchanged.

    pg_dump and pg_restore, without --create, no longer dump/restore database-level comments and security labels; those are now treated as properties of the database.

    pg_dumpall's output script will now always create databases with their original locale and encoding, and hence will fail if the locale or encoding name is unknown to the destination system. Previously, CREATE DATABASE would be emitted without these specifications if the database locale and encoding matched the old cluster's defaults.

    pg_dumpall --clean now restores the original locale and encoding settings of the postgres and template1 databases, as well as those of user-created databases.

  • Consider syntactic form when disambiguating function versus column references (Tom Lane)

    When x is a table name or composite column, PostgreSQL has traditionally considered the syntactic forms f(x) and x.f to be equivalent, allowing tricks such as writing a function and then using it as though it were a computed-on-demand column. However, if both interpretations are feasible, the column interpretation was always chosen, leading to surprising results if the user intended the function interpretation. Now, if there is ambiguity, the interpretation that matches the syntactic form is chosen.

  • Fully enforce uniqueness of table and domain constraint names (Tom Lane)

    PostgreSQL expects the names of a table's constraints to be distinct, and likewise for the names of a domain's constraints. However, there was not rigid enforcement of this, and previously there were corner cases where duplicate names could be created.

  • Make power(numeric, numeric) and power(float8, float8) handle NaN inputs according to the POSIX standard (Tom Lane, Dang Minh Huong)

    POSIX says that NaN ^ 0 = 1 and 1 ^ NaN = 1, but all other cases with NaN input(s) should return NaN. power(numeric, numeric) just returned NaN in all such cases; now it honors the two exceptions. power(float8, float8) followed the standard if the C library does; but on some old Unix platforms the library doesn't, and there were also problems on some versions of Windows.

  • Prevent to_number() from consuming characters when the template separator does not match (Oliver Ford)

    Specifically, SELECT to_number('1234', '9,999') used to return 134. It will now return 1234. L and TH now only consume characters that are not digits, positive/negative signs, decimal points, or commas.

  • Fix to_date(), to_number(), and to_timestamp() to skip a character for each template character (Tom Lane)

    Previously, they skipped one byte for each byte of template character, resulting in strange behavior if either string contained multibyte characters.

  • Adjust the handling of backslashes inside double-quotes in template strings for to_char(), to_number(), and to_timestamp().

    Such a backslash now escapes the character after it, particularly a double-quote or another backslash.

  • Correctly handle relative path expressions in xmltable(), xpath(), and other XML-handling functions (Markus Winand)

    Per the SQL standard, relative paths start from the document node of the XML input document, not the root node as these functions previously did.

  • In the extended query protocol, make statement_timeout apply to each Execute message separately, not to all commands before Sync (Tatsuo Ishii, Andres Freund)

  • Remove the relhaspkey column from system catalog pg_class (Peter Eisentraut)

    Applications needing to check for a primary key should consult pg_index.

  • Replace system catalog pg_proc's proisagg and proiswindow columns with prokind (Peter Eisentraut)

    This new column more clearly distinguishes functions, procedures, aggregates, and window functions.

  • Correct information schema column tables.table_type to return FOREIGN instead of FOREIGN TABLE (Peter Eisentraut)

    This new output matches the SQL standard.

  • Change the ps process display labels for background workers to match the pg_stat_activity.backend_type labels (Peter Eisentraut)

  • Cause large object permission checks to happen during large object open, lo_open(), not when a read or write is attempted (Tom Lane, Michael Paquier)

    If write access is requested and not available, an error will now be thrown even if the large object is never written to.

  • Prevent non-superusers from reindexing shared catalogs (Michael Paquier, Robert Haas)

    Previously, database owners were also allowed to do this, but now it is considered outside the bounds of their privileges.

  • Remove deprecated adminpack functions pg_file_read(), pg_file_length(), and pg_logfile_rotate() (Stephen Frost)

    Equivalent functionality is now present in the core backend. Existing adminpack installs will continue to have access to these functions until they are updated via ALTER EXTENSION ... UPDATE.

  • Honor the capitalization of double-quoted command options (Daniel Gustafsson)

    Previously, option names in certain SQL commands were forcibly lower-cased even if entered with double quotes; thus for example "FillFactor" would be accepted as an index storage option, though properly its name is lower-case. Such cases will now generate an error.

  • Remove server parameter replacement_sort_tuples (Peter Geoghegan)

    Replacement sorts were determined to be no longer useful.

  • Remove WITH clause in CREATE FUNCTION (Michael Paquier)

    PostgreSQL has long supported a more standard-compliant syntax for this capability.

  • In PL/pgSQL trigger functions, the OLD and NEW variables now read as NULL when not assigned (Tom Lane)

    Previously, references to these variables could be parsed but not executed.

  • Allow the creation of partitions based on hashing a key column (Amul Sul)

  • Support indexes on partitioned tables (Álvaro Herrera, Amit Langote)

    An “index” on a partitioned table is not a physical index across the whole partitioned table, but rather a template for automatically creating similar indexes on each partition of the table.

    If the partition key is part of the index's column set, a partitioned index may be declared UNIQUE. It will represent a valid uniqueness constraint across the whole partitioned table, even though each physical index only enforces uniqueness within its own partition.

    The new command ALTER INDEX ATTACH PARTITION causes an existing index on a partition to be associated with a matching index template for its partitioned table. This provides flexibility in setting up a new partitioned index for an existing partitioned table.

  • Allow foreign keys on partitioned tables (Álvaro Herrera)

  • Allow FOR EACH ROW triggers on partitioned tables (Álvaro Herrera)

    Creation of a trigger on a partitioned table automatically creates triggers on all existing and future partitions. This also allows deferred unique constraints on partitioned tables.

  • Allow partitioned tables to have a default partition (Jeevan Ladhe, Beena Emerson, Ashutosh Bapat, Rahila Syed, Robert Haas)

    The default partition will store rows that don't match any of the other defined partitions, and is searched accordingly.

  • UPDATE statements that change a partition key column now cause affected rows to be moved to the appropriate partitions (Amit Khandekar)

  • Allow INSERT, UPDATE, and COPY on partitioned tables to properly route rows to foreign partitions (Etsuro Fujita, Amit Langote)

    This is supported by postgres_fdw foreign tables. Since the ExecForeignInsert callback function is called for this in a different way than it used to be, foreign data wrappers must be modified to cope with this change.

  • Allow faster partition elimination during query processing (Amit Langote, David Rowley, Dilip Kumar)

    This speeds access to partitioned tables with many partitions.

  • Allow partition elimination during query execution (David Rowley, Beena Emerson)

    Previously, partition elimination only happened at planning time, meaning many joins and prepared queries could not use partition elimination.

  • In an equality join between partitioned tables, allow matching partitions to be joined directly (Ashutosh Bapat)

    This feature is disabled by default but can be enabled by changing enable_partitionwise_join.

  • Allow aggregate functions on partitioned tables to be evaluated separately for each partition, subsequently merging the results (Jeevan Chalke, Ashutosh Bapat, Robert Haas)

    This feature is disabled by default but can be enabled by changing enable_partitionwise_aggregate.

  • Allow postgres_fdw to push down aggregates to foreign tables that are partitions (Jeevan Chalke)

  • Allow parallel building of a btree index (Peter Geoghegan, Rushabh Lathia, Heikki Linnakangas)

  • Allow hash joins to be performed in parallel using a shared hash table (Thomas Munro)

  • Allow UNION to run each SELECT in parallel if the individual SELECTs cannot be parallelized (Amit Khandekar, Robert Haas, Amul Sul)

  • Allow partition scans to more efficiently use parallel workers (Amit Khandekar, Robert Haas, Amul Sul)

  • Allow LIMIT to be passed to parallel workers (Robert Haas, Tom Lane)

    This allows workers to reduce returned results and use targeted index scans.

  • Allow single-evaluation queries, e.g. WHERE clause aggregate queries, and functions in the target list to be parallelized (Amit Kapila, Robert Haas)

  • Add server parameter parallel_leader_participation to control whether the leader also executes subplans (Thomas Munro)

    The default is enabled, meaning the leader will execute subplans.

  • Allow parallelization of commands CREATE TABLE ... AS, SELECT INTO, and CREATE MATERIALIZED VIEW (Haribabu Kommi)

  • Improve performance of sequential scans with many parallel workers (David Rowley)

  • Add reporting of parallel workers' sort activity in EXPLAIN (Robert Haas, Tom Lane)

  • Allow B-tree indexes to include columns that are not part of the search key or unique constraint, but are available to be read by index-only scans (Anastasia Lubennikova, Alexander Korotkov, Teodor Sigaev)

    This is enabled by the new INCLUDE clause of CREATE INDEX. It facilitates building “covering indexes” that optimize specific types of queries. Columns can be included even if their data types don't have B-tree support.

  • Improve performance of monotonically increasing index additions (Pavan Deolasee, Peter Geoghegan)

  • Improve performance of hash index scans (Ashutosh Sharma)

  • Add predicate locking for hash, GiST and GIN indexes (Shubham Barai)

    This reduces the likelihood of serialization conflicts in serializable-mode transactions.

  • Add prefix-match operator text ^@ text, which is supported by SP-GiST (Ildus Kurbangaliev)

    This is similar to using var LIKE 'word%' with a btree index, but it is more efficient.

  • Allow polygons to be indexed with SP-GiST (Nikita Glukhov, Alexander Korotkov)

  • Allow SP-GiST to use lossy representation of leaf keys (Teodor Sigaev, Heikki Linnakangas, Alexander Korotkov, Nikita Glukhov)

  • Improve selection of the most common values for statistics (Jeff Janes, Dean Rasheed)

    Previously, the most common values (MCVs) were identified based on their frequency compared to all column values. Now, MCVs are chosen based on their frequency compared to the non-MCV values. This improves the robustness of the algorithm for both uniform and non-uniform distributions.

  • Improve selectivity estimates for >= and <= (Tom Lane)

    Previously, such cases used the same selectivity estimates as > and <, respectively, unless the comparison constants are MCVs. This change is particularly helpful for queries involving BETWEEN with small ranges.

  • Reduce var = var to var IS NOT NULL where equivalent (Tom Lane)

    This leads to better selectivity estimates.

  • Improve optimizer's row count estimates for EXISTS and NOT EXISTS queries (Tom Lane)

  • Make the optimizer account for evaluation costs and selectivity of HAVING clauses (Tom Lane)

  • Add Just-in-Time (JIT) compilation of some parts of query plans to improve execution speed (Andres Freund)

    This feature requires LLVM to be available. It is not currently enabled by default, even in builds that support it.

  • Allow bitmap scans to perform index-only scans when possible (Alexander Kuzmenkov)

  • Update the free space map during VACUUM (Claudio Freire)

    This allows free space to be reused more quickly.

  • Allow VACUUM to avoid unnecessary index scans (Masahiko Sawada, Alexander Korotkov)

  • Improve performance of committing multiple concurrent transactions (Amit Kapila)

  • Reduce memory usage for queries using set-returning functions in their target lists (Andres Freund)

  • Improve the speed of aggregate computations (Andres Freund)

  • Allow postgres_fdw to push UPDATEs and DELETEs using joins to foreign servers (Etsuro Fujita)

    Previously, only non-join UPDATEs and DELETEs were pushed.

  • Add support for large pages on Windows (Takayuki Tsunakawa, Thomas Munro)

    This is controlled by the huge_pages configuration parameter.

  • Show memory usage in output from log_statement_stats, log_parser_stats, log_planner_stats, and log_executor_stats (Justin Pryzby, Peter Eisentraut)

  • Add column pg_stat_activity.backend_type to show the type of a background worker (Peter Eisentraut)

    The type is also visible in ps output.

  • Make log_autovacuum_min_duration log skipped tables that are concurrently being dropped (Nathan Bossart)

  • Add information_schema columns related to table constraints and triggers (Peter Eisentraut)

    Specifically, triggers.action_order, triggers.action_reference_old_table, and triggers.action_reference_new_table are now populated, where before they were always null. Also, table_constraints.enforced now exists but is not yet usefully populated.

  • Allow the server to specify more complex LDAP specifications in search+bind mode (Thomas Munro)

    Specifically, ldapsearchfilter allows pattern matching using combinations of LDAP attributes.

  • Allow LDAP authentication to use encrypted LDAP (Thomas Munro)

    We already supported LDAP over TLS by using ldaptls=1. This new TLS LDAP method for encrypted LDAP is enabled with ldapscheme=ldaps or ldapurl=ldaps://.

  • Improve logging of LDAP errors (Thomas Munro)

  • Add default roles that enable file system access (Stephen Frost)

    Specifically, the new roles are: pg_read_server_files, pg_write_server_files, and pg_execute_server_program. These roles now also control who can use server-side COPY and the file_fdw extension. Previously, only superusers could use these functions, and that is still the default behavior.

  • Allow access to file system functions to be controlled by GRANT/REVOKE permissions, rather than superuser checks (Stephen Frost)

    Specifically, these functions were modified: pg_ls_dir(), pg_read_file(), pg_read_binary_file(), pg_stat_file().

  • Use GRANT/REVOKE to control access to lo_import() and lo_export() (Michael Paquier, Tom Lane)

    Previously, only superusers were granted access to these functions.

    The compile-time option ALLOW_DANGEROUS_LO_FUNCTIONS has been removed.

  • Use view owner not session owner when preventing non-password access to postgres_fdw tables (Robert Haas)

    PostgreSQL only allows superusers to access postgres_fdw tables without passwords, e.g. via peer. Previously, the session owner had to be a superuser to allow such access; now the view owner is checked instead.

  • Fix invalid locking permission check in SELECT FOR UPDATE on views (Tom Lane)

  • Add server setting ssl_passphrase_command to allow supplying of the passphrase for SSL key files (Peter Eisentraut)

    Also add ssl_passphrase_command_supports_reload to specify whether the SSL configuration should be reloaded and ssl_passphrase_command called during a server configuration reload.

  • Add storage parameter toast_tuple_target to control the minimum tuple length before TOAST storage will be considered (Simon Riggs)

    The default TOAST threshold has not been changed.

  • Allow server options related to memory and file sizes to be specified in units of bytes (Beena Emerson)

    The new unit suffix is “B”. This is in addition to the existing units “kB”, “MB”, “GB” and “TB”.

  • Allow the WAL file size to be set during initdb (Beena Emerson)

    Previously, the 16MB default could only be changed at compile time.

  • Retain WAL data for only a single checkpoint (Simon Riggs)

    Previously, WAL was retained for two checkpoints.

  • Fill the unused portion of force-switched WAL segment files with zeros for improved compressibility (Chapman Flack)

  • Replicate TRUNCATE activity when using logical replication (Simon Riggs, Marco Nenciarini, Peter Eisentraut)

  • Pass prepared transaction information to logical replication subscribers (Nikhil Sontakke, Stas Kelvich)

  • Exclude unlogged tables, temporary tables, and pg_internal.init files from streaming base backups (David Steele)

    There is no need to copy such files.

  • Allow checksums of heap pages to be verified during streaming base backup (Michael Banck)

  • Allow replication slots to be advanced programmatically, rather than be consumed by subscribers (Petr Jelinek)

    This allows efficient advancement of replication slots when the contents do not need to be consumed. This is performed by pg_replication_slot_advance().

  • Add timeline information to the backup_label file (Michael Paquier)

    Also add a check that the WAL timeline matches the backup_label file's timeline.

  • Add host and port connection information to the pg_stat_wal_receiver system view (Haribabu Kommi)

  • Allow ALTER TABLE to add a column with a non-null default without doing a table rewrite (Andrew Dunstan, Serge Rielau)

    This is enabled when the default value is a constant.

  • Allow views to be locked by locking the underlying tables (Yugo Nagata)

  • Allow ALTER INDEX to set statistics-gathering targets for expression indexes (Alexander Korotkov, Adrien Nayrat)

    In psql, \d+ now shows the statistics target for indexes.

  • Allow multiple tables to be specified in one VACUUM or ANALYZE command (Nathan Bossart)

    Also, if any table mentioned in VACUUM uses a column list, then the ANALYZE keyword must be supplied; previously, ANALYZE was implied in such cases.

  • Add parenthesized options syntax to ANALYZE (Nathan Bossart)

    This is similar to the syntax supported by VACUUM.

  • Add CREATE AGGREGATE option to specify the behavior of the aggregate's finalization function (Tom Lane)

    This is helpful for allowing user-defined aggregate functions to be optimized and to work as window functions.

  • Allow the creation of arrays of domains (Tom Lane)

    This also allows array_agg() to be used on domains.

  • Support domains over composite types (Tom Lane)

    Also allow PL/Perl, PL/Python, and PL/Tcl to handle composite-domain function arguments and results. Also improve PL/Python domain handling.

  • Add casts from JSONB scalars to numeric and boolean data types (Anastasia Lubennikova)

  • Add all window function framing options specified by SQL:2011 (Oliver Ford, Tom Lane)

    Specifically, allow RANGE mode to use PRECEDING and FOLLOWING to select rows having grouping values within plus or minus the specified offset. Add GROUPS mode to include plus or minus the number of peer groups. Frame exclusion syntax was also added.

  • Add SHA-2 family of hash functions (Peter Eisentraut)

    Specifically, sha224(), sha256(), sha384(), sha512() were added.

  • Add support for 64-bit non-cryptographic hash functions (Robert Haas, Amul Sul)

  • Allow to_char() and to_timestamp() to specify the time zone's offset from UTC in hours and minutes (Nikita Glukhov, Andrew Dunstan)

    This is done with format specifications TZH and TZM.

  • Add text search function websearch_to_tsquery() that supports a query syntax similar to that used by web search engines (Victor Drobny, Dmitry Ivanov)

  • Add functions json(b)_to_tsvector() to create a text search query for matching JSON/JSONB values (Dmitry Dolgov)

  • Add SQL-level procedures, which can start and commit their own transactions (Peter Eisentraut)

    They are created with the new CREATE PROCEDURE command and invoked via CALL.

    The new ALTER/DROP ROUTINE commands allow altering/dropping of all routine-like objects, including procedures, functions, and aggregates.

    Also, writing FUNCTION is now preferred over writing PROCEDURE in CREATE OPERATOR and CREATE TRIGGER, because the referenced object must be a function not a procedure. However, the old syntax is still accepted for compatibility.

  • Add transaction control to PL/pgSQL, PL/Perl, PL/Python, PL/Tcl, and SPI server-side languages (Peter Eisentraut)

    Transaction control is only available within top-transaction-level procedures and nested DO and CALL blocks that only contain other DO and CALL blocks.

  • Add the ability to define PL/pgSQL composite-type variables as not null, constant, or with initial values (Tom Lane)

  • Allow PL/pgSQL to handle changes to composite types (e.g. record, row) that happen between the first and later function executions in the same session (Tom Lane)

    Previously, such circumstances generated errors.

  • Add extension jsonb_plpython to transform JSONB to/from PL/Python types (Anthony Bykov)

  • Add extension jsonb_plperl to transform JSONB to/from PL/Perl types (Anthony Bykov)

  • Change libpq to disable compression by default (Peter Eisentraut)

    Compression is already disabled in modern OpenSSL versions, so that the libpq setting had no effect with such libraries.

  • Add DO CONTINUE option to ecpg's WHENEVER statement (Vinayak Pokale)

    This generates a C continue statement, causing a return to the top of the contained loop when the specified condition occurs.

  • Add an ecpg mode to enable Oracle Pro*C-style handling of char arrays.

    This mode is enabled with -C.

  • Add psql command \gdesc to display the names and types of the columns in a query result (Pavel Stehule)

  • Add psql variables to report query activity and errors (Fabien Coelho)

    Specifically, the new variables are ERROR, SQLSTATE, ROW_COUNT, LAST_ERROR_MESSAGE, and LAST_ERROR_SQLSTATE.

  • Allow psql to test for the existence of a variable (Fabien Coelho)

    Specifically, the syntax :{?variable_name} allows a variable's existence to be tested in an \if statement.

  • Allow environment variable PSQL_PAGER to control psql's pager (Pavel Stehule)

    This allows psql's default pager to be specified as a separate environment variable from the pager for other applications. PAGER is still honored if PSQL_PAGER is not set.

  • Make psql's \d+ command always show the table's partitioning information (Amit Langote, Ashutosh Bapat)

    Previously, partition information would not be displayed for a partitioned table if it had no partitions. Also indicate which partitions are themselves partitioned.

  • Ensure that psql reports the proper user name when prompting for a password (Tom Lane)

    Previously, combinations of -U and a user name embedded in a URI caused incorrect reporting. Also suppress the user name before the password prompt when --password is specified.

  • Allow quit and exit to exit psql when given with no prior input (Bruce Momjian)

    Also print hints about how to exit when quit and exit are used alone on a line while the input buffer is not empty. Add a similar hint for help.

  • Make psql hint at using control-D when \q is entered alone on a line but ignored (Bruce Momjian)

    For example, \q does not exit when supplied in character strings.

  • Improve tab completion for ALTER INDEX RESET/SET (Masahiko Sawada)

  • Add infrastructure to allow psql to adapt its tab completion queries based on the server version (Tom Lane)

    Previously, tab completion queries could fail against older servers.

  • Add pgbench expression support for NULLs, booleans, and some functions and operators (Fabien Coelho)

  • Add \if conditional support to pgbench (Fabien Coelho)

  • Allow the use of non-ASCII characters in pgbench variable names (Fabien Coelho)

  • Add pgbench option --init-steps to control the initialization steps performed (Masahiko Sawada)

  • Add an approximately Zipfian-distributed random generator to pgbench (Alik Khilazhev)

  • Allow the random seed to be set in pgbench (Fabien Coelho)

  • Allow pgbench to do exponentiation with pow() and power() (Raúl Marín Rodríguez)

  • Add hashing functions to pgbench (Ildar Musin)

  • Make pgbench statistics more accurate when using --latency-limit and --rate (Fabien Coelho)

  • Add an option to pg_basebackup that creates a named replication slot (Michael Banck)

    The option --create-slot creates the named replication slot (--slot) when the WAL streaming method (--wal-method=stream) is used.

  • Allow initdb to set group read access to the data directory (David Steele)

    This is accomplished with the new initdb option --allow-group-access. Administrators can also set group permissions on the empty data directory before running initdb. Server variable data_directory_mode allows reading of data directory group permissions.

  • Add pg_verify_checksums tool to verify database checksums while offline (Magnus Hagander)

  • Allow pg_resetwal to change the WAL segment size via --wal-segsize (Nathan Bossart)

  • Add long options to pg_resetwal and pg_controldata (Nathan Bossart, Peter Eisentraut)

  • Add pg_receivewal option --no-sync to prevent synchronous WAL writes, for testing (Michael Paquier)

  • Add pg_receivewal option --endpos to specify when WAL receiving should stop (Michael Paquier)

  • Allow pg_ctl to send the SIGKILL signal to processes (Andres Freund)

    This was previously unsupported due to concerns over possible misuse.

  • Reduce the number of files copied by pg_rewind (Michael Paquier)

  • Prevent pg_rewind from running as root (Michael Paquier)

  • Add pg_dumpall option --encoding to control output encoding (Michael Paquier)

    pg_dump already had this option.

  • Add pg_dump option --load-via-partition-root to force loading of data into the partition's root table, rather than the original partition (Rushabh Lathia)

    This is useful if the system to be loaded to has different collation definitions or endianness, possibly requiring rows to be stored in different partitions than previously.

  • Add an option to suppress dumping and restoring database object comments (Robins Tharakan)

    The new pg_dump, pg_dumpall, and pg_restore option is --no-comments.

  • Add PGXS support for installing include files (Andrew Gierth)

    This supports creating extension modules that depend on other modules. Formerly there was no easy way for the dependent module to find the referenced one's include files. Several existing contrib modules that define data types have been adjusted to install relevant files. Also, PL/Perl and PL/Python now install their include files, to support creation of transform modules for those languages.

  • Install errcodes.txt to allow extensions to access the list of error codes known to PostgreSQL (Thomas Munro)

  • Convert documentation to DocBook XML (Peter Eisentraut, Alexander Lakhin, Jürgen Purtz)

    The file names still use an sgml extension for compatibility with back branches.

  • Use stdbool.h to define type bool on platforms where it's suitable, which is most (Peter Eisentraut)

    This eliminates a coding hazard for extension modules that need to include stdbool.h.

  • Overhaul the way that initial system catalog contents are defined (John Naylor)

    The initial data is now represented in Perl data structures, making it much easier to manipulate mechanically.

  • Prevent extensions from creating custom server parameters that take a quoted list of values (Tom Lane)

    This cannot be supported at present because knowledge of the parameter's property would be required even before the extension is loaded.

  • Add ability to use channel binding when using SCRAM authentication (Michael Paquier)

    Channel binding is intended to prevent man-in-the-middle attacks, but SCRAM cannot prevent them unless it can be forced to be active. Unfortunately, there is no way to do that in libpq. Support for it is expected in future versions of libpq and in interfaces not built using libpq, e.g. JDBC.

  • Allow background workers to attach to databases that normally disallow connections (Magnus Hagander)

  • Add support for hardware CRC calculations on ARMv8 (Yuqi Gu, Heikki Linnakangas, Thomas Munro)

  • Speed up lookups of built-in functions by OID (Andres Freund)

    The previous binary search has been replaced by a lookup array.

  • Speed up construction of query results (Andres Freund)

  • Improve speed of access to system caches (Andres Freund)

  • Add a generational memory allocator which is optimized for serial allocation/deallocation (Tomas Vondra)

    This reduces memory usage for logical decoding.

  • Make the computation of pg_class.reltuples by VACUUM consistent with its computation by ANALYZE (Tomas Vondra)

  • Update to use perltidy version 20170521 (Tom Lane, Peter Eisentraut)

  • Allow extension pg_prewarm to restore the previous shared buffer contents on startup (Mithun Cy, Robert Haas)

    This is accomplished by having pg_prewarm store the shared buffers' relation and block number data to disk occasionally during server operation, and at shutdown.

  • Add pg_trgm function strict_word_similarity() to compute the similarity of whole words (Alexander Korotkov)

    The function word_similarity() already existed for this purpose, but it was designed to find similar parts of words, while strict_word_similarity() computes the similarity to whole words.

  • Allow btree_gin to index bool, bpchar, name and uuid data types (Matheus Oliveira)

  • Allow cube and seg extensions to perform index-only scans using GiST indexes (Andrey Borodin)

  • Allow retrieval of negative cube coordinates using the ~> operator (Alexander Korotkov)

    This is useful for KNN-GiST searches when looking for coordinates in descending order.

  • Add Vietnamese letter handling to the unaccent extension (Dang Minh Huong, Michael Paquier)

  • Enhance amcheck to check that each heap tuple has an index entry (Peter Geoghegan)

  • Have adminpack use the new default file system access roles (Stephen Frost)

    Previously, only superusers could call adminpack functions; now role permissions are checked.

  • Widen pg_stat_statement's query ID to 64 bits (Robert Haas)

    This greatly reduces the chance of query ID hash collisions. The query ID can now potentially display as a negative value.

  • Remove the contrib/start-scripts/osx scripts since they are no longer recommended (use contrib/start-scripts/macos instead) (Tom Lane)

  • Remove the chkpass extension (Peter Eisentraut)

    This extension is no longer considered to be a usable security tool or example of how to write an extension.

• ⇑ Upgrade to 11.1 released on 2018-11-08 - docs

  • Ensure proper quoting of transition table names when pg_dump emits CREATE TRIGGER ... REFERENCING commands (Tom Lane)

    This oversight could be exploited by an unprivileged user to gain superuser privileges during the next dump/reload or pg_upgrade run. (CVE-2018-16850)

  • Apply the tablespace specified for a partitioned index when creating a child index (Álvaro Herrera)

    Previously, child indexes were always created in the default tablespace.

  • Fix NULL handling in parallel hashed multi-batch left joins (Andrew Gierth, Thomas Munro)

    Outer-relation rows with null values of the hash key were omitted from the join result.

  • Fix incorrect processing of an array-type coercion expression appearing within a CASE clause that has a constant test expression (Tom Lane)

  • Fix incorrect expansion of tuples lacking recently-added columns (Andrew Dunstan, Amit Langote)

    This is known to lead to crashes in triggers on tables with recently-added columns, and could have other symptoms as well.

  • Fix bugs with named or defaulted arguments in CALL argument lists (Tom Lane, Pavel Stehule)

  • Fix strictness check for strict aggregates with ORDER BY columns (Andrew Gierth, Andres Freund)

    The strictness logic incorrectly ignored rows for which the ORDER BY value(s) were null.

  • Disable recheck_on_update optimization (Tom Lane)

    This new-in-v11 feature turns out not to have been ready for prime time. Disable it until something can be done about it.

  • Prevent creation of a partition in a trigger attached to its parent table (Amit Langote)

    Ideally we'd allow that, but for the moment it has to be blocked to avoid crashes.

  • Fix problems with applying ON COMMIT DELETE ROWS to a partitioned temporary table (Amit Langote)

  • Fix character-class checks to not fail on Windows for Unicode characters above U+FFFF (Tom Lane, Kenji Uno)

    This bug affected full-text-search operations, as well as contrib/ltree and contrib/pg_trgm.

  • Ensure that the server will process already-received NOTIFY and SIGTERM interrupts before waiting for client input (Jeff Janes, Tom Lane)

  • Fix memory leak in repeated SP-GiST index scans (Tom Lane)

    This is only known to amount to anything significant in cases where an exclusion constraint using SP-GiST receives many new index entries in a single command.

  • Prevent starting the server with wal_level set to too low a value to support an existing replication slot (Andres Freund)

  • Fix psql, as well as documentation examples, to call PQconsumeInput() before each PQnotifies() call (Tom Lane)

    This fixes cases in which psql would not report receipt of a NOTIFY message until after the next command.

  • Fix pg_verify_checksums's determination of which files to check the checksums of (Michael Paquier)

    In some cases it complained about files that are not expected to have checksums.

  • In contrib/pg_stat_statements, disallow the pg_read_all_stats role from executing pg_stat_statements_reset() (Haribabu Kommi)

    pg_read_all_stats is only meant to grant permission to read statistics, not to change them, so this grant was incorrect.

    To cause this change to take effect, run ALTER EXTENSION pg_stat_statements UPDATE in each database where pg_stat_statements has been installed. (A database freshly created in 11.0 should not need this, but a database upgraded from a previous release probably still contains the old version of pg_stat_statements. The UPDATE command is harmless if the module was already updated.)

  • Rename red-black tree support functions to use rbt prefix not rb prefix (Tom Lane)

    This avoids name collisions with Ruby functions, which broke PL/Ruby. It's hoped that there are no other affected extensions.

  • Fix build problems on macOS 10.14 (Mojave) (Tom Lane)

    Adjust configure to add an -isysroot switch to CPPFLAGS; without this, PL/Perl and PL/Tcl fail to configure or build on macOS 10.14. The specific sysroot used can be overridden at configure time or build time by setting the PG_SYSROOT variable in the arguments of configure or make.

    It is now recommended that Perl-related extensions write $(perl_includespec) rather than -I$(perl_archlibexp)/CORE in their compiler flags. The latter continues to work on most platforms, but not recent macOS.

    Also, it should no longer be necessary to specify --with-tclconfig manually to get PL/Tcl to build on recent macOS releases.

  • Fix MSVC build and regression-test scripts to work on recent Perl versions (Andrew Dunstan)

    Perl no longer includes the current directory in its search path by default; work around that.

  • On Windows, allow the regression tests to be run by an Administrator account (Andrew Dunstan)

    To do this safely, pg_regress now gives up any such privileges at startup.

  • Update time zone data files to tzdata release 2018g for DST law changes in Chile, Fiji, Morocco, and Russia (Volgograd), plus historical corrections for China, Hawaii, Japan, Macau, and North Korea.

• ⇑ Upgrade to 11.2 released on 2019-02-14 - docs

  • By default, panic instead of retrying after fsync() failure, to avoid possible data corruption (Craig Ringer, Thomas Munro)

    Some popular operating systems discard kernel data buffers when unable to write them out, reporting this as fsync() failure. If we reissue the fsync() request it will succeed, but in fact the data has been lost, so continuing risks database corruption. By raising a panic condition instead, we can replay from WAL, which may contain the only remaining copy of the data in such a situation. While this is surely ugly and inefficient, there are few alternatives, and fortunately the case happens very rarely.

    A new server parameter data_sync_retry has been added to control this; if you are certain that your kernel does not discard dirty data buffers in such scenarios, you can set data_sync_retry to on to restore the old behavior.

  • Include each major release branch's release notes in the documentation for only that branch, rather than that branch and all later ones (Tom Lane)

    The duplication induced by the previous policy was getting out of hand. Our plan is to provide a full archive of release notes on the project's web site, but not duplicate it within each release.

  • Fix handling of unique indexes with INCLUDE columns on partitioned tables (Álvaro Herrera)

    The uniqueness condition was not checked properly in such cases.

  • Ensure that NOT NULL constraints of a partitioned table are honored within its partitions (Álvaro Herrera, Amit Langote)

  • Update catalog state correctly for partition table constraints when detaching their partition (Amit Langote, Álvaro Herrera)

    Previously, the pg_constraint.conislocal field for such a constraint might improperly be left as false, rendering it undroppable. A dump/restore or pg_upgrade would cure the problem, but if necessary, the catalog field can be adjusted manually.

  • Create or delete foreign key enforcement triggers correctly when attaching or detaching a partition in a partitioned table that has a foreign-key constraint (Amit Langote, Álvaro Herrera)

  • Avoid useless creation of duplicate foreign key constraints in partitioned tables (Álvaro Herrera)

  • When an index is created on a partitioned table using ONLY, and there are no partitions yet, mark it valid immediately (Álvaro Herrera)

    Otherwise there is no way to make it become valid.

  • Use a safe table lock level when detaching a partition (Álvaro Herrera)

    The previous locking level was too weak and might allow concurrent DDL on the table, with bad results.

  • Fix problems with applying ON COMMIT DROP and ON COMMIT DELETE ROWS to partitioned tables and tables with inheritance children (Michael Paquier)

  • Disallow COPY FREEZE on partitioned tables (David Rowley)

    This should eventually be made to work, but it may require a patch that's too complicated to risk back-patching.

  • Fix possible index corruption when the indexed column has a “fast default” (that is, it was added by ALTER TABLE ADD COLUMN with a constant non-NULL default value specified, after the table already contained some rows) (Andres Freund)

  • Correctly adjust “fast default” values during ALTER TABLE ... ALTER COLUMN TYPE (Andrew Dunstan)

  • Avoid possible deadlock when acquiring multiple buffer locks (Nishant Fnu)

  • Avoid deadlock between GIN vacuuming and concurrent index insertions (Alexander Korotkov, Andrey Borodin, Peter Geoghegan)

    This change partially reverts a performance improvement, introduced in version 10.0, that attempted to reduce the number of index pages locked during deletion of a GIN posting tree page. That's now been found to lead to deadlocks, so we've removed it pending closer analysis.

  • Avoid deadlock between hot-standby queries and replay of GIN index page deletion (Alexander Korotkov)

  • Fix possible crashes in logical replication when index expressions or predicates are in use (Peter Eisentraut)

  • Avoid useless and expensive logical decoding of TOAST data during a table rewrite (Tomas Vondra)

  • Fix logic for stopping a subset of WAL senders when synchronous replication is enabled (Paul Guo, Michael Paquier)

  • Avoid possibly writing an incorrect replica identity field in a tuple deletion WAL record (Stas Kelvich)

  • Prevent incorrect use of WAL-skipping optimization during COPY to a view or foreign table (Amit Langote, Michael Paquier)

  • Make the archiver prioritize WAL history files over WAL data files while choosing which file to archive next (David Steele)

  • Fix possible crash in UPDATE with a multiple SET clause using a sub-SELECT as source (Tom Lane)

  • Fix crash when zero rows are fed to json[b]_populate_recordset() or json[b]_to_recordset() (Tom Lane)

  • Avoid crash if libxml2 returns a null error message (Sergio Conde Gómez)

  • Fix incorrect JIT tuple deforming code for tables with many columns (more than approximately 800) (Andres Freund)

  • Fix performance and memory leakage issues in hash-based grouping (Andres Freund)

  • Fix spurious grouping-related parser errors caused by inconsistent handling of collation assignment (Andrew Gierth)

    In some cases, expressions that should be considered to match were not seen as matching, if they included operations on collatable data types.

  • Fix parsing of collation-sensitive expressions in the arguments of a CALL statement (Peter Eisentraut)

  • Ensure proper cleanup after detecting an error in the argument list of a CALL statement (Tom Lane)

  • Check whether the comparison function underlying LEAST() or GREATEST() is leakproof, rather than just assuming it is (Tom Lane)

    Actual information leaks from btree comparison functions are typically hard to provoke, but in principle they could happen.

  • Fix incorrect planning of queries involving nested loops both above and below a Gather plan node (Tom Lane)

    If both levels of nestloop needed to pass the same variable into their right-hand sides, an incorrect plan would be generated.

  • Fix incorrect planning of queries in which a lateral reference must be evaluated at a foreign table scan (Tom Lane)

  • Fix planner failure when the first column of a row comparison matches an index column, but later column(s) do not, and the index has included (non-key) columns (Tom Lane)

  • Fix corner-case underestimation of the cost of a merge join (Tom Lane)

    The planner could prefer a merge join when the outer key range is much smaller than the inner key range, even if there are so many duplicate keys on the inner side that this is a poor choice.

  • Avoid O(N^2) planning time growth when a query contains many thousand indexable clauses (Tom Lane)

  • Improve planning speed for large inheritance or partitioning table groups (Amit Langote, Etsuro Fujita)

  • Improve ANALYZE's handling of concurrently-updated rows (Jeff Janes, Tom Lane)

    Previously, rows deleted by an in-progress transaction were omitted from ANALYZE's sample, but this has been found to lead to more inconsistency than including them would do. In effect, the sample now corresponds to an MVCC snapshot as of ANALYZE's start time.

  • Make TRUNCATE ignore inheritance child tables that are temporary tables of other sessions (Amit Langote, Michael Paquier)

    This brings TRUNCATE into line with the behavior of other commands. Previously, such cases usually ended in failure.

  • Fix TRUNCATE to update the statistics counters for the right table (Tom Lane)

    If the truncated table had a TOAST table, that table's counters were reset instead.

  • Process ALTER TABLE ONLY ADD COLUMN IF NOT EXISTS correctly (Greg Stark)

  • Allow UNLISTEN in hot-standby mode (Shay Rojansky)

    This is necessarily a no-op, because LISTEN isn't allowed in hot-standby mode; but allowing the dummy operation simplifies session-state-reset logic in clients.

  • Fix missing role dependencies in some schema and data type permissions lists (Tom Lane)

    In some cases it was possible to drop a role to which permissions had been granted. This caused no immediate problem, but a subsequent dump/reload or upgrade would fail, with symptoms involving attempts to grant privileges to all-numeric role names.

  • Prevent use of a session's temporary schema within a two-phase transaction (Michael Paquier)

    Accessing a temporary table within such a transaction has been forbidden for a long time, but it was still possible to cause problems with other operations on temporary objects.

  • Ensure relation caches are updated properly after adding or removing foreign key constraints (Álvaro Herrera)

    This oversight could result in existing sessions failing to enforce a newly-created constraint, or continuing to enforce a dropped one.

  • Ensure relation caches are updated properly after renaming constraints (Amit Langote)

  • Fix replay of GiST index micro-vacuum operations so that concurrent hot-standby queries do not see inconsistent state (Alexander Korotkov)

  • Prevent empty GIN index pages from being reclaimed too quickly, causing failures of concurrent searches (Andrey Borodin, Alexander Korotkov)

  • Fix edge-case failures in float-to-integer coercions (Andrew Gierth, Tom Lane)

    Values very slightly above the maximum valid integer value might not be rejected, and then would overflow, producing the minimum valid integer instead. Also, values that should round to the minimum or maximum integer value might be incorrectly rejected.

  • Fix parsing of space-separated lists of host names in the ldapserver parameter of LDAP authentication entries in pg_hba.conf (Thomas Munro)

  • When making a PAM authentication request, don't set the PAM_RHOST variable if the connection is via a Unix socket (Thomas Munro)

    Previously that variable would be set to [local], which is at best unhelpful, since it's supposed to be a host name.

  • Disallow setting client_min_messages higher than ERROR (Jonah Harris, Tom Lane)

    Previously, it was possible to set this variable to FATAL or PANIC, which had the effect of suppressing transmission of ordinary error messages to the client. However, that's contrary to guarantees that are given in the PostgreSQL wire protocol specification, and it caused some clients to become very confused. In released branches, fix this by silently treating such settings as meaning ERROR instead. Version 12 and later will reject those alternatives altogether.

  • Fix ecpglib to use uselocale() or _configthreadlocale() in preference to setlocale() (Michael Meskes, Tom Lane)

    Since setlocale() is not thread-local, and might not even be thread-safe, the previous coding caused problems in multi-threaded ecpg applications.

  • Fix incorrect results for numeric data passed through an ecpg SQLDA (SQL Descriptor Area) (Daisuke Higuchi)

    Values with leading zeroes were not copied correctly.

  • Fix psql's \g target meta-command to work with COPY TO STDOUT (Daniel Vérité)

    Previously, the target option was ignored, so that the copy data always went to the current query output target.

  • Make psql's LaTeX output formats render special characters properly (Tom Lane)

    Backslash and some other ASCII punctuation characters were not rendered correctly, leading to document syntax errors or wrong characters in the output.

  • Make pgbench's random number generation fully deterministic and platform-independent when --random-seed=N is specified (Fabien Coelho, Tom Lane)

    On any specific platform, the sequence obtained with a particular value of N will probably be different from what it was before this patch.

  • Fix pg_basebackup and pg_verify_checksums to ignore temporary files appropriately (Michael Banck, Michael Paquier)

  • Fix pg_dump's handling of materialized views with indirect dependencies on primary keys (Tom Lane)

    This led to mis-labeling of such views' dump archive entries, causing harmless warnings about “archive items not in correct section order”; less harmlessly, selective-restore options depending on those labels, such as --section, might misbehave.

  • Make pg_dump include ALTER INDEX SET STATISTICS commands (Michael Paquier)

    When the ability to attach statistics targets to index expressions was added, we forgot to teach pg_dump about it, so that such settings were lost in dump/reload.

  • Fix pg_dump's dumping of tables that have OIDs (Peter Eisentraut)

    The WITH OIDS clause was omitted if it needed to be applied to the first table to be dumped.

  • Avoid null-pointer-dereference crash on some platforms when pg_dump or pg_restore tries to report an error (Tom Lane)

  • Prevent false index-corruption reports from contrib/amcheck caused by inline-compressed data (Peter Geoghegan)

  • Properly disregard SIGPIPE errors if COPY FROM PROGRAM stops reading the program's output early (Tom Lane)

    This case isn't actually reachable directly with COPY, but it can happen when using contrib/file_fdw.

  • Fix contrib/hstore to calculate correct hash values for empty hstore values that were created in version 8.4 or before (Andrew Gierth)

    The previous coding did not give the same result as for an empty hstore value created by a newer version, thus potentially causing wrong results in hash joins or hash aggregation. It is advisable to reindex any hash indexes built on hstore columns, if the table might contain data that was originally stored as far back as 8.4 and was never dumped/reloaded since then.

  • Avoid crashes and excessive runtime with large inputs to contrib/intarray's gist__int_ops index support (Andrew Gierth)

  • In configure, look for python3 and then python2 if python isn't found (Peter Eisentraut)

    This allows PL/Python to be configured without explicitly specifying PYTHON on platforms that no longer provide an unversioned python executable.

  • Include JIT-related headers in the installed set of header files (Donald Dong)

  • Support new Makefile variables PG_CFLAGS, PG_CXXFLAGS, and PG_LDFLAGS in pgxs builds (Christoph Berg)

    This simplifies customization of extension build processes.

  • Fix Perl-coded build scripts to not assume “.” is in the search path, since recent Perl versions don't include that (Andrew Dunstan)

  • Fix server command-line option parsing problems on OpenBSD (Tom Lane)

  • Relocate call of set_rel_pathlist_hook so that extensions can use it to supply partial paths for parallel queries (KaiGai Kohei)

    This is not expected to affect existing use-cases.

  • Update time zone data files to tzdata release 2018i for DST law changes in Kazakhstan, Metlakatla, and Sao Tome and Principe. Kazakhstan's Qyzylorda zone is split in two, creating a new zone Asia/Qostanay, as some areas did not change UTC offset. Historical corrections for Hong Kong and numerous Pacific islands.

• ⇑ Upgrade to 11.3 released on 2019-05-09 - docs

  • Prevent row-level security policies from being bypassed via selectivity estimators (Dean Rasheed)

    Some of the planner's selectivity estimators apply user-defined operators to values found in pg_statistic (e.g., most-common values). A leaky operator therefore can disclose some of the entries in a data column, even if the calling user lacks permission to read that column. In CVE-2017-7484 we added restrictions to forestall that, but we failed to consider the effects of row-level security. A user who has SQL permission to read a column, but who is forbidden to see certain rows due to RLS policy, might still learn something about those rows' contents via a leaky operator. This patch further tightens the rules, allowing leaky operators to be applied to statistics data only when there is no relevant RLS policy. (CVE-2019-10130)

  • Avoid access to already-freed memory during partition routing error reports (Michael Paquier)

    This mistake could lead to a crash, and in principle it might be possible to use it to disclose server memory contents. (CVE-2019-10129)

  • Avoid catalog corruption when an ALTER TABLE on a partitioned table finds that a partitioned index is reusable (Amit Langote, Tom Lane)

    This occurs, for example, when ALTER COLUMN TYPE finds that no physical table rewrite is required.

  • Avoid catalog corruption when a temporary table with ON COMMIT DROP and an identity column is created in a single-statement transaction (Peter Eisentraut)

    This hazard was overlooked because the case is not actually useful, since the temporary table would be dropped immediately after creation.

  • Fix failure in ALTER INDEX ... ATTACH PARTITION if the partitioned table contains more dropped columns than its partition does (Álvaro Herrera)

  • Fix failure to attach a partition's existing index to a newly-created partitioned index in some cases (Amit Langote, Álvaro Herrera)

    This would lead to errors such as “index ... not found in partition” in subsequent DDL that uses the partitioned index.

  • Avoid crash when an EPQ recheck is performed for a partitioned query result relation (Amit Langote)

    This occurs when using READ COMMITTED isolation level and another session has concurrently updated some of the target row(s).

  • Fix tuple routing in multi-level partitioned tables that have dropped attributes (Amit Langote, Michael Paquier)

  • Fix failure when the slow path of foreign key constraint initial validation is applied to partitioned tables (Hadi Moshayedi, Tom Lane, Andres Freund)

    This didn't manifest except in the uncommon cases where the fast path can't be used (such as permissions problems).

  • Fix behavior for an UPDATE or DELETE on an inheritance tree or partitioned table in which every table can be excluded (Amit Langote, Tom Lane)

    In such cases, the query did not report the correct set of output columns when a RETURNING clause was present, and if there were any statement-level triggers that should be fired, it didn't fire them.

  • When accessing a partition directly, and constraint_exclusion is set to on, use the partition's partition constraint as well as any CHECK constraints for exclusion checking (Amit Langote, Tom Lane)

    This change restores the behavior to what it was in v10.

  • Avoid server crash when an error occurs while trying to persist a cursor query across a transaction commit (Tom Lane)

    If a procedure attempts to commit while it has an open explicit or implicit cursor (for example, a PL/pgSQL FOR-loop query), the cursor must be executed to completion and its results saved before the transaction commit can be performed. An error occurring during such execution led to a crash.

  • Avoid throwing incorrect errors for updates of temporary tables and unlogged tables when a FOR ALL TABLES publication exists (Peter Eisentraut)

    Such tables should be ignored for publication purposes, but some parts of the code failed to do so.

  • Fix handling of explicit DEFAULT items in an INSERT ... VALUES command with multiple VALUES rows, if the target relation is an updatable view (Amit Langote, Dean Rasheed)

    When the updatable view has no default for the column but its underlying table has one, a single-row INSERT ... VALUES will use the underlying table's default. In the multi-row case, however, NULL was always used. Correct it to act like the single-row case.

  • Fix CREATE VIEW to allow zero-column views (Ashutosh Sharma)

    We should allow this for consistency with allowing zero-column tables. Since a table can be converted to a view, zero-column views could be created even with the restriction in place, leading to dump/reload failures.

  • Add missing support for CREATE TABLE IF NOT EXISTS ... AS EXECUTE ... (Andreas Karlsson)

    The combination of IF NOT EXISTS and EXECUTE should work, but the grammar omitted it.

  • Ensure that sub-SELECTs appearing in row-level-security policy expressions are executed with the correct user's permissions (Dean Rasheed)

    Previously, if the table having the RLS policy was accessed via a view, such checks might be executed as the user calling the view, not as the view owner as they should be.

  • Accept XML documents as valid values of type xml when xmloption is set to content, as required by SQL:2006 and later (Chapman Flack)

    Previously PostgreSQL followed the SQL:2003 definition, which doesn't allow this. But that creates a serious problem for dump/restore: there is no setting of xmloption that will accept all valid XML data. Hence, switch to the 2006 definition.

    pg_dump is also modified to emit SET xmloption = content while restoring data, ensuring that dump/restore works even if the prevailing setting is document.

  • Improve server's startup-time checks for whether a pre-existing shared memory segment is still in use (Noah Misch)

    The postmaster is now more likely to detect that there are still active processes from a previous postmaster incarnation, even if the postmaster.pid file has been removed.

  • Avoid possible division-by-zero in btree index vacuum logic (Piotr Stefaniak, Alexander Korotkov)

    This could lead to incorrect decisions about whether index cleanup is needed.

  • Avoid counting parallel workers' transactions as separate transactions (Haribabu Kommi)

  • Fix incompatibility of GIN-index WAL records (Alexander Korotkov)

    A fix applied in February's minor releases was not sufficiently careful about backwards compatibility, leading to problems if a standby server of that vintage reads GIN page-deletion WAL records generated by a primary server of a previous minor release.

  • Fix possible crash while executing a SHOW command in a replication connection (Michael Paquier)

  • Avoid server memory leak when fetching rows from a portal one at a time (Tom Lane)

  • Avoid memory leak when a partition's relation cache entry is rebuilt (Amit Langote, Tom Lane)

  • Tolerate EINVAL and ENOSYS error results, where appropriate, for fsync and sync_file_range calls (Thomas Munro, James Sewell)

    The previous change to panic on file synchronization failures turns out to have been excessively paranoid for certain cases where a failure is predictable and essentially means “operation not supported”.

  • Report correct relation name in autovacuum's pg_stat_activity display during BRIN summarize operations (Álvaro Herrera)

  • Avoid crash when trying to plan a partition-wise join when GEQO is active (Tom Lane)

  • Fix “failed to build any N-way joins” planner failures with lateral references leading out of FULL outer joins (Tom Lane)

  • Fix misplanning of queries in which a set-returning function is applied to a relation that is provably empty (Tom Lane, Julien Rouhaud)

    In v10, this oversight only led to slightly inefficient plans, but in v11 it could cause “set-valued function called in context that cannot accept a set” errors.

  • Check the appropriate user's permissions when enforcing rules about letting a leaky operator see pg_statistic data (Dean Rasheed)

    When an underlying table is being accessed via a view, consider the privileges of the view owner while deciding whether leaky operators may be applied to the table's statistics data, rather than the privileges of the user making the query. This makes the planner's rules about what data is visible match up with the executor's, avoiding unnecessarily-poor plans.

  • Fix planner's parallel-safety assessment for grouped queries (Etsuro Fujita)

    Previously, target-list evaluation work that could have been parallelized might not be.

  • Fix mishandling of “included” index columns in planner's unique-index logic (Tom Lane)

    This could result in failing to recognize that a unique index with included columns proves uniqueness of a query result, leading to a poor plan.

  • Fix incorrect strictness check for array coercion expressions (Tom Lane)

    This might allow, for example, incorrect inlining of a strict SQL function, leading to non-enforcement of the strictness condition.

  • Speed up planning when there are many equality conditions and many potentially-relevant foreign key constraints (David Rowley)

  • Avoid O(N^2) performance issue when rolling back a transaction that created many tables (Tomas Vondra)

  • Fix corner-case server crashes in dynamic shared memory allocation (Thomas Munro, Robert Haas)

  • Fix race conditions in management of dynamic shared memory (Thomas Munro)

    These could lead to “dsa_area could not attach to segment” or “cannot unpin a segment that is not pinned” errors.

  • Fix race condition in which a hot-standby postmaster could fail to shut down after receiving a smart-shutdown request (Tom Lane)

  • Fix possible crash when pg_identify_object_as_address() is given invalid input (Álvaro Herrera)

  • Fix possible “could not access status of transaction” failures in txid_status() (Thomas Munro)

  • Fix authentication failure when attempting to use SCRAM authentication with mixed OpenSSL library versions (Michael Paquier, Peter Eisentraut)

    If libpq is using OpenSSL 1.0.1 or older while the server is using OpenSSL 1.0.2 or newer, the negotiation of which SASL mechanism to use went wrong, leading to a confusing “channel binding not supported by this build” error message.

  • Tighten validation of encoded SCRAM-SHA-256 and MD5 passwords (Jonathan Katz)

    A password string that had the right initial characters could be mistaken for one that is correctly hashed into SCRAM-SHA-256 or MD5 format. The password would be accepted but would be unusable later.

  • Fix handling of lc_time settings that imply an encoding different from the database's encoding (Juan José Santamaría Flecha, Tom Lane)

    Localized month or day names that include non-ASCII characters previously caused unexpected errors or wrong output in such locales.

  • Create the current_logfiles file with the same permissions as other files in the server's data directory (Haribabu Kommi)

    Previously it used the permissions specified by log_file_mode, but that can cause problems for backup utilities.

  • Fix incorrect operator_precedence_warning checks involving unary minus operators (Rikard Falkeborn)

  • Disallow NaN as a value for floating-point server parameters (Tom Lane)

  • Rearrange REINDEX processing to avoid assertion failures when reindexing individual indexes of pg_class (Andres Freund, Tom Lane)

  • Fix planner assertion failure for parameterized dummy paths (Tom Lane)

  • Insert correct test function in the result of SnapBuildInitialSnapshot() (Antonin Houska)

    No core code cares about this, but some extensions do.

  • Fix intermittent “could not reattach to shared memory” session startup failures on Windows (Noah Misch)

    A previously unrecognized source of these failures is creation of thread stacks for a process's default thread pool. Arrange for such stacks to be allocated in a different memory region.

  • Fix error detection in directory scanning on Windows (Konstantin Knizhnik)

    Errors, such as lack of permissions to read the directory, were not detected or reported correctly; instead the code silently acted as though the directory were empty.

  • Fix grammar problems in ecpg (Tom Lane)

    A missing semicolon led to mistranslation of SET variable = DEFAULT (but not SET variable TO DEFAULT) in ecpg programs, producing syntactically invalid output that the server would reject. Additionally, in a DROP TYPE or DROP DOMAIN command that listed multiple type names, only the first type name was actually processed.

  • Sync ecpg's syntax for CREATE TABLE AS with the server's (Daisuke Higuchi)

  • Fix possible buffer overruns in ecpg's processing of include filenames (Liu Huailing, Fei Wu)

  • Fix pg_rewind failures due to failure to remove some transient files in the target data directory (Michael Paquier)

  • Make pg_verify_checksums verify that the data directory it's pointed at is of the right PostgreSQL version (Michael Paquier)

  • Avoid crash in contrib/postgres_fdw when a query using remote grouping or aggregation has a SELECT-list item that is an uncorrelated sub-select, outer reference, or parameter symbol (Tom Lane)

  • Change contrib/postgres_fdw to report an error when a remote partition chosen to insert a routed row into is also an UPDATE subplan target that will be updated later in the same command (Amit Langote, Etsuro Fujita)

    Previously, such situations led to server crashes or incorrect results of the UPDATE. Allowing such cases to work correctly is a matter for future work.

  • In contrib/pg_prewarm, avoid indefinitely respawning background worker processes if prewarming fails for some reason (Mithun Cy)

  • Avoid crash in contrib/vacuumlo if an lo_unlink() call failed (Tom Lane)

  • Sync our copy of the timezone library with IANA tzcode release 2019a (Tom Lane)

    This corrects a small bug in zic that caused it to output an incorrect year-2440 transition in the Africa/Casablanca zone, and adds support for zic's new -r option.

  • Update time zone data files to tzdata release 2019a for DST law changes in Palestine and Metlakatla, plus historical corrections for Israel.

    Etc/UCT is now a backward-compatibility link to Etc/UTC, instead of being a separate zone that generates the abbreviation UCT, which nowadays is typically a typo. PostgreSQL will still accept UCT as an input zone abbreviation, but it won't output it.

• ⇑ Upgrade to 11.4 released on 2019-06-20 - docs

  • Fix buffer-overflow hazards in SCRAM verifier parsing (Jonathan Katz, Heikki Linnakangas, Michael Paquier)

    Any authenticated user could cause a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could suffice for executing arbitrary code as the PostgreSQL operating system account.

    A similar overflow hazard existed in libpq, which could allow a rogue server to crash a client or perhaps execute arbitrary code as the client's operating system account.

    The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. (CVE-2019-10164)

  • Fix assorted errors in run-time partition pruning logic (Tom Lane, Amit Langote, David Rowley)

    These mistakes could lead to wrong answers in queries on partitioned tables, if the comparison value used for pruning is dynamically determined, or if multiple range-partitioned columns are involved in pruning decisions, or if stable (not immutable) comparison operators are involved.

  • Fix possible crash while trying to copy trigger definitions to a new partition (Tom Lane)

  • Fix failure of ALTER TABLE ... ALTER COLUMN TYPE when the table has a partial exclusion constraint (Tom Lane)

  • Fix failure of COMMENT command for comments on domain constraints (Daniel Gustafsson, Michael Paquier)

  • Prevent possible memory clobber when there are duplicate columns in a hash aggregate's hash key list (Andrew Gierth)

  • Fix incorrect argument null-ness checking during partial aggregation of aggregates with zero or multiple arguments (David Rowley, Kyotaro Horiguchi, Andres Freund)

  • Fix faulty generation of merge-append plans (Tom Lane)

    This mistake could lead to “could not find pathkey item to sort” errors.

  • Fix incorrect printing of queries with duplicate join names (Philip Dubé)

    This oversight caused a dump/restore failure for views containing such queries.

  • Fix conversion of JSON string literals to JSON-type output columns in json_to_record() and json_populate_record() (Tom Lane)

    Such cases should produce the literal as a standalone JSON value, but the code misbehaved if the literal contained any characters requiring escaping.

  • Fix misoptimization of {1,1} quantifiers in regular expressions (Tom Lane)

    Such quantifiers were treated as no-ops and optimized away; but the documentation specifies that they impose greediness, or non-greediness in the case of the non-greedy variant {1,1}?, on the subexpression they're attached to, and this did not happen. The misbehavior occurred only if the subexpression contained capturing parentheses or a back-reference.

  • Avoid writing an invalid empty btree index page in the unlikely case that a failure occurs while processing INCLUDEd columns during a page split (Peter Geoghegan)

    The invalid page would not affect normal index operations, but it might cause failures in subsequent VACUUMs. If that has happened to one of your indexes, recover by reindexing the index.

  • Avoid possible failures while initializing a new process's pg_stat_activity data (Tom Lane)

    Certain operations that could fail, such as converting strings extracted from an SSL certificate into the database encoding, were being performed inside a critical section. Failure there would result in database-wide lockup due to violating the access protocol for shared pg_stat_activity data.

  • Fix race condition in check to see whether a pre-existing shared memory segment is still in use by a conflicting postmaster (Tom Lane)

  • Fix unsafe coding in walreceiver's signal handler (Tom Lane)

    This avoids rare problems in which the walreceiver process would crash or deadlock when commanded to shut down.

  • Avoid attempting to do database accesses for parameter checking in processes that are not connected to a specific database (Vignesh C, Andres Freund)

    This error could result in failures like “cannot read pg_class without having selected a database”.

  • Avoid possible hang in libpq if using SSL and OpenSSL's pending-data buffer contains an exact multiple of 256 bytes (David Binderman)

  • Improve initdb's handling of multiple equivalent names for the system time zone (Tom Lane, Andrew Gierth)

    Make initdb examine the /etc/localtime symbolic link, if that exists, to break ties between equivalent names for the system time zone. This makes initdb more likely to select the time zone name that the user would expect when multiple identical time zones exist. It will not change the behavior if /etc/localtime is not a symlink to a zone data file, nor if the time zone is determined from the TZ environment variable.

    Separately, prefer UTC over other spellings of that time zone, when neither TZ nor /etc/localtime provide a hint. This fixes an annoyance introduced by tzdata 2019a's change to make the UCT and UTC zone names equivalent: initdb was then preferring UCT, which almost nobody wants.

  • Fix ordering of GRANT commands emitted by pg_dump and pg_dumpall for databases and tablespaces (Nathan Bossart, Michael Paquier)

    If cascading grants had been issued, restore might fail due to the GRANT commands being given in an order that didn't respect their interdependencies.

  • Make pg_dump recreate table partitions using CREATE TABLE then ATTACH PARTITION, rather than including PARTITION OF in the creation command (Álvaro Herrera, David Rowley)

    This avoids problems with the partition's column order possibly being changed to match the parent's. Also, a partition is now restorable from the dump (as a standalone table) even if its parent table isn't restored; the ATTACH will fail, but that can just be ignored.

  • Fix misleading error reports from reindexdb (Julien Rouhaud)

  • Ensure that vacuumdb returns correct status if an error occurs while using parallel jobs (Julien Rouhaud)

  • Fix contrib/auto_explain to not cause problems in parallel queries (Tom Lane)

    Previously, a parallel worker might try to log its query even if the parent query were not being logged by auto_explain. This would work sometimes, but it's confusing, and in some cases it resulted in failures like “could not find key N in shm TOC”.

    Also, fix an off-by-one error that resulted in not necessarily logging every query even when the sampling rate is set to 1.0.

  • In contrib/postgres_fdw, account for possible data modifications by local BEFORE ROW UPDATE triggers (Shohei Mochizuki)

    If a trigger modified a column that was otherwise not changed by the UPDATE, the new value was not transmitted to the remote server.

  • On Windows, avoid failure when the database encoding is set to SQL_ASCII and we attempt to log a non-ASCII string (Noah Misch)

    The code had been assuming that such strings must be in UTF-8, and would throw an error if they didn't appear to be validly encoded. Now, just transmit the untranslated bytes to the log.

  • Make PL/pgSQL's header files C++-safe (George Tarasov)

• ⇑ Upgrade to 11.5 released on 2019-08-08 - docs

  • Require schema qualification to cast to a temporary type when using functional cast syntax (Noah Misch)

    We have long required invocations of temporary functions to explicitly specify the temporary schema, that is pg_temp.func_name(args). Require this as well for casting to temporary types using functional notation, for example pg_temp.type_name(arg). Otherwise it's possible to capture a function call using a temporary object, allowing privilege escalation in much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208)

  • Fix execution of hashed subplans that require cross-type comparison (Tom Lane, Andreas Seltenreich)

    Hashed subplans used the outer query's original comparison operator to compare entries of the hash table. This is the wrong thing if that operator is cross-type, since all the hash table entries will be of the subquery's output type. For the set of hashable cross-type operators in core PostgreSQL, this mistake seems nearly harmless on 64-bit machines, but it can result in crashes or perhaps unauthorized disclosure of server memory on 32-bit machines. Extensions might provide hashable cross-type operators that create larger risks. (CVE-2019-10209)

  • Fix failure of ALTER TABLE ... ALTER COLUMN TYPE when altering multiple columns' types in one command (Tom Lane)

    This fixes a regression introduced in the most recent minor releases: indexes using the altered columns were not processed correctly, leading to strange failures during ALTER TABLE.

  • Prevent dropping a partitioned table's trigger if there are pending trigger events in child partitions (Álvaro Herrera)

    This notably applies to foreign key constraints, since those are implemented by triggers.

  • Include user-specified trigger arguments when copying a trigger definition from a partitioned table to one of its partitions (Patrick McHardy)

  • Install dependencies to prevent dropping partition key columns (Tom Lane)

    ALTER TABLE ... DROP COLUMN will refuse to drop a column that is a partition key column. However, indirect drops (such as a cascade from dropping a key column's data type) had no such check, allowing the deletion of a key column. This resulted in a badly broken partitioned table that could neither be accessed nor dropped.

    This fix adds pg_depend entries that enforce that the whole partitioned table, not just the key column, will be dropped if a cascaded drop forces removal of the key column. However, such entries will only be created when a partitioned table is created; so this fix does not remove the risk for pre-existing partitioned tables. The issue can only arise for partition key columns of non-built-in data types, so it seems not to be a hazard for most users.

  • Ensure that column numbers are correctly mapped between a partitioned table and its default partition (Amit Langote)

    Some operations misbehaved if the mapping wasn't exactly one-to-one, for example if there were dropped columns in one table and not the other.

  • Ignore partitions that are foreign tables when creating indexes on partitioned tables (Álvaro Herrera)

    Previously an error was thrown on encountering a foreign-table partition, but that's unhelpful and doesn't protect against any actual problem.

  • Prune a partitioned table's default partition (that is, avoid uselessly scanning it) in more cases (Yuzuko Hosoya)

  • Fix possible failure to prune partitions when there are multiple partition key columns of boolean type (David Rowley)

  • Don't optimize away GROUP BY columns when the table involved is an inheritance parent (David Rowley)

    Normally, if a table's primary key column(s) are included in GROUP BY, it's safe to drop any other grouping columns, since the primary key columns are enough to make the groups unique. This rule does not work if the query is also reading inheritance child tables, though; the parent's uniqueness does not extend to the children.

  • Avoid incorrect use of parallel hash join for semi-join queries (Thomas Munro)

    This error resulted in duplicate result rows from some EXISTS queries.

  • Avoid using unnecessary sort steps for some queries with GROUPING SETS (Andrew Gierth, Richard Guo)

  • Fix possible failure of planner's index endpoint probes (Tom Lane)

    When using a recently-created index to determine the minimum or maximum value of a column, the planner could select a recently-dead tuple that does not actually contain the endpoint value. In the worst case the tuple might contain a null, resulting in a visible error “found unexpected null value in index”; more likely we would just end up using the wrong value, degrading the quality of planning estimates.

  • Fix failure to access trigger transition tables during EvalPlanQual rechecks (Alex Aktsipetrov)

    Triggers that rely on transition tables sometimes failed in the presence of concurrent updates.

  • Fix mishandling of multi-column foreign keys when rebuilding a foreign key constraint (Tom Lane)

    ALTER TABLE could make an incorrect decision about whether revalidation of a foreign key is necessary, if not all columns of the key are of the same type. It seems likely that the error would always have been in the conservative direction, that is revalidating unnecessarily.

  • Don't build extended statistics for inheritance trees (Tomas Vondra)

    This avoids a “tuple already updated by self” error during ANALYZE.

  • Avoid spurious deadlock errors when upgrading a tuple lock (Oleksii Kliukin)

    When two or more transactions are waiting for a transaction T1 to release a tuple-level lock, and T1 upgrades its lock to a higher level, a spurious deadlock among the waiting transactions could be reported when T1 finishes.

  • Fix failure to resolve deadlocks involving multiple parallel worker processes (Rui Hai Jiang)

    It is not clear whether this bug is reachable with non-artificial queries, but if it did happen, the queries involved in an otherwise-resolvable deadlock would block until canceled.

  • Prevent incorrect canonicalization of date ranges with infinity endpoints (Laurenz Albe)

    It's incorrect to try to convert an open range to a closed one or vice versa by incrementing or decrementing the endpoint value, if the endpoint is infinite; so leave the range alone in such cases.

  • Fix loss of fractional digits when converting very large money values to numeric (Tom Lane)

  • Fix printing of BTREE_META_CLEANUP WAL records (Michael Paquier)

  • Prevent assertion failures due to mishandling of version-2 btree metapages (Peter Geoghegan)

  • Fix spinlock assembly code for MIPS CPUs so that it works on MIPS r6 (YunQiang Su)

  • Ensure that a record or row value returned from a PL/pgSQL function is marked with the function's declared composite type (Tom Lane)

    This avoids problems if the result is stored directly into a table.

  • Make libpq ignore carriage return (\r) in connection service files (Tom Lane, Michael Paquier)

    In some corner cases, service files containing Windows-style newlines could be mis-parsed, resulting in connection failures.

  • In psql, avoid offering incorrect tab completion options after SET variable = (Tom Lane)

  • Fix a small memory leak in psql's \d command (Tom Lane)

  • Fix pg_dump to ensure that custom operator classes are dumped in the right order (Tom Lane)

    If a user-defined opclass is the subtype opclass of a user-defined range type, related objects were dumped in the wrong order, producing an unrestorable dump. (The underlying failure to handle opclass dependencies might manifest in other cases too, but this is the only known case.)

  • Fix possible lockup in pgbench when using -R option (Fabien Coelho)

  • Improve reliability of contrib/amcheck's index verification (Peter Geoghegan)

  • Fix handling of Perl undef values in contrib/jsonb_plperl (Ivan Panchenko)

  • Fix contrib/passwordcheck to coexist with other users of check_password_hook (Michael Paquier)

  • Fix contrib/sepgsql tests to work under recent SELinux releases (Mike Palmiotto)

  • Improve stability of src/test/kerberos and src/test/ldap regression tests (Thomas Munro, Tom Lane)

  • Improve stability of src/test/recovery regression tests (Michael Paquier)

  • Reduce stderr output from pg_upgrade's test script (Tom Lane)

  • Fix pgbench regression tests to work on Windows (Fabien Coelho)

  • Fix TAP tests to work with msys Perl, in cases where the build directory is on a non-root msys mount point (Noah Misch)

  • Support building Postgres with Microsoft Visual Studio 2019 (Haribabu Kommi)

  • In Visual Studio builds, honor WindowsSDKVersion environment variable, if that's set (Peifeng Qiu)

    This fixes build failures in some configurations.

  • Support OpenSSL 1.1.0 and newer in Visual Studio builds (Juan José Santamaría Flecha, Michael Paquier)

  • Allow make options to be passed down to gmake when non-GNU make is invoked at the top level (Thomas Munro)

  • Avoid choosing localtime or posixrules as TimeZone during initdb (Tom Lane)

    In some cases initdb would choose one of these artificial zone names over the “real” zone name. Prefer any other match to the C library's timezone behavior over these two.

  • Adjust pg_timezone_names view to show the Factory time zone if and only if it has a short abbreviation (Tom Lane)

    Historically, IANA set up this artificial zone with an “abbreviation” like Local time zone must be set--see zic manual page. Modern versions of the tzdb database show -00 instead, but some platforms alter the data to show one or another of the historical phrases. Show this zone only if it uses the modern abbreviation.

  • Sync our copy of the timezone library with IANA tzcode release 2019b (Tom Lane)

    This adds support for zic's new -b slim option to reduce the size of the installed zone files. We are not currently using that, but may enable it in future.

  • Update time zone data files to tzdata release 2019b for DST law changes in Brazil, plus historical corrections for Hong Kong, Italy, and Palestine.

• ⇑ Upgrade to 12 released on 2019-10-03 - docs

  • Remove the special behavior of oid columns (Andres Freund, John Naylor)

    Previously, a normally-invisible oid column could be specified during table creation using WITH OIDS; that ability has been removed. Columns can still be explicitly declared as type oid. Operations on tables that have columns created using WITH OIDS will need adjustment.

    The system catalogs that previously had hidden oid columns now have ordinary oid columns. Hence, SELECT * will now output those columns, whereas previously they would be displayed only if selected explicitly.

  • Remove data types abstime, reltime, and tinterval (Andres Freund)

    These are obsoleted by SQL-standard types such as timestamp.

  • Remove the timetravel extension (Andres Freund)

  • Move recovery.conf settings into postgresql.conf (Masao Fujii, Simon Riggs, Abhijit Menon-Sen, Sergei Kornilov)

    recovery.conf is no longer used, and the server will not start if that file exists. recovery.signal and standby.signal files are now used to switch into non-primary mode. The trigger_file setting has been renamed to promote_trigger_file. The standby_mode setting has been removed.

  • Do not allow multiple conflicting recovery_target* specifications (Peter Eisentraut)

    Specifically, only allow one of recovery_target, recovery_target_lsn, recovery_target_name, recovery_target_time, and recovery_target_xid. Previously, multiple different instances of these parameters could be specified, and the last one was honored. Now, only one can be specified, though the same one can be specified multiple times and the last specification is honored.

  • Cause recovery to advance to the latest timeline by default (Peter Eisentraut)

    Specifically, recovery_target_timeline now defaults to latest. Previously, it defaulted to current.

  • Refactor code for geometric functions and operators (Emre Hasegeli)

    This could lead to more accurate, but slightly different, results compared to previous releases. Notably, cases involving NaN, underflow, overflow, and division by zero are handled more consistently than before.

  • Improve performance by using a new algorithm for output of real and double precision values (Andrew Gierth)

    Previously, displayed floating-point values were rounded to 6 (for real) or 15 (for double precision) digits by default, adjusted by the value of extra_float_digits. Now, whenever extra_float_digits is more than zero (as it now is by default), only the minimum number of digits required to preserve the exact binary value are output. The behavior is the same as before when extra_float_digits is set to zero or less.

    Also, formatting of floating-point exponents is now uniform across platforms: two digits are used unless three are necessary. In previous releases, Windows builds always printed three digits.

  • random() and setseed() now behave uniformly across platforms (Tom Lane)

    The sequence of random() values generated following a setseed() call with a particular seed value is likely to be different now than before. However, it will also be repeatable, which was not previously guaranteed because of interference from other uses of random numbers inside the server. The SQL random() function now has its own private per-session state to forestall that.

  • Change SQL-style substring() to have standard-compliant greediness behavior (Tom Lane)

    In cases where the pattern can be matched in more than one way, the initial sub-pattern is now treated as matching the least possible amount of text rather than the greatest; for example, a pattern such as %#"aa*#"% now selects the first group of a's from the input, not the last group.

  • Do not pretty-print the result of xpath() or the XMLTABLE construct (Tom Lane)

    In some cases, these functions would insert extra whitespace (newlines and/or spaces) in nodeset values. This is undesirable since depending on usage, the whitespace might be considered semantically significant.

  • Rename command-line tool pg_verify_checksums to pg_checksums (Michaël Paquier)

  • In pg_restore, require specification of -f - to send the dump contents to standard output (Euler Taveira)

    Previously, this happened by default if no destination was specified, but that was deemed to be unfriendly.

  • Disallow non-unique abbreviations in psql's \pset format command (Daniel Vérité)

    Previously, for example, \pset format a chose aligned; it will now fail since that could equally well mean asciidoc.

  • In new btree indexes, the maximum index entry length is reduced by eight bytes, to improve handling of duplicate entries (Peter Geoghegan)

    This means that a REINDEX operation on an index pg_upgrade'd from a previous release could potentially fail.

  • Cause DROP IF EXISTS FUNCTION/PROCEDURE/AGGREGATE/ROUTINE to generate an error if no argument list is supplied and there are multiple matching objects (David Rowley)

    Also improve the error message in such cases.

  • Split the pg_statistic_ext catalog into two catalogs, and add the pg_stats_ext view of it (Dean Rasheed, Tomas Vondra)

    This change supports hiding potentially-sensitive statistics data from unprivileged users.

  • Remove obsolete pg_constraint.consrc column (Peter Eisentraut)

  • Remove obsolete pg_attrdef.adsrc column (Peter Eisentraut)

  • Mark table columns of type name as having “C” collation by default (Tom Lane, Daniel Vérité)

    The comparison operators for data type name can now use any collation, rather than always using “C” collation. To preserve the previous semantics of queries, columns of type name are now explicitly marked as having “C” collation. A side effect of this is that regular-expression operators on name columns will now use the “C” collation by default, not the database collation, to determine the behavior of locale-dependent regular expression patterns (such as \w). If you want non-C behavior for a regular expression on a name column, attach an explicit COLLATE clause. (For user-defined name columns, another possibility is to specify a different collation at table creation time; but that just moves the non-backwards-compatibility to the comparison operators.)

  • Treat object-name columns in the information_schema views as being of type name, not varchar (Tom Lane)

    Per the SQL standard, object-name columns in the information_schema views are declared as being of domain type sql_identifier. In PostgreSQL, the underlying catalog columns are really of type name. This change makes sql_identifier be a domain over name, rather than varchar as before. This eliminates a semantic mismatch in comparison and sorting behavior, which can greatly improve the performance of queries on information_schema views that restrict an object-name column. Note however that inequality restrictions, for example

    SELECT ... FROM information_schema.tables WHERE table_name < 'foo';
    

    will now use “C”-locale comparison semantics by default, rather than the database's default collation as before. Sorting on these columns will also follow “C” ordering rules. The previous behavior (and inefficiency) can be enforced by adding a COLLATE "default" clause.

  • Remove the ability to disable dynamic shared memory (Kyotaro Horiguchi)

    Specifically, dynamic_shared_memory_type can no longer be set to none.

  • Parse libpq integer connection parameters more strictly (Fabien Coelho)

    In previous releases, using an incorrect integer value for connection parameters connect_timeout, keepalives, keepalives_count, keepalives_idle, keepalives_interval and port resulted in libpq either ignoring those values or failing with incorrect error messages.

  • Improve performance of many operations on partitioned tables (Amit Langote, David Rowley, Tom Lane, Álvaro Herrera)

    Allow tables with thousands of child partitions to be processed efficiently by operations that only affect a small number of partitions.

  • Allow foreign keys to reference partitioned tables (Álvaro Herrera)

  • Improve speed of COPY into partitioned tables (David Rowley)

  • Allow partition bounds to be any expression (Kyotaro Horiguchi, Tom Lane, Amit Langote)

    Such expressions are evaluated at partitioned-table creation time. Previously, only simple constants were allowed as partition bounds.

  • Allow CREATE TABLE's tablespace specification for a partitioned table to affect the tablespace of its children (David Rowley, Álvaro Herrera)

  • Avoid sorting when partitions are already being scanned in the necessary order (David Rowley)

  • ALTER TABLE ATTACH PARTITION is now performed with reduced locking requirements (Robert Haas)

  • Add partition introspection functions (Michaël Paquier, Álvaro Herrera, Amit Langote)

    The new function pg_partition_root() returns the top-most parent of a partition tree, pg_partition_ancestors() reports all ancestors of a partition, and pg_partition_tree() displays information about partitions.

  • Include partitioned indexes in the system view pg_indexes (Suraj Kharage)

  • Add psql command \dP to list partitioned tables and indexes (Pavel Stehule)

  • Improve psql \d and \z display of partitioned tables (Pavel Stehule, Michaël Paquier, Álvaro Herrera)

  • Fix bugs that could cause ALTER TABLE DETACH PARTITION to leave behind incorrect dependency state, allowing subsequent operations to misbehave, for example by not dropping a former partition child index when its table is dropped (Tom Lane)

  • Improve performance and space utilization of btree indexes with many duplicates (Peter Geoghegan, Heikki Linnakangas)

    Previously, duplicate index entries were stored unordered within their duplicate groups. This caused overhead during index inserts, wasted space due to excessive page splits, and it reduced VACUUM's ability to recycle entire pages. Duplicate index entries are now sorted in heap-storage order.

    Indexes pg_upgrade'd from previous releases will not have these benefits.

  • Allow multi-column btree indexes to be smaller (Peter Geoghegan, Heikki Linnakangas)

    Internal pages and min/max leaf page indicators now only store index keys until the change key, rather than all indexed keys. This also improves the locality of index access.

    Indexes pg_upgrade'd from previous releases will not have these benefits.

  • Improve speed of btree index insertions by reducing locking overhead (Alexander Korotkov)

  • Support INCLUDE columns in GiST indexes (Andrey Borodin)

  • Add support for nearest-neighbor (KNN) searches of SP-GiST indexes (Nikita Glukhov, Alexander Korotkov, Vlad Sterzhanov)

  • Reduce the WAL write overhead of GiST, GIN, and SP-GiST index creation (Anastasia Lubennikova, Andrey V. Lepikhov)

  • Allow index-only scans to be more efficient on indexes with many columns (Konstantin Knizhnik)

  • Improve the performance of vacuum scans of GiST indexes (Andrey Borodin, Konstantin Kuznetsov, Heikki Linnakangas)

  • Delete empty leaf pages during GiST VACUUM (Andrey Borodin)

  • Reduce locking requirements for index renaming (Peter Eisentraut)

  • Allow CREATE STATISTICS to create most-common-value statistics for multiple columns (Tomas Vondra)

    This improves optimization for queries that test several columns, requiring an estimate of the combined effect of several WHERE clauses. If the columns are correlated and have non-uniform distributions then multi-column statistics will allow much better estimates.

  • Allow common table expressions (CTEs) to be inlined into the outer query (Andreas Karlsson, Andrew Gierth, David Fetter, Tom Lane)

    Specifically, CTEs are automatically inlined if they have no side-effects, are not recursive, and are referenced only once in the query. Inlining can be prevented by specifying MATERIALIZED, or forced for multiply-referenced CTEs by specifying NOT MATERIALIZED. Previously, CTEs were never inlined and were always evaluated before the rest of the query.

  • Allow control over when generic plans are used for prepared statements (Pavel Stehule)

    This is controlled by the plan_cache_mode server parameter.

  • Improve optimization of partition and UNION ALL queries that have only a single child (David Rowley)

  • Improve processing of domains that have no check constraints (Tom Lane)

    Domains that are being used purely as type aliases no longer cause optimization difficulties.

  • Pre-evaluate calls of LEAST and GREATEST when their arguments are constants (Vik Fearing)

  • Improve optimizer's ability to verify that partial indexes with IS NOT NULL conditions are usable in queries (Tom Lane, James Coleman)

    Usability can now be recognized in more cases where the calling query involves casts or large x IN (array) clauses.

  • Compute ANALYZE statistics using the collation defined for each column (Tom Lane)

    Previously, the database's default collation was used for all statistics. This potentially gives better optimizer behavior for columns with non-default collations.

  • Improve selectivity estimates for inequality comparisons on ctid columns (Edmund Horner)

  • Improve optimization of joins on columns of type tid (Tom Lane)

    These changes primarily improve the efficiency of self-joins on ctid columns.

  • Fix the leakproofness designations of some btree comparison operators and support functions (Tom Lane)

    This allows some optimizations that previously would not have been applied in the presence of security barrier views or row-level security.

  • Enable Just-in-Time (JIT) compilation by default, if the server has been built with support for it (Andres Freund)

    Note that this support is not built by default, but has to be selected explicitly while configuring the build.

  • Speed up keyword lookup (John Naylor, Joerg Sonnenberger, Tom Lane)

  • Improve search performance for multi-byte characters in position() and related functions (Heikki Linnakangas)

  • Allow toasted values to be minimally decompressed (Paul Ramsey)

    This is useful for routines that only need to examine the initial portion of a toasted field.

  • Allow ALTER TABLE ... SET NOT NULL to avoid unnecessary table scans (Sergei Kornilov)

    This can be optimized when the table's column constraints can be recognized as disallowing nulls.

  • Allow ALTER TABLE ... SET DATA TYPE changing between timestamp and timestamptz to avoid a table rewrite when the session time zone is UTC (Noah Misch)

    In the UTC time zone, these two data types are binary compatible.

  • Improve speed in converting strings to int2 or int4 integers (Andres Freund)

  • Allow parallelized queries when in SERIALIZABLE isolation mode (Thomas Munro)

    Previously, parallelism was disabled when in this mode.

  • Use pread() and pwrite() for random I/O (Oskari Saarenmaa, Thomas Munro)

    This reduces the number of system calls required for I/O.

  • Improve the speed of setting the process title on FreeBSD (Thomas Munro)

  • Allow logging of statements from only a percentage of transactions (Adrien Nayrat)

    The parameter log_transaction_sample_rate controls this.

  • Add progress reporting to CREATE INDEX and REINDEX operations (Álvaro Herrera, Peter Eisentraut)

    Progress is reported in the pg_stat_progress_create_index system view.

  • Add progress reporting to CLUSTER and VACUUM FULL (Tatsuro Yamada)

    Progress is reported in the pg_stat_progress_cluster system view.

  • Add progress reporting to pg_checksums (Michael Banck, Bernd Helmle)

    This is enabled with the option --progress.

  • Add counter of checksum failures to pg_stat_database (Magnus Hagander)

  • Add tracking of global objects in system view pg_stat_database (Julien Rouhaud)

    Global objects are shown with a pg_stat_database.datid value of zero.

  • Add the ability to list the contents of the archive directory (Christoph Moench-Tegeder)

    The function is pg_ls_archive_statusdir().

  • Add the ability to list the contents of temporary directories (Nathan Bossart)

    The function, pg_ls_tmpdir(), optionally allows specification of a tablespace.

  • Add information about the client certificate to the system view pg_stat_ssl (Peter Eisentraut)

    The new columns are client_serial and issuer_dn. Column clientdn has been renamed to client_dn for clarity.

  • Restrict visibility of rows in pg_stat_ssl for unprivileged users (Peter Eisentraut)

  • At server start, emit a log message including the server version number (Christoph Berg)

  • Prevent logging “incomplete startup packet” if a new connection is immediately closed (Tom Lane)

    This avoids log spam from certain forms of monitoring.

  • Include the application_name, if set, in log_connections log messages (Don Seiler)

  • Make the walreceiver set its application name to the cluster name, if set (Peter Eisentraut)

  • Add the timestamp of the last received standby message to pg_stat_replication (Lim Myungkyu)

  • Add a wait event for fsync of WAL segments (Konstantin Knizhnik)

  • Add GSSAPI encryption support (Robbie Harwood, Stephen Frost)

    This feature allows TCP/IP connections to be encrypted when using GSSAPI authentication, without having to set up a separate encryption facility such as SSL. In support of this, add hostgssenc and hostnogssenc record types in pg_hba.conf for selecting connections that do or do not use GSSAPI encryption, corresponding to the existing hostssl and hostnossl record types. There is also a new gssencmode libpq option, and a pg_stat_gssapi system view.

  • Allow the clientcert pg_hba.conf option to check that the database user name matches the client certificate's common name (Julian Markwort, Marius Timmer)

    This new check is enabled with clientcert=verify-full.

  • Allow discovery of an LDAP server using DNS SRV records (Thomas Munro)

    This avoids the requirement of specifying ldapserver. It is only supported if PostgreSQL is compiled with OpenLDAP.

  • Add ability to enable/disable cluster checksums using pg_checksums (Michael Banck, Michaël Paquier)

    The cluster must be shut down for these operations.

  • Reduce the default value of autovacuum_vacuum_cost_delay to 2ms (Tom Lane)

    This allows autovacuum operations to proceed faster by default.

  • Allow vacuum_cost_delay to specify sub-millisecond delays, by accepting fractional values (Tom Lane)

  • Allow time-based server parameters to use units of microseconds (us) (Tom Lane)

  • Allow fractional input for integer server parameters (Tom Lane)

    For example, SET work_mem = '30.1GB' is now allowed, even though work_mem is an integer parameter. The value will be rounded to an integer after any required units conversion.

  • Allow units to be defined for floating-point server parameters (Tom Lane)

  • Add wal_recycle and wal_init_zero server parameters to control WAL file recycling (Jerry Jelinek)

    Avoiding file recycling can be beneficial on copy-on-write file systems like ZFS.

  • Add server parameter tcp_user_timeout to control the server's TCP timeout (Ryohei Nagaura)

  • Allow control of the minimum and maximum SSL protocol versions (Peter Eisentraut)

    The server parameters are ssl_min_protocol_version and ssl_max_protocol_version.

  • Add server parameter ssl_library to report the SSL library version used by the server (Peter Eisentraut)

  • Add server parameter shared_memory_type to control the type of shared memory to use (Andres Freund)

    This allows selection of System V shared memory, if desired.

  • Allow some recovery parameters to be changed with reload (Peter Eisentraut)

    These parameters are archive_cleanup_command, promote_trigger_file, recovery_end_command, and recovery_min_apply_delay.

  • Allow the streaming replication timeout (wal_sender_timeout) to be set per connection (Takayuki Tsunakawa)

    Previously, this could only be set cluster-wide.

  • Add function pg_promote() to promote standbys to primaries (Laurenz Albe, Michaël Paquier)

    Previously, this operation was only possible by using pg_ctl or creating a trigger file.

  • Allow replication slots to be copied (Masahiko Sawada)

    The functions for this are pg_copy_physical_replication_slot() and pg_copy_logical_replication_slot().

  • Make max_wal_senders not count as part of max_connections (Alexander Kukushkin)

  • Add an explicit value of current for recovery_target_timeline (Peter Eisentraut)

  • Make recovery fail if a two-phase transaction status file is corrupt (Michaël Paquier)

    Previously, a warning was logged and recovery continued, allowing the transaction to be lost.

  • Add REINDEX CONCURRENTLY option to allow reindexing without locking out writes (Michaël Paquier, Andreas Karlsson, Peter Eisentraut)

    This is also controlled by the reindexdb application's --concurrently option.

  • Add support for generated columns (Peter Eisentraut)

    The content of generated columns are computed from expressions (including references to other columns in the same table) rather than being specified by INSERT or UPDATE commands.

  • Add a WHERE clause to COPY FROM to control which rows are accepted (Surafel Temesgen)

    This provides a simple way to filter incoming data.

  • Allow enumerated values to be added more flexibly (Andrew Dunstan, Tom Lane, Thomas Munro)

    Previously, ALTER TYPE ... ADD VALUE could not be called in a transaction block, unless it was part of the same transaction that created the enumerated type. Now it can be called in a later transaction, so long as the new enumerated value is not referenced until after it is committed.

  • Add commands to end a transaction and start a new one (Peter Eisentraut)

    The commands are COMMIT AND CHAIN and ROLLBACK AND CHAIN.

  • Add VACUUM and CREATE TABLE options to prevent VACUUM from truncating trailing empty pages (Takayuki Tsunakawa)

    These options are vacuum_truncate and toast.vacuum_truncate. Use of these options reduces VACUUM's locking requirements, but prevents returning disk space to the operating system.

  • Allow VACUUM to skip index cleanup (Masahiko Sawada)

    This change adds a VACUUM command option INDEX_CLEANUP as well as a table storage option vacuum_index_cleanup. Use of this option reduces the ability to reclaim space and can lead to index bloat, but it is helpful when the main goal is to freeze old tuples.

  • Add the ability to skip VACUUM and ANALYZE operations on tables that cannot be locked immediately (Nathan Bossart)

    This option is called SKIP_LOCKED.

  • Allow VACUUM and ANALYZE to take optional Boolean argument specifications (Masahiko Sawada)

  • Prevent TRUNCATE, VACUUM and ANALYZE from requesting a lock on tables for which the user lacks permission (Michaël Paquier)

    This prevents unauthorized locking, which could interfere with user queries.

  • Add EXPLAIN option SETTINGS to output non-default optimizer settings (Tomas Vondra)

    This output can also be obtained when using auto_explain by setting auto_explain.log_settings.

  • Add OR REPLACE option to CREATE AGGREGATE (Andrew Gierth)

  • Allow modifications of system catalogs' options using ALTER TABLE (Peter Eisentraut)

    Modifications of catalogs' reloptions and autovacuum settings are now supported. (Setting allow_system_table_mods is still required.)

  • Use all key columns' names when selecting default constraint names for foreign keys (Peter Eisentraut)

    Previously, only the first column name was included in the constraint name, resulting in ambiguity for multi-column foreign keys.

  • Update assorted knowledge about Unicode to match Unicode 12.1.0 (Peter Eisentraut)

    This fixes, for example, cases where psql would misformat output involving combining characters.

  • Update Snowball stemmer dictionaries with support for new languages (Arthur Zakirov)

    This adds word stemming support for Arabic, Indonesian, Irish, Lithuanian, Nepali, and Tamil to full text search.

  • Allow creation of collations that report string equality for strings that are not bit-wise equal (Peter Eisentraut)

    This feature supports “nondeterministic” collations that can define case- and accent-agnostic equality comparisons. Thus, for example, a case-insensitive uniqueness constraint on a text column can be made more easily than before. This is only supported for ICU collations.

  • Add support for ICU collation attributes on older ICU versions (Peter Eisentraut)

    This allows customization of the collation rules in a consistent way across all ICU versions.

  • Allow data type name to more seamlessly be compared to other text types (Tom Lane)

    Type name now behaves much like a domain over type text that has default collation “C”. This allows cross-type comparisons to be processed more efficiently.

  • Add support for the SQL/JSON path language (Nikita Glukhov, Teodor Sigaev, Alexander Korotkov, Oleg Bartunov, Liudmila Mantrova)

    This allows execution of complex queries on JSON values using an SQL-standard language.

  • Add support for hyperbolic functions (Lætitia Avrot)

    Also add log10() as an alias for log(), for standards compliance.

  • Improve the accuracy of statistical aggregates like variance() by using more precise algorithms (Dean Rasheed)

  • Allow date_trunc() to have an additional argument to control the time zone (Vik Fearing, Tom Lane)

    This is faster and simpler than using the AT TIME ZONE clause.

  • Adjust to_timestamp()/to_date() functions to be more forgiving of template mismatches (Artur Zakirov, Alexander Korotkov, Liudmila Mantrova)

    This new behavior more closely matches the Oracle functions of the same name.

  • Fix assorted bugs in XML functions (Pavel Stehule, Markus Winand, Chapman Flack)

    Specifically, in XMLTABLE, xpath(), and xmlexists(), fix some cases where nothing was output for a node, or an unexpected error was thrown, or necessary escaping of XML special characters was omitted.

  • Allow the BY VALUE clause in XMLEXISTS and XMLTABLE (Chapman Flack)

    This SQL-standard clause has no effect in PostgreSQL's implementation, but it was unnecessarily being rejected.

  • Prevent current_schema() and current_schemas() from being run by parallel workers, as they are not parallel-safe (Michaël Paquier)

  • Allow RECORD and RECORD[] to be used as column types in a query's column definition list for a table function that is declared to return RECORD (Elvis Pranskevichus)

  • Allow SQL commands and variables with the same names as those commands to be used in the same PL/pgSQL function (Tom Lane)

    For example, allow a variable called comment to exist in a function that calls the COMMENT SQL command. Previously this combination caused a parse error.

  • Add new optional warning and error checks to PL/pgSQL (Pavel Stehule)

    The new checks allow for run-time validation of INTO column counts and single-row results.

  • Add connection parameter tcp_user_timeout to control libpq's TCP timeout (Ryohei Nagaura)

  • Allow libpq (and thus psql) to report only the SQLSTATE value in error messages (Didier Gautheron)

  • Add libpq function PQresultMemorySize() to report the memory used by a query result (Lars Kanis, Tom Lane)

  • Remove the no-display/debug flag from libpq's options connection parameter (Peter Eisentraut)

    This allows this parameter to be set by postgres_fdw.

  • Allow ecpg to create variables of data type bytea (Ryo Matsumura)

    This allows ECPG clients to interact with bytea data directly, rather than using an encoded form.

  • Add PREPARE AS support to ECPG (Ryo Matsumura)

  • Allow vacuumdb to select tables for vacuum based on their wraparound horizon (Nathan Bossart)

    The options are --min-xid-age and --min-mxid-age.

  • Allow vacuumdb to disable waiting for locks or skipping all-visible pages (Nathan Bossart)

    The options are --skip-locked and --disable-page-skipping.

  • Add colorization to the output of command-line utilities (Peter Eisentraut)

    This is enabled by setting the environment variable PG_COLOR to always or auto. The specific colors used can be adjusted by setting the environment variable PG_COLORS, using ANSI escape codes for colors. For example, the default behavior is equivalent to PG_COLORS="error=01;31:warning=01;35:locus=01".

  • Add CSV table output mode in psql (Daniel Vérité)

    This is controlled by \pset format csv or the command-line --csv option.

  • Show the manual page URL in psql's \help output for a SQL command (Peter Eisentraut)

  • Display the IP address in psql's \conninfo (Fabien Coelho)

  • Improve tab completion of CREATE TABLE, CREATE TRIGGER, CREATE EVENT TRIGGER, ANALYZE, EXPLAIN, VACUUM, ALTER TABLE, ALTER INDEX, ALTER DATABASE, and ALTER INDEX ALTER COLUMN (Dagfinn Ilmari Mannsåker, Tatsuro Yamada, Michaël Paquier, Tom Lane, Justin Pryzby)

  • Allow values produced by queries to be assigned to pgbench variables (Fabien Coelho, Álvaro Herrera)

    The command for this is \gset.

  • Improve precision of pgbench's --rate option (Tom Lane)

  • Improve pgbench's error reporting with clearer messages and return codes (Peter Eisentraut)

  • Allow control of log file rotation via pg_ctl (Kyotaro Horiguchi, Alexander Kuzmenkov, Alexander Korotkov)

    Previously, this was only possible via an SQL function or a process signal.

  • Properly detach the new server process during pg_ctl start (Paul Guo)

    This prevents the server from being shut down if the shell script that invoked pg_ctl is interrupted later.

  • Allow pg_upgrade to use the file system's cloning feature, if there is one (Peter Eisentraut)

    The --clone option has the advantages of --link, while preventing the old cluster from being changed after the new cluster has started.

  • Allow specification of the socket directory to use in pg_upgrade (Daniel Gustafsson)

    This is controlled by --socketdir; the default is the current directory.

  • Allow pg_checksums to disable fsync operations (Michaël Paquier)

    This is controlled by the --no-sync option.

  • Allow pg_rewind to disable fsync operations (Michaël Paquier)

  • Fix pg_test_fsync to report accurate open_datasync durations on Windows (Laurenz Albe)

  • When pg_dump emits data with INSERT commands rather than COPY, allow more than one data row to be included in each INSERT (Surafel Temesgen, David Rowley)

    The option controlling this is --rows-per-insert.

  • Allow pg_dump to emit INSERT ... ON CONFLICT DO NOTHING (Surafel Temesgen)

    This avoids conflict failures during restore. The option is --on-conflict-do-nothing.

  • Decouple the order of operations in a parallel pg_dump from the order used by a subsequent parallel pg_restore (Tom Lane)

    This allows pg_restore to perform more-fully-parallelized parallel restores, especially in cases where the original dump was not done in parallel. Scheduling of a parallel pg_dump is also somewhat improved.

  • Allow the extra_float_digits setting to be specified for pg_dump and pg_dumpall (Andrew Dunstan)

    This is primarily useful for making dumps that are exactly comparable across different source server versions. It is not recommended for normal use, as it may result in loss of precision when the dump is restored.

  • Add --exclude-database option to pg_dumpall (Andrew Dunstan)

  • Add CREATE ACCESS METHOD command to create new table types (Andres Freund, Haribabu Kommi, Álvaro Herrera, Alexander Korotkov, Dmitry Dolgov)

    This enables the development of new table access methods, which can optimize storage for different use cases. The existing heap access method remains the default.

  • Add planner support function interfaces to improve optimizer estimates, inlining, and indexing for functions (Tom Lane)

    This allows extensions to create planner support functions that can provide function-specific selectivity, cost, and row-count estimates that can depend on the function's arguments. Support functions can also supply simplified representations and index conditions, greatly expanding optimization possibilities.

  • Simplify renumbering manually-assigned OIDs, and establish a new project policy for management of such OIDs (John Naylor, Tom Lane)

    Patches that manually assign OIDs for new built-in objects (such as new functions) should now randomly choose OIDs in the range 8000—9999. At the end of a development cycle, the OIDs used by committed patches will be renumbered down to lower numbers, currently somewhere in the 4xxx range, using the new renumber_oids.pl script. This approach should greatly reduce the odds of OID collisions between different in-process patches.

    While there is no specific policy reserving any OIDs for external use, it is recommended that forks and other projects needing private manually-assigned OIDs use numbers in the high 7xxx range. This will avoid conflicts with recently-merged patches, and it should be a long time before the core project reaches that range.

  • Build Cygwin binaries using dynamic instead of static libraries (Marco Atzeri)

  • Remove configure switch --disable-strong-random (Michaël Paquier)

    A strong random-number source is now required.

  • printf-family functions, as well as strerror and strerror_r, now behave uniformly across platforms within Postgres code (Tom Lane)

    Notably, printf understands %m everywhere; on Windows, strerror copes with Winsock error codes (it used to do so in backend but not frontend code); and strerror_r always follows the GNU return convention.

  • Require a C99-compliant compiler, and MSVC 2013 or later on Windows (Andres Freund)

  • Use pandoc, not lynx, for generating plain-text documentation output files (Peter Eisentraut)

    This affects only the INSTALL file generated during make dist and the seldom-used plain-text postgres.txt output file. Pandoc produces better output than lynx and avoids some locale/encoding issues. Pandoc version 1.13 or later is required.

  • Support use of images in the PostgreSQL documentation (Jürgen Purtz)

  • Allow ORDER BY sorts and LIMIT clauses to be pushed to postgres_fdw foreign servers in more cases (Etsuro Fujita)

  • Improve optimizer cost accounting for postgres_fdw queries (Etsuro Fujita)

  • Properly honor WITH CHECK OPTION on views that reference postgres_fdw tables (Etsuro Fujita)

    While CHECK OPTIONs on postgres_fdw tables are ignored (because the reference is foreign), views on such tables are considered local, so this change enforces CHECK OPTIONs on them. Previously, only INSERTs and UPDATEs with RETURNING clauses that returned CHECK OPTION values were validated.

  • Allow pg_stat_statements_reset() to be more granular (Haribabu Kommi, Amit Kapila)

    The function now allows reset of statistics for specific databases, users, and queries.

  • Allow control of the auto_explain log level (Tom Dunstan, Andrew Dunstan)

    The default is LOG.

  • Update unaccent rules with new punctuation and symbols (Hugh Ranalli, Michaël Paquier)

  • Allow unaccent to handle some accents encoded as combining characters (Hugh Ranalli)

  • Allow unaccent to remove accents from Greek characters (Tasos Maschalidis)

  • Add a parameter to amcheck's bt_index_parent_check() function to check each index tuple from the root of the tree (Peter Geoghegan)

  • Improve oid2name and vacuumlo option handling to match other commands (Tatsuro Yamada)

• ⇑ Upgrade to 12.1 released on 2019-11-14 - docs

  • Fix crash when ALTER TABLE adds a column without a default value along with making other changes that require a table rewrite (Andres Freund)

  • Fix lock handling in REINDEX CONCURRENTLY (Michael Paquier)

    REINDEX CONCURRENTLY neglected to take a session-level lock on the new index version, potentially allowing other sessions to manipulate it too soon. Also, a query-cancel or session-termination interrupt arriving at the wrong time could result in failure to release the session-level locks that REINDEX CONCURRENTLY does hold.

  • Avoid crash due to race condition when reporting the progress of a CREATE INDEX CONCURRENTLY or REINDEX CONCURRENTLY command (Álvaro Herrera)

  • Avoid creating duplicate dependency entries during REINDEX CONCURRENTLY (Michael Paquier)

    This bug resulted in bloat in pg_depend, but no worse consequences than that.

  • Prevent VACUUM from trying to freeze an old multixact ID involving a still-running transaction (Nathan Bossart, Jeremy Schneider)

    This case would lead to VACUUM failing until the old transaction terminates.

  • Fix “wrong type of slot” error when trying to CLUSTER on an expression index (Andres Freund)

  • SET CONSTRAINTS ... DEFERRED failed on partitioned tables, incorrectly complaining about lack of triggers (Álvaro Herrera)

  • Fix failure when creating indexes for a partition, if the parent partitioned table contains any dropped columns (Michael Paquier)

  • Fix dropping of indexed columns in partitioned tables (Amit Langote, Michael Paquier)

    Previously this might fail with an error message complaining about the dependencies of the indexes. It should automatically drop the indexes, instead.

  • Ensure that a partition index can be dropped after a failure to reindex it concurrently (Michael Paquier)

    The index's pg_class.relispartition flag was left in the wrong state in such a case, causing DROP INDEX to fail.

  • Fix handling of equivalence class members for partition-wise joins (Amit Langote)

    This oversight could lead either to failure to use a feasible partition-wise join plan, or to a “could not find pathkey item to sort” planner failure.

  • Ensure that offset expressions in WINDOW clauses are processed when a query's expressions are manipulated (Andrew Gierth)

    This oversight could result in assorted failures when the offsets are nontrivial expressions. One example is that a function parameter reference in such an expression would fail if the function was inlined.

  • Avoid postmaster failure if a parallel query requests a background worker when no postmaster child process array slots remain free (Tom Lane)

  • Fix crash triggered by an EvalPlanQual recheck on a table with a BEFORE UPDATE trigger (Andres Freund)

  • Fix “unexpected relkind” error when a query tries to access a TOAST table (John Hsu, Michael Paquier, Tom Lane)

    The error should say that permission is denied, but this case got broken during code refactoring.

  • Provide a relevant error context line when an error occurs while setting GUC parameters during parallel worker startup (Thomas Munro)

  • Ensure that fsync() is applied only to files that are opened read/write (Andres Freund, Michael Paquier)

    Some code paths tried to do this after opening a file read-only, but on some platforms that causes “bad file descriptor” or similar errors.

  • Allow encoding conversion to succeed on longer strings than before (Álvaro Herrera, Tom Lane)

    Previously, there was a hard limit of 0.25GB on the input string, but now it will work as long as the converted output is not over 1GB.

  • Avoid creating unnecessarily-bulky tuple stores for window functions (Andrew Gierth)

    In some cases the tuple storage would include all columns of the source table(s), not just the ones that are needed by the query.

  • Allow repalloc() to give back space when a large chunk is reduced in size (Tom Lane)

  • Ensure that temporary WAL and history files are removed at the end of archive recovery (Sawada Masahiko)

  • Avoid failure in archive recovery if recovery_min_apply_delay is enabled (Fujii Masao)

    recovery_min_apply_delay is not typically used in this configuration, but it should work.

  • Ignore restore_command, recovery_end_command, and recovery_min_apply_delay settings during crash recovery (Fujii Masao)

    Now that these settings can be specified in postgresql.conf, they could be turned on during crash recovery, but honoring them then is undesirable. Ignore these settings until crash recovery is complete.

  • Fix logical replication failure when publisher and subscriber have different ideas about a table's replica identity columns (Jehan-Guillaume de Rorthais, Peter Eisentraut)

    Declaring a column as part of the replica identity on the subscriber, when it does not exist at all on the publisher, led to “negative bitmapset member not allowed” errors.

  • Avoid unwanted delay during shutdown of a logical replication walsender (Craig Ringer, Álvaro Herrera)

  • Fix timeout handling in logical replication walreceiver processes (Julien Rouhaud)

    Erroneous logic prevented wal_receiver_timeout from working in logical replication deployments.

  • Correctly time-stamp replication messages for logical decoding (Jeff Janes)

    This oversight resulted, for example, in pg_stat_subscription.last_msg_send_time usually reading as NULL.

  • Fix race condition during backend exit, when the backend process has previously waited for synchronous replication to occur (Dongming Liu)

  • Avoid logging complaints about abandoned connections when using PAM authentication (Tom Lane)

    libpq-based clients will typically make two connection attempts when a password is required, since they don't prompt their user for a password until their first connection attempt fails. Therefore the server is coded not to generate useless log spam when a client closes the connection upon being asked for a password. However, the PAM authentication code hadn't gotten that memo, and would generate several messages about a phantom authentication failure.

  • Fix misbehavior of bitshiftright() (Tom Lane)

    The bitstring right shift operator failed to zero out padding space that exists in the last byte of the result when the bitstring length is not a multiple of 8. While invisible to most operations, any nonzero bits there would result in unexpected comparison behavior, since bitstring comparisons don't bother to ignore the extra bits, expecting them to always be zero.

    If you have inconsistent data as a result of saving the output of bitshiftright() in a table, it's possible to fix it with something like

    UPDATE mytab SET bitcol = ~(~bitcol) WHERE bitcol != ~(~bitcol);
    

  • Fix result of text position() function (also known as strpos()) for an empty search string (Tom Lane)

    Historically, and per the SQL standard, the result should be one in such cases, but 12.0 returned zero.

  • Fix detection of edge-case integer overflow in interval multiplication (Yuya Watari)

  • Avoid crashes if ispell text search dictionaries contain wrong affix data (Arthur Zakirov)

  • Avoid memory leak while vacuuming a GiST index (Dilip Kumar)

  • On Windows, recognize additional spellings of the “Norwegian (Bokmål)” locale name (Tom Lane)

  • Fix libpq to allow trailing whitespace in the string values of integer parameters (Michael Paquier)

    Version 12 tightened libpq's validation of integer parameters, but disallowing trailing whitespace seems undesirable.

  • In libpq, correctly report CONNECTION_BAD connection status after a failure caused by a syntactically invalid connect_timeout parameter value (Lars Kanis)

  • Avoid compile failure if an ECPG client includes ecpglib.h while having ENABLE_NLS defined (Tom Lane)

    This risk was created by a misplaced declaration: ecpg_gettext() should not be visible to client code.

  • Fix scheduling of parallel restore of a foreign key constraint on a partitioned table (Álvaro Herrera)

    pg_dump failed to emit full dependency information for partitioned tables' foreign keys. This could allow parallel pg_restore to try to recreate a foreign key constraint too soon.

  • In pg_dump, ensure stable output order for similarly-named triggers and row-level-security policy objects (Benjie Gillam)

    Previously, if two triggers on different tables had the same names, they would be sorted in OID-based order, which is less desirable than sorting them by table name. Likewise for RLS policies.

  • In pg_upgrade, reject tables with columns of type sql_identifier, as that has changed representation in version 12 (Tomas Vondra)

  • Improve pg_upgrade's checks for the use of a data type that has changed representation, such as line (Tomas Vondra)

    The previous coding could be fooled by cases where the data type of interest underlies a stored column of a domain or composite type.

  • In pg_rewind with the --dry-run option, avoid updating pg_control (Alexey Kondratov)

    This could lead to failures in subsequent pg_rewind attempts.

  • Fix failure in pg_waldump with the -s option, when a continuation WAL record ends exactly at a page boundary (Andrey Lepikhov)

  • In pg_waldump with the --bkp-details option, avoid emitting extra newlines for WAL records involving full-page writes (Andres Freund)

  • Fix small memory leak in pg_waldump (Andres Freund)

  • Put back pqsignal() as an exported libpq symbol (Tom Lane)

    This function was removed on the grounds that no clients should be using it, but that turns out to break usage of current libpq with very old versions of psql, and perhaps other applications.

  • Fix configure's test for presence of libperl so that it works on recent Red Hat releases (Tom Lane)

    Previously, it could fail if the user sets CFLAGS to -O0.

  • Ensure correct code generation for spinlocks on PowerPC (Noah Misch)

    The previous spinlock coding allowed the compiler to select register zero for use with an assembly instruction that does not accept that register, causing a build failure. We have seen only one long-ago report that matches this bug, but it could cause problems for people trying to build modified PostgreSQL code or use atypical compiler options.

  • On AIX, don't use the compiler option -qsrcmsg (Noah Misch)

    This avoids an internal compiler error with xlc v16.1.0, with little consequence other than changing the format of compiler error messages.

  • Fix MSVC build process to cope with spaces in the file path of OpenSSL (Andrew Dunstan)

• ⇑ Upgrade to 12.2 released on 2020-02-13 - docs

  • Add missing permissions checks for ALTER ... DEPENDS ON EXTENSION (Álvaro Herrera)

    Marking an object as dependent on an extension did not have any privilege check whatsoever. This oversight allowed any user to mark routines, triggers, materialized views, or indexes as droppable by anyone able to drop an extension. Require that the calling user own the specified object (and hence have privilege to drop it). (CVE-2020-1720)

  • Fix TRUNCATE ... CASCADE to ensure all relevant partitions are truncated (Jehan-Guillaume de Rorthais)

    If a partition of a partitioned table is truncated with the CASCADE option, and the partitioned table has a foreign-key reference from another table, that table must also be truncated. The need to check this was missed if the referencing table was itself partitioned, possibly allowing rows to survive that violate the foreign-key constraint.

    Hence, if you have foreign key constraints between partitioned tables, and you have done any partition-level TRUNCATE on the referenced table, you should check to see if any foreign key violations exist. The simplest way is to add a new instance of the foreign key constraint (and, once that succeeds, drop it or the original constraint). That may be prohibitive from a locking standpoint, however, in which case you might prefer to manually query for unmatched rows.

  • Fix failure to attach foreign key constraints to sub-partitions (Jehan-Guillaume de Rorthais)

    When adding a partition to a level below the first level of a multi-level partitioned table, foreign key constraints referencing the top partitioned table were not cloned to the new partition, leading to possible constraint violations later. Detaching and re-attaching the new partition is the cheapest way to fix this. However, if there are many partitions to be fixed, adding a new instance of the foreign key constraint might be preferable.

  • Fix possible crash during concurrent update on a partitioned table or inheritance tree (Tom Lane)

  • Ensure that row triggers on partitioned tables are correctly cloned to sub-partitions when appropriate (Álvaro Herrera)

    User-defined triggers (but not triggers for foreign key or deferred unique constraints) might be missed when creating or attaching a partition.

  • Fix logical replication subscriber code to execute per-column UPDATE triggers when appropriate (Peter Eisentraut)

  • Avoid failure in logical decoding when a large transaction must be spilled into many separate temporary files (Amit Khandekar)

  • Fix possible crash or data corruption when a logical replication subscriber processes a row update (Tom Lane, Tomas Vondra)

    This bug caused visible problems only if the subscriber's table contained columns that were not being copied from the publisher and had pass-by-reference data types.

  • Fix crash in logical replication subscriber after DDL changes on a subscribed relation (Jehan-Guillaume de Rorthais, Vignesh C)

  • Fix failure in logical replication publisher after a database crash and restart (Vignesh C)

  • Ensure that the effect of pg_replication_slot_advance() on a physical replication slot will persist across restarts (Alexey Kondratov, Michael Paquier)

  • Improve efficiency of logical replication with REPLICA IDENTITY FULL (Konstantin Knizhnik)

    When searching for an existing tuple during an update or delete operation, return the first matching tuple not the last one.

  • Fix base backup to handle database OIDs larger than INT32_MAX (Peter Eisentraut)

  • Ensure parallel plans are always shut down at the correct time (Kyotaro Horiguchi)

    This oversight is known to result in “temporary file leak” warnings from multi-batch parallel hash joins.

  • Prevent premature shutdown of a Gather or GatherMerge plan node that is underneath a Limit node (Amit Kapila)

    This avoids failure if such a plan node needs to be scanned more than once, as for instance if it is on the inside of a nestloop.

  • Improve efficiency of parallel hash join on CPUs with many cores (Gang Deng, Thomas Munro)

  • Avoid crash in parallel CREATE INDEX when there are no free dynamic shared memory slots (Thomas Munro)

    Fall back to a non-parallel index build, instead.

  • Avoid memory leak when there are no free dynamic shared memory slots (Thomas Munro)

  • Ignore the CONCURRENTLY option when performing an index creation, drop, or rebuild on a temporary table (Michael Paquier, Heikki Linnakangas, Andres Freund)

    This avoids strange failures if the temporary table has an ON COMMIT action. There is no benefit in using CONCURRENTLY for a temporary table anyway, since other sessions cannot access the table, making the extra processing pointless.

  • Fix possible failure when resetting expression indexes on temporary tables that are marked ON COMMIT DELETE ROWS (Tom Lane)

  • Fix possible crash in BRIN index operations with box, range and inet data types (Heikki Linnakangas)

  • Fix crash during recursive page split in GiST index build (Heikki Linnakangas)

  • Fix handling of deleted pages in GIN indexes (Alexander Korotkov)

    Avoid possible deadlocks, incorrect updates of a deleted page's state, and failure to traverse through a recently-deleted page.

  • Fix possible crash with a SubPlan (sub-SELECT) within a multi-row VALUES list (Tom Lane)

  • Fix failure in ALTER TABLE when a column referenced in a GENERATED expression has been added or changed in type earlier in the same ALTER command (Tom Lane)

  • Fix failure to insert default values for “missing” attributes during tuple conversion (Vik Fearing, Andrew Gierth)

    This could result in values incorrectly reading as NULL, when they come from columns that had been added by ALTER TABLE ADD COLUMN with a constant default.

  • Fix unlikely panic in the checkpointer process, caused by opening relation segments that might already have been removed (Thomas Munro)

  • Fix crash after FileClose() failure (Noah Misch)

    This issue could only be observed with data_sync_retry enabled, since otherwise FileClose() failure would be reported as a PANIC.

  • Fix handling of multiple AFTER ROW triggers on a foreign table (Etsuro Fujita)

  • Fix unlikely crash with pass-by-reference aggregate transition states (Andres Freund, Teodor Sigaev)

  • Improve error reporting in to_date() and to_timestamp() (Tom Lane, Álvaro Herrera)

    Reports about incorrect month or day names in input strings could truncate the input in the middle of a multi-byte character, leading to an improperly encoded error message that could cause follow-on failures. Truncate at the next whitespace instead.

  • Fix off-by-one result for EXTRACT(ISOYEAR FROM timestamp) for BC dates (Tom Lane)

  • Ensure that the <> operator for type char reports indeterminate-collation errors as such, rather than as “cache lookup failed for collation 0” (Tom Lane)

  • Avoid treating TID scans as sequential scans (Tatsuhito Kasahara)

    A refactoring oversight caused TID scans (selection by CTID) to be counted as sequential scans in the statistics views, and to take whole-table predicate locks as sequential scans do. The latter behavior could cause unnecessary serialization errors in serializable transaction mode.

  • Avoid stack overflow in information_schema views when a self-referential view exists in the system catalogs (Tom Lane)

    A self-referential view can't work; it will always result in infinite recursion. We handled that situation correctly when trying to execute the view, but not when inquiring whether it is automatically updatable.

  • Ensure that walsender processes always show NULL for transaction start time in pg_stat_activity (Álvaro Herrera)

    Previously, the xact_start column would sometimes show the process start time.

  • Improve performance of hash joins with very large inner relations (Thomas Munro)

  • Reduce spinlock contention when there are many active walsender processes (Pierre Ducroquet)

  • Fix placement of “Subplans Removed” field in EXPLAIN output (Daniel Gustafsson, Tom Lane)

    In non-text output formats, this field was emitted inside the “Plans” sub-group, resulting in syntactically invalid output. Attach it to the parent Append or MergeAppend plan node as intended. This causes the field to change position in text output format too: if there are any InitPlans attached to the same plan node, “Subplans Removed” will now appear before those.

  • Fix EXPLAIN's SETTINGS option to print as empty in non-text output formats (Tom Lane)

    In the non-text output formats, fields are supposed to appear when requested, even if they have empty or zero values.

  • Allow the planner to apply potentially-leaky tests to child-table statistics, if the user can read the corresponding column of the table that's actually named in the query (Dilip Kumar, Amit Langote)

    This change fixes a performance problem for partitioned tables that was created by the fix for CVE-2017-7484. That security fix disallowed applying leaky operators to statistics for columns that the current user doesn't have permission to read directly. However, it's somewhat common to grant permissions only on the parent partitioned table and not bother to do so on individual partitions. In such cases, the user can read the column via the parent, so there's no point in this security restriction; it only results in poorer planner estimates than necessary.

  • Fix planner errors induced by overly-aggressive collapsing of joins to single-row subqueries (Tom Lane)

    This mistake led to errors such as “failed to construct the join relation”.

  • Fix “no = operator for opfamily NNNN” planner error when trying to match a LIKE or regex pattern-match operator to a binary-compatible index opclass (Tom Lane)

  • Fix edge-case crashes and misestimations in selectivity calculations for the <@ and @> range operators (Michael Paquier, Andrey Borodin, Tom Lane)

  • Fix incorrect estimation for OR clauses when using most-common-value extended statistics (Tomas Vondra)

  • Ignore system columns when applying most-common-value extended statistics (Tomas Vondra)

    This prevents “negative bitmapset member not allowed” planner errors for affected queries.

  • Fix BRIN index logic to support hypothetical BRIN indexes (Julien Rouhaud, Heikki Linnakangas)

    Previously, if an “index adviser” extension tried to get the planner to produce a plan involving a hypothetical BRIN index, that would fail, because the BRIN cost estimation code would always try to physically access the index's metapage. Now it checks to see if the index is only hypothetical, and uses default assumptions about the index parameters if so.

  • Improve error reporting for attempts to use automatic updating of views with conditional INSTEAD rules (Dean Rasheed)

    This has never been supported, but previously the error was thrown only at execution time, so that it could be masked by planner errors.

  • Prevent a composite type from being included in itself indirectly via a range type (Tom Lane, Julien Rouhaud)

  • Disallow partition key expressions that return pseudo-types, such as record (Tom Lane)

  • Fix error reporting for index expressions of prohibited types (Amit Langote)

  • Fix dumping of views that contain only a VALUES list to handle cases where a view output column has been renamed (Tom Lane)

  • Ensure that data types and collations used in XMLTABLE constructs are accounted for when computing dependencies of a view or rule (Tom Lane)

    Previously it was possible to break a view using XMLTABLE by dropping a type, if the type was not otherwise referenced in the view. This fix does not correct the dependencies already recorded for existing views, only for newly-created ones.

  • Prevent unwanted downcasing and truncation of RADIUS authentication parameters (Marcos David)

    The pg_hba.conf parser mistakenly treated these fields as SQL identifiers, which in general they aren't.

  • Transmit incoming NOTIFY messages to the client before sending ReadyForQuery, rather than after (Tom Lane)

    This change ensures that, with libpq and other client libraries that act similarly to it, any notifications received during a transaction will be available by the time the client thinks the transaction is complete. This probably makes no difference in practical applications (which would need to cope with asynchronous notifications in any case); but it makes it easier to build test cases with reproducible behavior.

  • Fix bugs in handling of non-blocking I/O when using GSSAPI encryption (Tom Lane)

    These errors could result in dropping data (usually leading to subsequent wire-protocol-violation errors) or in a “livelock” situation where a sending process goes to sleep although not all its data has been sent. Moreover, libpq failed to keep separate encryption state for each connection, creating the possibility for failures in applications using multiple encrypted database connections.

  • Allow libpq to parse all GSS-related connection parameters even when the GSSAPI code hasn't been compiled in (Tom Lane)

    This makes the behavior similar to our SSL support, where it was long ago deemed to be a good idea to always accept all the related parameters, even if some are ignored or restricted due to lack of the feature in a particular build.

  • Fix incorrect handling of %b and %B format codes in ecpg's PGTYPEStimestamp_fmt_asc() function (Tomas Vondra)

    Due to an off-by-one error, these codes would print the wrong month name, or possibly crash.

  • Avoid crash after an out-of-memory failure in ecpglib (Tom Lane)

  • Fix parallel pg_dump/pg_restore to more gracefully handle failure to create worker processes (Tom Lane)

  • Prevent possible crash or lockup when attempting to terminate a parallel pg_dump/pg_restore run via a signal (Tom Lane)

  • In pg_upgrade, look inside arrays and ranges while searching for non-upgradable data types in tables (Tom Lane)

  • Apply more thorough syntax checking to createuser's --connection-limit option (Álvaro Herrera)

  • Cope with changes of the specific type referenced by a PL/pgSQL composite-type variable in more cases (Ashutosh Sharma, Tom Lane)

    Dropping and re-creating the composite type referenced by a PL/pgSQL variable could lead to “could not open relation with OID NNNN” errors.

  • Avoid crash in postgres_fdw when trying to send a command like UPDATE remote_tab SET (x,y) = (SELECT ...) to the remote server (Tom Lane)

  • In contrib/dict_int, reject maxlen settings less than one (Tomas Vondra)

    This prevents a possible crash with silly settings for that parameter.

  • Disallow NULL category values in contrib/tablefunc's crosstab() function (Joe Conway)

    This case never worked usefully, and it would crash on some platforms.

  • Fix configure's probe for OpenSSL's SSL_clear_options() function so that it works with OpenSSL versions before 1.1.0 (Michael Paquier, Daniel Gustafsson)

    This problem could lead to failure to set the SSL compression option as desired, when PostgreSQL is built against an old version of OpenSSL.

  • Mark some timeout and statistics-tracking GUC variables as PGDLLIMPORT, to allow extensions to access them on Windows (Pascal Legrand)

    This applies to idle_in_transaction_session_timeout, lock_timeout, statement_timeout, track_activities, track_counts, and track_functions.

  • Avoid memory leak in sanity checks for “slab” memory contexts (Tomas Vondra)

    This isn't an issue for production builds, since they wouldn't ordinarily have memory context checking enabled; but the leak could be quite severe in a debug build.

  • Fix multiple statistics entries reported by the LWLock statistics mechanism (Fujii Masao)

    The LWLock statistics code (which is not built by default; it requires compiling with -DLWLOCK_STATS) could report multiple entries for the same LWLock and backend process, as a result of faulty hashtable key creation.

  • Fix race condition that led to delayed delivery of interprocess signals on Windows (Amit Kapila)

    This caused visible timing oddities in NOTIFY, and perhaps other misbehavior.

  • Fix handling of a corner-case error result from Windows' ReadFile() function (Thomas Munro, Juan José Santamaría Flecha)

    So far as is known, this oversight just resulted in noisy log messages, not any actual query misbehavior.

  • On Windows, retry a few times after an ERROR_ACCESS_DENIED file access failure (Alexander Lakhin, Tom Lane)

    This helps cope with cases where a file open attempt fails because the targeted file is flagged for deletion but not yet actually gone. pg_ctl, for example, frequently failed with such an error when probing to see if the postmaster had shut down yet.

  • On Windows, work around sharing violations for the postmaster's log file when pg_ctl is used to start the postmaster very shortly after it's been stopped, for example by pg_ctl restart (Alexander Lakhin)

• ⇑ Upgrade to 12.3 released on 2020-05-14 - docs

  • Fix possible failure with GENERATED columns (David Rowley)

    If a GENERATED column's value is an exact copy of another column of the table (and it is a pass-by-reference data type), it was possible to crash or insert corrupted data into the table. While it would be rather pointless for a GENERATED expression to just duplicate another column, an expression using a function that sometimes returns its input unchanged could create the situation.

  • Handle inheritance of generated columns better (Peter Eisentraut)

    When a table column is inherited during CREATE TABLE ... INHERITS, disallow changing any generation properties when the parent column is already marked GENERATED; but allow a child column to be marked GENERATED when its parent is not.

  • Fix cross-column references in CREATE TABLE LIKE INCLUDING GENERATED (Peter Eisentraut)

    CREATE TABLE ... LIKE failed when trying to copy a GENERATED expression that references a physically-later column.

  • Propagate ALTER TABLE ... SET STORAGE to indexes (Peter Eisentraut)

    Non-expression index columns have always copied the attstorage property of their table column at creation. Update them when ALTER TABLE ... SET STORAGE is done, to maintain consistency.

  • Preserve the indisclustered setting of indexes rewritten by ALTER TABLE (Amit Langote, Justin Pryzby)

    Previously, ALTER TABLE lost track of which index had been used for CLUSTER.

  • Preserve the replica identity properties of indexes rewritten by ALTER TABLE (Quan Zongliang, Peter Eisentraut)

  • Preserve the indisclustered setting of indexes rebuilt by REINDEX CONCURRENTLY (Justin Pryzby)

  • Lock objects sooner during DROP OWNED BY (Álvaro Herrera)

    This avoids failures in race-condition cases where another session is deleting some of the same objects.

  • Fix error-case processing for CREATE ROLE ... IN ROLE (Andrew Gierth)

    Some error cases would be reported as “unexpected node type” or the like, instead of the intended message.

  • Ensure that when a partition is detached, any triggers cloned from its formerly-parent table are removed (Justin Pryzby)

  • Fix crash when COLLATE is applied to a non-collatable type in a partition bound expression (Dmitry Dolgov)

  • Ensure that unique indexes over partitioned tables match the equality semantics of the partitioning key (Guancheng Luo)

    This would only be an issue with index opclasses that have unusual notions of equality, but it's wrong in theory, so check.

  • Ensure that members of the pg_read_all_stats role can read all statistics views, as expected (Magnus Hagander)

    The functions underlying the pg_stat_progress_* views had not gotten this memo.

  • Repair performance regression in information_schema.triggers view (Tom Lane)

    This patch redefines that view so that an outer WHERE clause constraining the table name can be pushed down into the view, allowing its calculations to be done only for triggers belonging to the table of interest rather than all triggers in the database. In a database with many triggers this would make a significant speed difference for queries of that form. Since things worked that way before v11, this is a potential performance regression. Users who find this to be a problem can fix it by replacing the view definition (or, perhaps, just deleting and reinstalling the whole information_schema schema).

  • Repair performance regression in floating point overflow/underflow detection (Emre Hasegeli)

    Previous refactoring had resulted in isinf() being called extra times in some hot code paths.

  • Fix full text search to handle NOT above a phrase search correctly (Tom Lane)

    Queries such as !(foo<->bar) failed to find matching rows when implemented as a GiST or GIN index search.

  • Fix full text search for cases where a phrase search includes an item with both prefix matching and a weight restriction (Tom Lane)

  • Fix ts_headline() to make better headline selections when working with phrase queries (Tom Lane)

  • Fix bugs in gin_fuzzy_search_limit processing (Adé Heyward, Tom Lane)

    A small value of gin_fuzzy_search_limit could result in unexpected slowness due to unintentionally rescanning the same index page many times. Another code path failed to apply the intended filtering at all, possibly returning too many values.

  • Allow input of type circle to accept the format “(x,y),r” as the documentation says it does (David Zhang)

  • Make the get_bit() and set_bit() functions cope with bytea strings longer than 256MB (Movead Li)

    Since the bit number argument is only int4, it's impossible to use these functions to access bits beyond the first 256MB of a long bytea. We'll widen the argument to int8 in v13, but in the meantime, allow these functions to work on the initial substring of a long bytea.

  • Ignore file-not-found errors in pg_ls_waldir() and allied functions (Tom Lane)

    This prevents a race condition failure if a file is removed between when we see its directory entry and when we attempt to stat() it.

  • Avoid possibly leaking an open-file descriptor for a directory in pg_ls_dir(), pg_timezone_names(), pg_tablespace_databases(), and allied functions (Justin Pryzby)

  • Fix polymorphic-function type resolution to correctly infer the actual type of an anyarray output when given only an anyrange input (Tom Lane)

  • Fix server's connection-startup logic for case where a GSSAPI connection is rejected because support is not compiled in, and the client then tries SSL instead (Andrew Gierth)

    This led to a bogus “unsupported frontend protocol” failure.

  • Fix memory leakage during GSSAPI encryption (Tom Lane)

    Both the backend and libpq would leak memory equivalent to the total amount of data sent during the session, if GSSAPI encryption is in use.

  • Fix query-lifespan memory leak for a set-returning function used in a query's FROM clause (Andres Freund)

  • Avoid leakage of a hashed subplan's hash tables across multiple executions (Andreas Karlsson, Tom Lane)

    This mistake could result in severe memory bloat if a query re-executed a hashed subplan enough times.

  • Improve planner's handling of no-op domain coercions (Tom Lane)

    Fix some cases where a domain coercion that does nothing was not completely removed from expressions.

  • Avoid unlikely crash when REINDEX is terminated by a session-shutdown signal (Tom Lane)

  • Prevent printout of possibly-incorrect hash join table statistics in EXPLAIN (Konstantin Knizhnik, Tom Lane, Thomas Munro)

  • Fix reporting of elapsed time for heap truncation steps in VACUUM VERBOSE (Tatsuhito Kasahara)

  • Fix possible undercounting of deleted B-tree index pages in VACUUM VERBOSE output (Peter Geoghegan)

  • Fix wrong bookkeeping for oldest deleted page in a B-tree index (Peter Geoghegan)

    This could cause subtly wrong decisions about when VACUUM can skip an index cleanup scan; although it appears there may be no significant user-visible effects from that.

  • Ensure that TimelineHistoryRead and TimelineHistoryWrite wait states are reported in all code paths that read or write timeline history files (Masahiro Ikeda)

  • Avoid possibly showing “waiting” twice in a process's PS status (Masahiko Sawada)

  • Avoid race condition when ANALYZE replaces the catalog tuple for extended statistics data (Dean Rasheed)

  • Remove ill-considered skip of “redundant” anti-wraparound vacuums (Michael Paquier)

    This avoids a corner case where autovacuum could get into a loop of repeatedly trying and then skipping the same vacuum job.

  • Ensure INCLUDE'd columns are always removed from B-tree pivot tuples (Peter Geoghegan)

    This mistake wasted space in some rare cases, but was otherwise harmless.

  • Cope with invalid TOAST indexes that could be left over after a failed REINDEX CONCURRENTLY (Julien Rouhaud)

  • Ensure that valid index dependencies are left behind after a failed REINDEX CONCURRENTLY (Michael Paquier)

    Previously the old index could be left with no pg_depend links at all, so that for example it would not get dropped if the parent table is dropped.

  • Avoid failure if autovacuum tries to access a just-dropped temporary schema (Tom Lane)

    This hazard only arises if a superuser manually drops a temporary schema; which isn't normal practice, but should work.

  • Avoid premature recycling of WAL segments during crash recovery (Jehan-Guillaume de Rorthais)

    WAL segments that become ready to be archived during crash recovery were potentially recycled without being archived.

  • Avoid scanning irrelevant timelines during archive recovery (Kyotaro Horiguchi)

    This can eliminate many attempts to fetch non-existent WAL files from archive storage, which is helpful if archive access is slow.

  • Remove bogus “subtransaction logged without previous top-level txn record” error check in logical decoding (Arseny Sher, Amit Kapila)

    This condition is legitimately reachable in various scenarios, so remove the check.

  • Avoid possible failure after a replication slot copy, due to premature removal of WAL data (Masahiko Sawada, Arseny Sher)

  • Ensure that a replication slot's io_in_progress_lock is released in failure code paths (Pavan Deolasee)

    This could result in a walsender later becoming stuck waiting for the lock.

  • Ensure that generated columns are correctly handled during updates issued by logical replication (Peter Eisentraut)

  • Fix race conditions in synchronous standby management (Tom Lane)

    During a change in the synchronous_standby_names setting, there was a window in which wrong decisions could be made about whether it is OK to release transactions that are waiting for synchronous commit. Another hazard for similarly wrong decisions existed if a walsender process exited and was immediately replaced by another.

  • Add missing SQLSTATE values to a few error reports (Sawada Masahiko)

  • Fix PL/pgSQL to reliably refuse to execute an event trigger function as a plain function (Tom Lane)

  • Fix memory leak in libpq when using sslmode=verify-full (Roman Peshkurov)

    Certificate verification during connection startup could leak some memory. This would become an issue if a client process opened many database connections during its lifetime.

  • Fix ecpg to treat an argument of just “-” as meaning “read from stdin” on all platforms (Tom Lane)

  • Fix crash in psql when attempting to re-establish a failed connection (Michael Paquier)

  • Allow tab-completion of the filename argument to psql's \gx command (Vik Fearing)

  • Add pg_dump support for ALTER ... DEPENDS ON EXTENSION (Álvaro Herrera)

    pg_dump previously ignored dependencies added this way, causing them to be forgotten during dump/restore or pg_upgrade.

  • Fix pg_dump to dump comments on RLS policy objects (Tom Lane)

  • In pg_dump, postpone restore of event triggers till the end (Fabrízio de Royes Mello, Hamid Akhtar, Tom Lane)

    This minimizes the risk that an event trigger could interfere with the restoration of other objects.

  • Ensure that pg_basebackup generates valid tar files (Robert Haas)

    In some cases a partial block of zeroes would be added to the end of the file. While this seems to be harmless with common versions of tar, it's not OK per the POSIX file format spec.

  • Make pg_checksums skip tablespace subdirectories that belong to a different PostgreSQL major version (Michael Banck, Bernd Helmle)

    Such subdirectories don't really belong to our database cluster, and so must not be processed.

  • Ignore temporary copies of pg_internal.init in pg_checksums and related programs (Michael Paquier)

  • Fix quoting of --encoding, --lc-ctype and --lc-collate values in createdb utility (Michael Paquier)

  • contrib/lo's lo_manage() function crashed if called directly rather than as a trigger (Tom Lane)

  • In contrib/ltree, protect against overflow of ltree and lquery length fields (Nikita Glukhov)

  • Work around failure in contrib/pageinspect's bt_metap() function when an oldest_xact value exceeds 2^31-1 (Peter Geoghegan)

    Such XIDs will now be reported as negative integers, which isn't great but it beats throwing an error. v13 will widen the output argument to int8 to provide saner reporting.

  • Fix cache reference leak in contrib/sepgsql (Michael Luo)

  • On Windows, avoid premature creation of postmaster's log file during pg_ctl start (Alexander Lakhin)

    The previous coding could allow the file to be created with permissions that wouldn't allow the postmaster to write on it.

  • Avoid failures when dealing with Unix-style locale names on Windows (Juan José Santamaría Flecha)

  • On Windows, set console VT100 compatibility mode in programs that support PG_COLOR colorization (Juan José Santamaría Flecha)

    Without this, the colorization option doesn't actually work.

  • Stop requiring extra parentheses in ereport() calls (Andres Freund, Tom Lane)

  • Use pkg-config, if available, to locate libxml2 during configure (Hugh McMaster, Tom Lane, Peter Eisentraut)

    If pkg-config is not present or lacks knowledge of libxml2, we still query xml2-config as before.

    This change could break build processes that try to make PostgreSQL use a non-default version of libxml2 by putting that version's xml2-config into the PATH. Instead, set XML2_CONFIG to point to the non-default xml2-config. That method will work with either older or newer PostgreSQL releases.

  • Fix Makefile dependencies for libpq and ecpg (Dagfinn Ilmari Mannsåker)

  • In MSVC builds, cope with spaces in the path name for Python (Victor Wagner)

  • In MSVC builds, fix detection of Visual Studio version to work with more language settings (Andrew Dunstan)

  • In MSVC builds, use -Wno-deprecated with bison versions newer than 3.0, as non-Windows builds already do (Andrew Dunstan)

  • Update time zone data files to tzdata release 2020a for DST law changes in Morocco and the Canadian Yukon, plus historical corrections for Shanghai.

    The America/Godthab zone has been renamed to America/Nuuk to reflect current English usage; however, the old name remains available as a compatibility link.

    Also, update initdb's list of known Windows time zone names to include recent additions, improving the odds that it will correctly translate the system time zone setting on that platform.

• ⇑ Upgrade to 12.4 released on 2020-08-13 - docs

  • Set a secure search_path in logical replication walsenders and apply workers (Noah Misch)

    A malicious user of either the publisher or subscriber database could potentially cause execution of arbitrary SQL code by the role running replication, which is often a superuser. Some of the risks here are equivalent to those described in CVE-2018-1058, and are mitigated in this patch by ensuring that the replication sender and receiver execute with empty search_path settings. (As with CVE-2018-1058, that change might cause problems for under-qualified names used in replicated tables' DDL.) Other risks are inherent in replicating objects that belong to untrusted roles; the most we can do is document that there is a hazard to consider. (CVE-2020-14349)

  • Make contrib modules' installation scripts more secure (Tom Lane)

    Attacks similar to those described in CVE-2018-1058 could be carried out against an extension installation script, if the attacker can create objects in either the extension's target schema or the schema of some prerequisite extension. Since extensions often require superuser privilege to install, this can open a path to obtaining superuser privilege. To mitigate this risk, be more careful about the search_path used to run an installation script; disable check_function_bodies within the script; and fix catalog-adjustment queries used in some contrib modules to ensure they are secure. Also provide documentation to help third-party extension authors make their installation scripts secure. This is not a complete solution; extensions that depend on other extensions can still be at risk if installed carelessly. (CVE-2020-14350)

  • Fix edge cases in partition pruning (Etsuro Fujita, Dmitry Dolgov)

    When there are multiple partition key columns, generation of pruning tests could misbehave if some columns had no constraining WHERE clauses or multiple constraining clauses. This could lead to server crashes, incorrect query results, or assertion failures.

  • Fix construction of parameterized BitmapAnd and BitmapOr index scans on the inside of partition-wise nestloop joins (Tom Lane)

    A plan in which such a scan needed to use a value from the outside of the join would usually crash at execution.

  • Fix incorrect plan execution when a partitioned table is subject to both static and run-time partition pruning in the same query, and a new partition is added concurrently with the query (Amit Langote, Tom Lane)

  • In logical replication walsender, fix failure to send feedback messages after sending a keepalive message (Álvaro Herrera)

    This is a relatively minor problem when using built-in logical replication, because the built-in walreceiver will send a feedback reply (which clears the incorrect state) fairly frequently anyway. But with some other replication systems, such as pglogical, it causes significant performance issues.

  • Fix firing of column-specific UPDATE triggers in logical replication subscribers (Tom Lane)

    The code neglected to account for the possibility of column numbers being different between the publisher and subscriber tables, so that if those were indeed different, wrong decisions might be made about which triggers to fire.

  • Update oldest xmin and LSN values during pg_replication_slot_advance() (Michael Paquier)

    This function previously failed to do that, possibly preventing resource cleanup (such as removal of no-longer-needed WAL segments) after manual advancement of a replication slot.

  • Fix slow execution of ts_headline() (Tom Lane)

    The phrase-search fix added in our previous set of minor releases could cause ts_headline() to take unreasonable amounts of time for long documents; to make matters worse, the query was not cancellable within the troublesome loop.

  • Ensure the repeat() function can be interrupted by query cancel (Joe Conway)

  • Fix pg_current_logfile() to not include a carriage return (\r) in its result on Windows (Tom Lane)

  • Ensure that pg_read_file() and related functions read until EOF is reached (Joe Conway)

    Previously, if not given a specific data length to read, these functions would stop at whatever file length was reported by stat(). That's unhelpful for pipes and other sorts of virtual files.

  • Forbid numeric NaN values in jsonpath computations (Alexander Korotkov)

    Neither SQL nor JSON have the concept of NaN (not-a-number), but the jsonpath code attempted to allow such values anyway. This necessarily leads to nonstandard behavior, so it seems better to reject such values at the outset.

  • Handle single Inf or NaN inputs correctly in floating-point aggregates (Tom Lane)

    The affected aggregates are corr(), covar_pop(), regr_intercept(), regr_r2(), regr_slope(), regr_sxx(), regr_sxy(), regr_syy(), stddev_pop(), and var_pop(). The correct answer in such cases is NaN, but an algorithmic change introduced in PostgreSQL v12 had caused these aggregates to produce zero instead.

  • Fix mis-handling of NaN inputs during parallel aggregation on numeric-type columns (Tom Lane)

    If some partial aggregation workers found only NaNs while others found only non-NaNs, the results were combined incorrectly, possibly leading to the wrong overall result (i.e., not NaN when it should be).

  • Reject time-of-day values greater than 24 hours (Tom Lane)

    The intention of the datetime input code is to allow “24:00:00” or equivalently “23:59:60”, but no larger value. However, the range check was miscoded so that it would accept “23:59:60.nnn” with nonzero fractional-second nnn. In timestamp values this would result in wrapping into the first second of the next day. In time and timetz values, the stored value would actually be more than 24 hours, causing dump/reload failures and possibly other misbehavior.

  • Undo double-quoting of index names in EXPLAIN's non-text output formats (Tom Lane, Euler Taveira)

  • Fix EXPLAIN's accounting for resource usage, particularly buffer accesses, in parallel workers in a plan using Gather Merge nodes (Jehan-Guillaume de Rorthais)

  • Fix timing of constraint revalidation in ALTER TABLE (David Rowley)

    If ALTER TABLE needs to fully rewrite the table's contents (for example, due to change of a column's data type) and also needs to scan the table to re-validate foreign keys or CHECK constraints, it sometimes did things in the wrong order, leading to odd errors such as “could not read block 0 in file "base/nnnnn/nnnnn": read only 0 of 8192 bytes”.

  • Fix REINDEX CONCURRENTLY to preserve the index's replication identity flag (Michael Paquier)

    Previously, reindexing a table's replica identity index caused the setting to be lost, preventing old tuple values from being included in future logical-decoding output.

  • Work around incorrect not-null markings for pg_subscription.subslotname and pg_subscription_rel.srsublsn (Tom Lane)

    The bootstrap catalog data incorrectly marks these two catalog columns as always non-null. There's no easy way to correct that mistake in existing installations (though v13 and later will have the correct markings). The main place that depends on that marking being correct is JIT-enabled tuple deconstruction, so teach it to explicitly ignore the marking for these two columns. Also adjust some C code that accessed srsublsn without checking to see if it's null; a crash from that is improbable but perhaps not impossible.

  • Cope with LATERAL references in restriction clauses attached to an un-flattened sub-SELECT in the FROM clause (Tom Lane)

    This oversight could result in assertion failures or crashes at query execution.

  • Use the query-specified collation for operators invoked during selectivity estimation (Tom Lane)

    Previously, the collation of the underlying database column was used. But using the query's collation is arguably more correct. More importantly, now that we have nondeterministic collations, there are cases where an operator will fail outright if given a nondeterministic collation. We don't want planning to fail in cases where the query itself would work, so this means that we must use the query's collation when invoking operators for estimation purposes.

  • Avoid believing that a never-analyzed foreign table has zero tuples (Tom Lane)

    This primarily affected the planner's estimate of the number of groups that would be obtained by GROUP BY.

  • Remove bogus warning about “leftover placeholder tuple” in BRIN index de-summarization (Álvaro Herrera)

    The case can occur legitimately after a cancelled vacuum, so warning about it is overly noisy.

  • Fix selection of tablespaces for “shared fileset” temporary files (Magnus Hagander, Tom Lane)

    If temp_tablespaces is empty or explicitly names the database's primary tablespace, such files got placed into the pg_default tablespace rather than the database's primary tablespace as expected.

  • Fix corner-case error in masking of SP-GiST index pages during WAL consistency checking (Alexander Korotkov)

    This could cause false failure reports when wal_consistency_checking is enabled.

  • Improve error handling in the server's buffile module (Thomas Munro)

    Fix some cases where I/O errors were indistinguishable from reaching EOF, or were not reported at all. Also add details such as block numbers and byte counts where appropriate.

  • Fix conflict-checking anomalies in SERIALIZABLE isolation mode (Peter Geoghegan)

    If a concurrently-inserted tuple was updated by a different concurrent transaction, and neither tuple version was visible to the current transaction's snapshot, serialization conflict checking could draw the wrong conclusions about whether the tuple was relevant to the results of the current transaction. This could allow a serializable transaction to commit when it should have failed with a serialization error.

  • Avoid repeated marking of dead btree index entries as dead (Masahiko Sawada)

    While functionally harmless, this led to useless WAL traffic when checksums are enabled or wal_log_hints is on.

  • Fix checkpointer process to discard file sync requests when fsync is off (Heikki Linnakangas)

    Such requests are treated as no-ops if fsync is off, but we forgot to remove them from the checkpointer's table of pending actions. This would lead to bloat of that table, as well as possible assertion failures if fsync is later re-enabled.

  • Avoid trouble during cleanup of a non-exclusive backup when JIT compilation has been activated during the backup (Robert Haas)

  • Fix failure of some code paths to acquire the correct lock before modifying pg_control (Nathan Bossart, Fujii Masao)

    This oversight could allow pg_control to be written out with an inconsistent checksum, possibly causing trouble later, including inability to restart the database if it crashed before the next pg_control update.

  • Fix errors in currtid() and currtid2() (Michael Paquier)

    These functions (which are undocumented and used only by ancient versions of the ODBC driver) contained coding errors that could result in crashes, or in confusing error messages such as “could not open file” when applied to a relation having no storage.

  • Avoid calling elog() or palloc() while holding a spinlock (Michael Paquier, Tom Lane)

    Logic associated with replication slots had several violations of this coding rule. While the odds of trouble are quite low, an error in the called function would lead to a stuck spinlock.

  • Fix assertion in logical replication subscriber to allow use of REPLICA IDENTITY FULL (Euler Taveira)

    This was just an incorrect assertion, so it has no impact on standard production builds.

  • Ensure that libpq continues to try to read from the database connection socket after a write failure (Tom Lane)

    This is important not only to ensure that we collect any final error message from a dying server process, but because we do not consider the connection lost until we see a read failure. This oversight allowed libpq to continue trying to send COPY data indefinitely after a mid-transfer loss of connection, rather than reporting failure to the application.

  • Fix bugs in libpq's management of GSS encryption state (Tom Lane)

    A connection using GSS encryption could freeze up when attempting to reset it after a server restart, or when moving on to the next one of a list of candidate servers.

  • Fix ecpg crash with bytea and cursor variables (Jehan-Guillaume de Rorthais)

  • Report out-of-disk-space errors properly in pg_dump and pg_basebackup (Justin Pryzby, Tom Lane, Álvaro Herrera)

    Some code paths could produce silly reports like “could not write file: Success”.

  • Make pg_restore cope with data-offset-less custom-format archive files when it needs to restore data items out of order (David Gilman, Tom Lane)

    pg_dump will produce such files if it cannot seek its output (for example, if the output is piped to something). This fix primarily improves the ability to do a parallel restore from such a file.

  • Fix parallel restore of tables having both table-level privileges and per-column privileges (Tom Lane)

    The table-level privilege grants have to be applied first, but a parallel restore did not reliably order them that way; this could lead to “tuple concurrently updated” errors, or to disappearance of some per-column privilege grants. The fix for this is to include dependency links between such entries in the archive file, meaning that a new dump has to be taken with a corrected pg_dump to ensure that the problem will not recur.

  • Ensure that pg_upgrade runs with vacuum_defer_cleanup_age set to zero in the target cluster (Bruce Momjian)

    If the target cluster's configuration has been modified to set vacuum_defer_cleanup_age to a nonzero value, that prevented freezing of the system catalogs from working properly, which caused the upgrade to fail in confusing ways. Ensure that any such setting is overridden for the duration of the upgrade.

  • Fix pg_recvlogical to drain pending messages before exiting (Noah Misch)

    Without this, the replication sender might detect a send failure and exit without making the expected final update to the replication slot's LSN position. That led to re-transmitting data after the next connection. It was also possible to miss error messages sent after the last data that pg_recvlogical wants to consume.

  • Fix pg_rewind's handling of just-deleted files in the source data directory (Justin Pryzby, Michael Paquier)

    When working with an on-line source database, concurrent file deletions are possible, but pg_rewind would get confused if deletion happened between seeing a file's directory entry and examining it with stat().

  • Make pg_test_fsync use binary I/O mode on Windows (Michael Paquier)

    Previously it wrote the test file in text mode, which is not an accurate reflection of PostgreSQL's actual usage.

  • Fix contrib/amcheck to not complain about deleted index pages that are empty (Alexander Korotkov)

    This state of affairs is normal during WAL replay.

  • Fix failure to initialize local state correctly in contrib/dblink (Joe Conway)

    With the right combination of circumstances, this could lead to dblink_close() issuing an unexpected remote COMMIT.

  • Fix contrib/pgcrypto's misuse of deflate() (Tom Lane)

    The pgp_sym_encrypt functions could produce incorrect compressed data due to mishandling of zlib's API requirements. We have no reports of this error manifesting with stock zlib, but it can be seen when using IBM's zlibNX implementation.

  • Fix corner case in decompression logic in contrib/pgcrypto's pgp_sym_decrypt functions (Kyotaro Horiguchi, Michael Paquier)

    A compressed stream can validly end with an empty packet, but the decompressor failed to handle this and would complain about corrupt data.

  • Support building our NLS code with Microsoft Visual Studio 2015 or later (Juan José Santamaría Flecha, Davinder Singh, Amit Kapila)

  • Avoid possible failure of our MSVC install script when there is a file named configure several levels above the source code tree (Arnold Müller)

    This could confuse some logic that looked for configure to identify the top level of the source tree.

• ⇑ Upgrade to 13 released on 2020-09-24 - docs

  • Change SIMILAR TO ... ESCAPE NULL to return NULL (Tom Lane)

    This new behavior matches the SQL specification. Previously a null ESCAPE value was taken to mean using the default escape string (a backslash character). This also applies to substring(text FROM pattern ESCAPE text). The previous behavior has been retained in old views by keeping the original function unchanged.

  • Make json[b]_to_tsvector() fully check the spelling of its string option (Dominik Czarnota)

  • Change the way non-default effective_io_concurrency values affect concurrency (Thomas Munro)

    Previously, this value was adjusted before setting the number of concurrent requests. The value is now used directly. Conversion of old values to new ones can be done using:

    SELECT round(sum(OLDVALUE / n::float)) AS newvalue FROM generate_series(1, OLDVALUE) s(n);
    

  • Prevent display of auxiliary processes in pg_stat_ssl and pg_stat_gssapi system views (Euler Taveira)

    Queries that join these views to pg_stat_activity and wish to see auxiliary processes will need to use left joins.

  • Rename various wait events to improve consistency (Fujii Masao, Tom Lane)

  • Fix ALTER FOREIGN TABLE ... RENAME COLUMN to return a more appropriate command tag (Fujii Masao)

    Previously it returned ALTER TABLE; now it returns ALTER FOREIGN TABLE.

  • Fix ALTER MATERIALIZED VIEW ... RENAME COLUMN to return a more appropriate command tag (Fujii Masao)

    Previously it returned ALTER TABLE; now it returns ALTER MATERIALIZED VIEW.

  • Rename configuration parameter wal_keep_segments to wal_keep_size (Fujii Masao)

    This determines how much WAL to retain for standby servers. It is specified in megabytes, rather than number of files as with the old parameter. If you previously used wal_keep_segments, the following formula will give you an approximately equivalent setting:

    wal_keep_size = wal_keep_segments * wal_segment_size (typically 16MB)
    

  • Remove support for defining operator classes using pre-PostgreSQL 8.0 syntax (Daniel Gustafsson)

  • Remove support for defining foreign key constraints using pre-PostgreSQL 7.3 syntax (Daniel Gustafsson)

  • Remove support for "opaque" pseudo-types used by pre-PostgreSQL 7.3 servers (Daniel Gustafsson)

  • Remove support for upgrading unpackaged (pre-9.1) extensions (Tom Lane)

    The FROM option of CREATE EXTENSION is no longer supported. Any installations still using unpackaged extensions should upgrade them to a packaged version before updating to PostgreSQL 13.

  • Remove support for posixrules files in the timezone database (Tom Lane)

    IANA's timezone group has deprecated this feature, meaning that it will gradually disappear from systems' timezone databases over the next few years. Rather than have a behavioral change appear unexpectedly with a timezone data update, we have removed PostgreSQL's support for this feature as of version 13. This affects only the behavior of POSIX-style time zone specifications that lack an explicit daylight savings transition rule; formerly the transition rule could be determined by installing a custom posixrules file, but now it is hard-wired. The recommended fix for any affected installations is to start using a geographical time zone name.

  • In ltree, when an lquery pattern contains adjacent asterisks with braces, e.g., *{2}.*{3}, properly interpret that as *{5} (Nikita Glukhov)

  • Fix pageinspect's bt_metap() to return more appropriate data types that are less likely to overflow (Peter Geoghegan)

  • Allow pruning of partitions to happen in more cases (Yuzuko Hosoya, Amit Langote, Álvaro Herrera)

  • Allow partitionwise joins to happen in more cases (Ashutosh Bapat, Etsuro Fujita, Amit Langote, Tom Lane)

    For example, partitionwise joins can now happen between partitioned tables even when their partition bounds do not match exactly.

  • Support row-level BEFORE triggers on partitioned tables (Álvaro Herrera)

    However, such a trigger is not allowed to change which partition is the destination.

  • Allow partitioned tables to be logically replicated via publications (Amit Langote)

    Previously, partitions had to be replicated individually. Now a partitioned table can be published explicitly, causing all its partitions to be published automatically. Addition/removal of a partition causes it to be likewise added to or removed from the publication. The CREATE PUBLICATION option publish_via_partition_root controls whether changes to partitions are published as their own changes or their parent's.

  • Allow logical replication into partitioned tables on subscribers (Amit Langote)

    Previously, subscribers could only receive rows into non-partitioned tables.

  • Allow whole-row variables (that is, table.*) to be used in partitioning expressions (Amit Langote)

  • More efficiently store duplicates in B-tree indexes (Anastasia Lubennikova, Peter Geoghegan)

    This allows efficient B-tree indexing of low-cardinality columns by storing duplicate keys only once. Users upgrading with pg_upgrade will need to use REINDEX to make an existing index use this feature.

  • Allow GiST and SP-GiST indexes on box columns to support ORDER BY box <-> point queries (Nikita Glukhov)

  • Allow GIN indexes to more efficiently handle ! (NOT) clauses in tsquery searches (Nikita Glukhov, Alexander Korotkov, Tom Lane, Julien Rouhaud)

  • Allow index operator classes to take parameters (Nikita Glukhov)

  • Allow CREATE INDEX to specify the GiST signature length and maximum number of integer ranges (Nikita Glukhov)

    Indexes created on four and eight-byte integer array, tsvector, pg_trgm, ltree, and hstore columns can now control these GiST index parameters, rather than using the defaults.

  • Prevent indexes that use non-default collations from being added as a table's unique or primary key constraint (Tom Lane)

    The index's collation must match that of the underlying column, but ALTER TABLE previously failed to check this.

  • Improve the optimizer's selectivity estimation for containment/match operators (Tom Lane)

  • Allow setting the statistics target for extended statistics (Tomas Vondra)

    This is controlled with the new command option ALTER STATISTICS ... SET STATISTICS. Previously this was computed based on more general statistics target settings.

  • Allow use of multiple extended statistics objects in a single query (Tomas Vondra)

  • Allow use of extended statistics objects for OR clauses and IN/ANY constant lists (Pierre Ducroquet, Tomas Vondra)

  • Allow functions in FROM clauses to be pulled up (inlined) if they evaluate to constants (Alexander Kuzmenkov, Aleksandr Parfenov)

  • Implement incremental sorting (James Coleman, Alexander Korotkov, Tomas Vondra)

    If an intermediate query result is known to be sorted by one or more leading keys of a required sort ordering, the additional sorting can be done considering only the remaining keys, if the rows are sorted in batches that have equal leading keys.

    If necessary, this can be controlled using enable_incremental_sort.

  • Improve the performance of sorting inet values (Brandur Leach)

  • Allow hash aggregation to use disk storage for large aggregation result sets (Jeff Davis)

    Previously, hash aggregation was avoided if it was expected to use more than work_mem memory. Now, a hash aggregation plan can be chosen despite that. The hash table will be spilled to disk if it exceeds work_mem times hash_mem_multiplier.

    This behavior is normally preferable to the old behavior, in which once hash aggregation had been chosen, the hash table would be kept in memory no matter how large it got — which could be very large if the planner had misestimated. If necessary, behavior similar to that can be obtained by increasing hash_mem_multiplier.

  • Allow inserts, not only updates and deletes, to trigger vacuuming activity in autovacuum (Laurenz Albe, Darafei Praliaskouski)

    Previously, insert-only activity would trigger auto-analyze but not auto-vacuum, on the grounds that there could not be any dead tuples to remove. However, a vacuum scan has other useful side-effects such as setting page-all-visible bits, which improves the efficiency of index-only scans. Also, allowing an insert-only table to receive periodic vacuuming helps to spread out the work of “freezing” old tuples, so that there is not suddenly a large amount of freezing work to do when the entire table reaches the anti-wraparound threshold all at once.

    If necessary, this behavior can be adjusted with the new parameters autovacuum_vacuum_insert_threshold and autovacuum_vacuum_insert_scale_factor, or the equivalent table storage options.

  • Add maintenance_io_concurrency parameter to control I/O concurrency for maintenance operations (Thomas Munro)

  • Allow WAL writes to be skipped during a transaction that creates or rewrites a relation, if wal_level is minimal (Kyotaro Horiguchi)

    Relations larger than wal_skip_threshold will have their files fsync'ed rather than generating WAL. Previously this was done only for COPY operations, but the implementation had a bug that could cause data loss during crash recovery.

  • Improve performance when replaying DROP DATABASE commands when many tablespaces are in use (Fujii Masao)

  • Improve performance for truncation of very large relations (Kirk Jamison)

  • Improve retrieval of the leading bytes of TOAST'ed values (Binguo Bao, Andrey Borodin)

    Previously, compressed out-of-line TOAST values were fully fetched even when it's known that only some leading bytes are needed. Now, only enough data to produce the result is fetched.

  • Improve performance of LISTEN/NOTIFY (Martijn van Oosterhout, Tom Lane)

  • Speed up conversions of integers to text (David Fetter)

  • Reduce memory usage for query strings and extension scripts that contain many SQL statements (Amit Langote)

  • Allow EXPLAIN, auto_explain, autovacuum, and pg_stat_statements to track WAL usage statistics (Kirill Bychik, Julien Rouhaud)

  • Allow a sample of SQL statements, rather than all statements, to be logged (Adrien Nayrat)

    A log_statement_sample_rate fraction of those statements taking more than log_min_duration_sample duration will be logged.

  • Add the backend type to csvlog and optionally log_line_prefix log output (Peter Eisentraut)

  • Improve control of prepared statement parameter logging (Alexey Bashtanov, Álvaro Herrera)

    The GUC setting log_parameter_max_length controls the maximum length of parameter values output during logging of non-error statements, while log_parameter_max_length_on_error does the same for logging of statements with errors. Previously, prepared statement parameters were never logged during errors.

  • Allow function call backtraces to be logged after errors (Peter Eisentraut, Álvaro Herrera)

    The new parameter backtrace_functions specifies which C functions should generate backtraces on error.

  • Make vacuum buffer counters 64-bits wide to avoid overflow (Álvaro Herrera)

  • Add leader_pid to pg_stat_activity to report a parallel worker's leader process (Julien Rouhaud)

  • Add system view pg_stat_progress_basebackup to report the progress of streaming base backups (Fujii Masao)

  • Add system view pg_stat_progress_analyze to report ANALYZE progress (Álvaro Herrera, Tatsuro Yamada, Vinayak Pokale)

  • Add system view pg_shmem_allocations to display shared memory usage (Andres Freund, Robert Haas)

  • Add system view pg_stat_slru to monitor internal SLRU caches (Tomas Vondra)

  • Allow track_activity_query_size to be set as high as 1MB (Vyacheslav Makarov)

    The previous maximum was 100kB.

  • Report a wait event while creating a DSM segment with posix_fallocate() (Thomas Munro)

  • Add wait event VacuumDelay to report on cost-based vacuum delay (Justin Pryzby)

  • Add wait events for WAL archive and recovery pause (Fujii Masao)

    The new events are BackupWaitWalArchive and RecoveryPause.

  • Add wait events RecoveryConflictSnapshot and RecoveryConflictTablespace to monitor recovery conflicts (Masahiko Sawada)

  • Improve performance of wait events on BSD-based systems (Thomas Munro)

  • Allow only superusers to view the ssl_passphrase_command setting (Insung Moon)

    This was changed as a security precaution.

  • Change the server's default minimum TLS version for encrypted connections from 1.0 to 1.2 (Peter Eisentraut)

    This choice can be controlled by ssl_min_protocol_version.

  • Tighten rules on which utility commands are allowed in read-only transaction mode (Robert Haas)

    This change also increases the number of utility commands that can run in parallel queries.

  • Allow allow_system_table_mods to be changed after server start (Peter Eisentraut)

  • Disallow non-superusers from modifying system tables when allow_system_table_mods is set (Peter Eisentraut)

    Previously, if allow_system_table_mods was set at server start, non-superusers could issue INSERT/UPDATE/DELETE commands on system tables.

  • Enable support for Unix-domain sockets on Windows (Peter Eisentraut)

  • Allow streaming replication configuration settings to be changed by reload (Sergei Kornilov)

    Previously, a server restart was required to change primary_conninfo and primary_slot_name.

  • Allow WAL receivers to use a temporary replication slot when a permanent one is not specified (Peter Eisentraut, Sergei Kornilov)

    This behavior can be enabled using wal_receiver_create_temp_slot.

  • Allow WAL storage for replication slots to be limited by max_slot_wal_keep_size (Kyotaro Horiguchi)

    Replication slots that would require exceeding this value are marked invalid.

  • Allow standby promotion to cancel any requested pause (Fujii Masao)

    Previously, promotion could not happen while the standby was in paused state.

  • Generate an error if recovery does not reach the specified recovery target (Leif Gunnar Erlandsen, Peter Eisentraut)

    Previously, a standby would promote itself upon reaching the end of WAL, even if the target was not reached.

  • Allow control over how much memory is used by logical decoding before it is spilled to disk (Tomas Vondra, Dilip Kumar, Amit Kapila)

    This is controlled by logical_decoding_work_mem.

  • Allow recovery to continue even if invalid pages are referenced by WAL (Fujii Masao)

    This is enabled using ignore_invalid_pages.

  • Allow VACUUM to process a table's indexes in parallel (Masahiko Sawada, Amit Kapila)

    The new PARALLEL option controls this.

  • Allow FETCH FIRST to use WITH TIES to return any additional rows that match the last result row (Surafel Temesgen)

  • Report planning-time buffer usage in EXPLAIN's BUFFER output (Julien Rouhaud)

  • Make CREATE TABLE LIKE propagate a CHECK constraint's NO INHERIT property to the created table (Ildar Musin, Chris Travers)

  • When using LOCK TABLE on a partitioned table, do not check permissions on the child tables (Amit Langote)

  • Allow OVERRIDING USER VALUE on inserts into identity columns (Dean Rasheed)

  • Add ALTER TABLE ... DROP EXPRESSION to allow removing the GENERATED property from a column (Peter Eisentraut)

  • Fix bugs in multi-step ALTER TABLE commands (Tom Lane)

    IF NOT EXISTS clauses now work as expected, in that derived actions (such as index creation) do not execute if the column already exists. Also, certain cases of combining related actions into one ALTER TABLE now work when they did not before.

  • Add ALTER VIEW syntax to rename view columns (Fujii Masao)

    Renaming view columns was already possible, but one had to write ALTER TABLE RENAME COLUMN, which is confusing.

  • Add ALTER TYPE options to modify a base type's TOAST properties and support functions (Tomas Vondra, Tom Lane)

  • Add CREATE DATABASE LOCALE option (Peter Eisentraut)

    This combines the existing options LC_COLLATE and LC_CTYPE into a single option.

  • Allow DROP DATABASE to disconnect sessions using the target database, allowing the drop to succeed (Pavel Stehule, Amit Kapila)

    This is enabled by the FORCE option.

  • Add structure member tg_updatedcols to allow C-language update triggers to know which column(s) were updated (Peter Eisentraut)

  • Add polymorphic data types for use by functions requiring compatible arguments (Pavel Stehule)

    The new data types are anycompatible, anycompatiblearray, anycompatiblenonarray, and anycompatiblerange.

  • Add SQL data type xid8 to expose FullTransactionId (Thomas Munro)

    The existing xid data type is only four bytes so it does not provide the transaction epoch.

  • Add data type regcollation and associated functions, to represent OIDs of collation objects (Julien Rouhaud)

  • Use the glibc version in some cases as a collation version identifier (Thomas Munro)

    If the glibc version changes, a warning will be issued about possible corruption of collation-dependent indexes.

  • Add support for collation versions on Windows (Thomas Munro)

  • Allow ROW expressions to have their members extracted with suffix notation (Tom Lane)

    For example, (ROW(4, 5.0)).f1 now returns 4.

  • Add alternate version of jsonb_set() with improved NULL handling (Andrew Dunstan)

    The new function, jsonb_set_lax(), handles a NULL new value by either setting the specified key to a JSON null, deleting the key, raising an exception, or returning the jsonb value unmodified, as requested.

  • Add jsonpath .datetime() method (Nikita Glukhov, Teodor Sigaev, Oleg Bartunov, Alexander Korotkov)

    This function allows JSON values to be converted to timestamps, which can then be processed in jsonpath expressions. This change also adds jsonpath functions that support time-zone-aware output.

  • Add SQL functions NORMALIZE() to normalize Unicode strings, and IS NORMALIZED to check for normalization (Peter Eisentraut)

  • Add min() and max() aggregates for pg_lsn (Fabrízio de Royes Mello)

    These are particularly useful in monitoring queries.

  • Allow Unicode escapes, e.g., E'\unnnn' or U&'\nnnn', to specify any character available in the database encoding, even when the database encoding is not UTF-8 (Tom Lane)

  • Allow to_date() and to_timestamp() to recognize non-English month/day names (Juan José Santamaría Flecha, Tom Lane)

    The names recognized are the same as those output by to_char() with the same format patterns.

  • Add datetime format patterns FF1 – FF6 to specify input or output of 1 to 6 fractional-second digits (Alexander Korotkov, Nikita Glukhov, Teodor Sigaev, Oleg Bartunov)

    These patterns can be used by to_char(), to_timestamp(), and jsonpath's .datetime().

  • Add SSSSS datetime format pattern as an SQL-standard alias for SSSS (Nikita Glukhov, Alexander Korotkov)

  • Add function gen_random_uuid() to generate version-4 UUIDs (Peter Eisentraut)

    Previously UUID generation functions were only available in the external modules uuid-ossp and pgcrypto.

  • Add greatest-common-denominator (gcd) and least-common-multiple (lcm) functions (Vik Fearing)

  • Improve the performance and accuracy of the numeric type's square root (sqrt) and natural log (ln) functions (Dean Rasheed)

  • Add function min_scale() that returns the number of digits to the right of the decimal point that are required to represent a numeric value with full accuracy (Pavel Stehule)

  • Add function trim_scale() to reduce the scale of a numeric value by removing trailing zeros (Pavel Stehule)

  • Add commutators of distance operators (Nikita Glukhov)

    For example, previously only point <-> line was supported, now line <-> point works too.

  • Create xid8 versions of all transaction ID functions (Thomas Munro)

    The old xid-based functions still exist, for backward compatibility.

  • Allow get_bit() and set_bit() to set bits beyond the first 256MB of a bytea value (Movead Li)

  • Allow advisory-lock functions to be used in some parallel operations (Tom Lane)

  • Add the ability to remove an object's dependency on an extension (Álvaro Herrera)

    The object can be a function, materialized view, index, or trigger. The syntax is ALTER .. NO DEPENDS ON.

  • Improve performance of simple PL/pgSQL expressions (Tom Lane, Amit Langote)

  • Improve performance of PL/pgSQL functions that use immutable expressions (Konstantin Knizhnik)

  • Allow libpq clients to require channel binding for encrypted connections (Jeff Davis)

    Using the libpq connection parameter channel_binding forces the other end of the TLS connection to prove it knows the user's password. This prevents man-in-the-middle attacks.

  • Add libpq connection parameters to control the minimum and maximum TLS version allowed for an encrypted connection (Daniel Gustafsson)

    The settings are ssl_min_protocol_version and ssl_max_protocol_version. By default, the minimum TLS version is 1.2 (this represents a behavioral change from previous releases).

  • Allow use of passwords to unlock client certificates (Craig Ringer, Andrew Dunstan)

    This is enabled by libpq's sslpassword connection parameter.

  • Allow libpq to use DER-encoded client certificates (Craig Ringer, Andrew Dunstan)

  • Fix ecpg's EXEC SQL elif directive to work correctly (Tom Lane)

    Previously it behaved the same as endif followed by ifdef, so that a successful previous branch of the same if construct did not prevent expansion of the elif branch or following branches.

  • Add transaction status (%x) to psql's default prompts (Vik Fearing)

  • Allow the secondary psql prompt to be blank but the same width as the primary prompt (Thomas Munro)

    This is accomplished by setting PROMPT2 to %w.

  • Allow psql's \g and \gx commands to change \pset output options for the duration of that single command (Tom Lane)

    This feature allows syntax like \g (expand=on), which is equivalent to \gx.

  • Add psql commands to display operator classes and operator families (Sergey Cherkashin, Nikita Glukhov, Alexander Korotkov)

    The new commands are \dAc, \dAf, \dAo, and \dAp.

  • Show table persistence in psql's \dt+ and related commands (David Fetter)

    In verbose mode, the table/index/view shows if the object is permanent, temporary, or unlogged.

  • Improve output of psql's \d for TOAST tables (Justin Pryzby)

  • Fix redisplay after psql's \e command (Tom Lane)

    When exiting the editor, if the query doesn't end with a semicolon or \g, the query buffer contents will now be displayed.

  • Add \warn command to psql (David Fetter)

    This is like \echo except that the text is sent to stderr instead of stdout.

  • Add the PostgreSQL home page to command-line --help output (Peter Eisentraut)

  • Allow pgbench to partition its “accounts” table (Fabien Coelho)

    This allows performance testing of partitioning.

  • Add pgbench command \aset, which behaves like \gset, but for multiple queries (Fabien Coelho)

  • Allow pgbench to generate its initial data server-side, rather than client-side (Fabien Coelho)

  • Allow pgbench to show script contents using option --show-script (Fabien Coelho)

  • Generate backup manifests for base backups, and verify them (Robert Haas)

    A new tool pg_verifybackup can verify backups.

  • Have pg_basebackup estimate the total backup size by default (Fujii Masao)

    This computation allows pg_stat_progress_basebackup to show progress. If that is not needed, it can be disabled by using the --no-estimate-size option. Previously, this computation happened only if the --progress option was used.

  • Add an option to pg_rewind to configure standbys (Paul Guo, Jimmy Yih, Ashwin Agrawal)

    This matches pg_basebackup's --write-recovery-conf option.

  • Allow pg_rewind to use the target cluster's restore_command to retrieve needed WAL (Alexey Kondratov)

    This is enabled using the -c/--restore-target-wal option.

  • Have pg_rewind automatically run crash recovery before rewinding (Paul Guo, Jimmy Yih, Ashwin Agrawal)

    This can be disabled by using --no-ensure-shutdown.

  • Increase the PREPARE TRANSACTION-related information reported by pg_waldump (Fujii Masao)

  • Add pg_waldump option --quiet to suppress non-error output (Andres Freund, Robert Haas)

  • Add pg_dump option --include-foreign-data to dump data from foreign servers (Luis Carril)

  • Allow vacuum commands run by vacuumdb to operate in parallel mode (Masahiko Sawada)

    This is enabled with the new --parallel option.

  • Allow reindexdb to operate in parallel (Julien Rouhaud)

    Parallel mode is enabled with the new --jobs option.

  • Allow dropdb to disconnect sessions using the target database, allowing the drop to succeed (Pavel Stehule)

    This is enabled with the -f option.

  • Remove --adduser and --no-adduser from createuser (Alexander Lakhin)

    The long-supported preferred options for this are called --superuser and --no-superuser.

  • Use the directory of the pg_upgrade program as the default --new-bindir setting when running pg_upgrade (Daniel Gustafsson)

  • Add a glossary to the documentation (Corey Huinker, Jürgen Purtz, Roger Harkavy, Álvaro Herrera)

  • Reformat tables containing function and operator information for better clarity (Tom Lane)

  • Upgrade to use DocBook 4.5 (Peter Eisentraut)

  • Add support for building on Visual Studio 2019 (Haribabu Kommi)

  • Add build support for MSYS2 (Peter Eisentraut)

  • Add compare_exchange and fetch_add assembly language code for Power PC compilers (Noah Misch)

  • Update Snowball stemmer dictionaries used by full text search (Panagiotis Mavrogiorgos)

    This adds Greek stemming and improves Danish and French stemming.

  • Remove support for Windows 2000 (Michael Paquier)

  • Remove support for non-ELF BSD systems (Peter Eisentraut)

  • Remove support for Python versions 2.5.X and earlier (Peter Eisentraut)

  • Remove support for OpenSSL 0.9.8 and 1.0.0 (Michael Paquier)

  • Remove configure options --disable-float8-byval and --disable-float4-byval (Peter Eisentraut)

    These were needed for compatibility with some version-zero C functions, but those are no longer supported.

  • Pass the query string to planner hook functions (Pascal Legrand, Julien Rouhaud)

  • Add TRUNCATE command hook (Yuli Khodorkovskiy)

  • Add TLS init hook (Andrew Dunstan)

  • Allow building with no predefined Unix-domain socket directory (Peter Eisentraut)

  • Reduce the probability of SysV resource key collision on Unix platforms (Tom Lane)

  • Use operating system functions to reliably erase memory that contains sensitive information (Peter Eisentraut)

    For example, this is used for clearing passwords stored in memory.

  • Add headerscheck script to test C header-file compatibility (Tom Lane)

  • Implement internal lists as arrays, rather than a chain of cells (Tom Lane)

    This improves performance for queries that access many objects.

  • Change the API for TS_execute() (Tom Lane, Pavel Borisov)

    TS_execute callbacks must now provide ternary (yes/no/maybe) logic. Calculating NOT queries accurately is now the default.

  • Allow extensions to be specified as trusted (Tom Lane)

    Such extensions can be installed in a database by users with database-level CREATE privileges, even if they are not superusers. This change also removes the pg_pltemplate system catalog.

  • Allow non-superusers to connect to postgres_fdw foreign servers without using a password (Craig Ringer)

    Specifically, allow a superuser to set password_required to false for a user mapping. Care must still be taken to prevent non-superusers from using superuser credentials to connect to the foreign server.

  • Allow postgres_fdw to use certificate authentication (Craig Ringer)

    Different users can use different certificates.

  • Allow sepgsql to control access to the TRUNCATE command (Yuli Khodorkovskiy)

  • Add extension bool_plperl which transforms SQL booleans to/from PL/Perl booleans (Ivan Panchenko)

  • Have pg_stat_statements treat SELECT ... FOR UPDATE commands as distinct from those without FOR UPDATE (Andrew Gierth, Vik Fearing)

  • Allow pg_stat_statements to optionally track the planning time of statements (Julien Rouhaud, Pascal Legrand, Thomas Munro, Fujii Masao)

    Previously only execution time was tracked.

  • Overhaul ltree's lquery syntax to treat NOT (!) more logically (Filip Rembialkowski, Tom Lane, Nikita Glukhov)

    Also allow non-* queries to use a numeric range ({}) of matches.

  • Add support for binary I/O of ltree, lquery, and ltxtquery types (Nino Floris)

  • Add an option to dict_int to ignore the sign of integers (Jeff Janes)

  • Add adminpack function pg_file_sync() to allow fsync'ing a file (Fujii Masao)

  • Add pageinspect functions to output t_infomask/t_infomask2 values in human-readable format (Craig Ringer, Sawada Masahiko, Michael Paquier)

  • Add B-tree index de-duplication processing columns to pageinspect output (Peter Geoghegan)

• ⇑ Upgrade to 13.1 released on 2020-11-12 - docs

  • Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries (Noah Misch)

    This is essentially a leak in the “security restricted operation” sandbox mechanism. An attacker having permission to create non-temporary SQL objects could parlay this leak to execute arbitrary SQL code as a superuser.

    The PostgreSQL Project thanks Etienne Stalmans for reporting this problem. (CVE-2020-25695)

  • Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb (Tom Lane)

    The -d parameter of pg_dump and pg_restore, or the --maintenance-db parameter of the other programs mentioned, can be a “connection string” containing multiple connection parameters rather than just a database name. In cases where these programs need to initiate additional connections, such as parallel processing or processing of multiple databases, the connection string was forgotten and just the basic connection parameters (database name, host, port, and username) were used for the additional connections. This could lead to connection failures if the connection string included any other essential information, such as non-default SSL or GSS parameters. Worse, the connection might succeed but not be encrypted as intended, or be vulnerable to man-in-the-middle attacks that the intended connection parameters would have prevented. (CVE-2020-25694)

  • When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used (Tom Lane)

    This avoids cases where reconnection might fail due to omission of relevant parameters, such as non-default SSL or GSS options. Worse, the reconnection might succeed but not be encrypted as intended, or be vulnerable to man-in-the-middle attacks that the intended connection parameters would have prevented. This is largely the same problem as just cited for pg_dump et al, although psql's behavior is more complex since the user may intentionally override some connection parameters. (CVE-2020-25694)

  • Prevent psql's \gset command from modifying specially-treated variables (Noah Misch)

    \gset without a prefix would overwrite whatever variables the server told it to. Thus, a compromised server could set specially-treated variables such as PROMPT1, giving the ability to execute arbitrary shell code in the user's session.

    The PostgreSQL Project thanks Nick Cleaton for reporting this problem. (CVE-2020-25696)

  • Fix unintended breakage of the replication protocol (Álvaro Herrera)

    A walsender reports two command-completion events for START_REPLICATION. This was undocumented and apparently unintentional; so we failed to notice that a late 13.0 change removed the duplicate event. However it turns out that walreceivers require the extra event in some code paths. The most practical fix is to decree that the extra event is part of the protocol and resume generating it.

  • Ensure that SLRU directories are properly fsync'd during checkpoints (Thomas Munro)

    This prevents possible data loss in a subsequent operating system crash.

  • Fix ALTER ROLE for users with the BYPASSRLS attribute (Tom Lane, Stephen Frost)

    The BYPASSRLS attribute is only allowed to be changed by superusers, but other ALTER ROLE operations, such as password changes, should be allowed with only ordinary permission checks. The previous coding erroneously restricted all changes on such a role to superusers.

  • Disallow ALTER TABLE ONLY ... DROP EXPRESSION when there are child tables (Peter Eisentraut)

    The current implementation cannot handle this case correctly, so just forbid it for now.

  • Ensure that ALTER TABLE ONLY ... ENABLE/DISABLE TRIGGER does not recurse to child tables (Álvaro Herrera)

    Previously the ONLY flag was ignored.

  • Allow LOCK TABLE to succeed on a self-referential view (Tom Lane)

    It previously threw an error complaining about infinite recursion, but there seems no need to disallow the case.

  • Retain statistics about an index across REINDEX CONCURRENTLY (Michael Paquier, Fabrízio de Royes Mello)

    Non-concurrent reindexing has always preserved such statistics.

  • Fix incorrect progress reporting from REINDEX CONCURRENTLY (Matthias van de Meent, Michael Paquier)

  • Ensure that GENERATED columns are updated when the column(s) they depend on are updated via a rule or an updatable view (Tom Lane)

    This fix also takes care of possible failure to fire a column-specific trigger in such cases.

  • Fix failures with collation-dependent partition bound expressions (Tom Lane)

  • Support hashing of text arrays (Peter Eisentraut)

    Array hashing failed if the array element type is collatable. Notably, this prevented using hash partitioning with a text array column as partition key.

  • Prevent internal overflows in cross-type datetime comparisons (Nikita Glukhov, Alexander Korotkov, Tom Lane)

    Previously, comparing a date to a timestamp would fail if the date is past the valid range for timestamps. There were also corner cases involving overflow of close-to-the-limit timestamp values during timezone rotation.

  • Fix off-by-one conversion of negative years to BC dates in to_date() and to_timestamp() (Dar Alathar-Yemen, Tom Lane)

    Also, arrange for the combination of a negative year and an explicit “BC” marker to cancel out and produce AD.

  • Allow the jsonpath .datetime() method to accept ISO 8601-format timestamps (Nikita Glukhov)

    This is not required by SQL, but it seems appropriate since our to_json() functions generate that timestamp format for Javascript compatibility.

  • Ensure that standby servers will archive WAL timeline history files when archive_mode is set to always (Grigory Smolkin, Fujii Masao)

    This oversight could lead to failure of subsequent PITR recovery attempts.

  • Fix edge cases in detecting premature death of the postmaster on platforms that use kqueue() (Thomas Munro)

  • Avoid generating an incorrect incremental-sort plan when the sort key is a volatile expression (James Coleman)

  • Fix possible crash when considering partition-wise joins during GEQO planning (Tom Lane)

  • Fix possible infinite loop or corrupted output data in TOAST decompression (Tom Lane)

  • Fix counting of the number of entries in B-tree indexes during cleanup-only VACUUMs (Peter Geoghegan)

  • Ensure that data is detoasted before being inserted into a BRIN index (Tomas Vondra)

    Index entries are not supposed to contain out-of-line TOAST pointers, but BRIN didn't get that memo. This could lead to errors like “missing chunk number 0 for toast value NNN”. (If you are faced with such an error from an existing index, REINDEX should be enough to fix it.)

  • Fix buffered GiST index builds to work when the index has included columns (Pavel Borisov)

  • Fix unportable use of getnameinfo() in pg_hba_file_rules view (Tom Lane)

    On FreeBSD 11, and possibly other platforms, the view's address and netmask columns were always null due to this error.

  • Avoid crash if debug_query_string is NULL when starting a parallel worker (Noah Misch)

  • Avoid failures when a BEFORE ROW UPDATE trigger returns the “old” row of a table having dropped or “missing” columns (Amit Langote, Tom Lane)

    This method of suppressing an update could result in crashes, unexpected CHECK constraint failures, or incorrect RETURNING output, because “missing” columns would read as NULLs for those purposes. (A column is “missing” for this purpose if it was added by ALTER TABLE ADD COLUMN with a non-NULL, but constant, default value.) Dropped columns could cause trouble as well.

  • Fix EXPLAIN's output for incremental sort plans to have correct tag nesting in XML output mode (Daniel Gustafsson)

  • Avoid unnecessary failure when transferring very large payloads through shared memory queues (Markus Wanner)

  • Fix omission of result data type coercion in some cases in SQL-language functions (Tom Lane)

    This could lead to wrong results or crashes, depending on the data types involved.

  • Fix incorrect handling of template function attributes in JIT code generation (Andres Freund)

    This has been shown to cause crashes on s390x, and very possibly there are other cases on other platforms.

  • Improve code generated for compare_exchange and fetch_add operations on PPC (Noah Misch)

  • Fix relation cache memory leaks with RLS policies (Tom Lane)

  • Fix edge-case memory leak in index_get_partition() (Justin Pryzby)

  • Fix small memory leak when SIGHUP processing decides that a new GUC variable value cannot be applied without a restart (Tom Lane)

  • Fix memory leaks in PL/pgsql's CALL processing (Pavel Stehule, Tom Lane)

  • In libpq for Windows, call WSAStartup() once per process and WSACleanup() not at all (Tom Lane, Alexander Lakhin)

    Previously, libpq invoked WSAStartup() at connection start and WSACleanup() at connection cleanup. However, it appears that calling WSACleanup() can interfere with other program operations; notably, we have observed rare failures to emit expected output to stdout. There appear to be no ill effects from omitting the call, so do that. (This also eliminates a performance issue from repeated DLL loads and unloads when a program performs a series of database connections.)

  • Fix ecpg library's per-thread initialization logic for Windows (Tom Lane, Alexander Lakhin)

    Multi-threaded ecpg applications could suffer rare misbehavior due to incorrect locking.

  • Fix ecpg's mis-processing of B'...' and X'...' literals (Shenhao Wang)

  • On Windows, make psql read the output of a backtick command in text mode, not binary mode (Tom Lane)

    This ensures proper handling of newlines.

  • Ensure that pg_dump collects per-column information about extension configuration tables (Fabrízio de Royes Mello, Tom Lane)

    Failure to do this led to crashes when specifying --inserts, or underspecified (though usually correct) COPY commands when using COPY to reload the tables' data.

  • Make pg_upgrade check for pre-existence of tablespace directories in the target cluster (Bruce Momjian)

  • Fix potential memory leak in contrib/pgcrypto (Michael Paquier)

  • Add check for an unlikely failure case in contrib/pgcrypto (Daniel Gustafsson)

  • Fix recently-added timetz test case so it works when the USA is not observing daylight savings time (Tom Lane)

  • Update time zone data files to tzdata release 2020d for DST law changes in Fiji, Morocco, Palestine, the Canadian Yukon, Macquarie Island, and Casey Station (Antarctica); plus historical corrections for France, Hungary, Monaco, and Palestine.

  • Sync our copy of the timezone library with IANA tzcode release 2020d (Tom Lane)

    This absorbs upstream's change of zic's default output option from “fat” to “slim”. That's just cosmetic for our purposes, as we continue to select the “fat” mode in pre-v13 branches. This change also ensures that strftime() does not change errno unless it fails.