Upgrading from 9.6.20 to 12.7 gives you 6.1 months worth of fixes (974 of them)

List of changes:

• ⇑ Upgrade to 10 released on 2017-10-05 - docs

  • Hash indexes must be rebuilt after pg_upgrade-ing from any previous major PostgreSQL version (Mithun Cy, Robert Haas, Amit Kapila)

    Major hash index improvements necessitated this requirement. pg_upgrade will create a script to assist with this.

  • Rename write-ahead log directory pg_xlog to pg_wal, and rename transaction status directory pg_clog to pg_xact (Michael Paquier)

    Users have occasionally thought that these directories contained only inessential log files, and proceeded to remove write-ahead log files or transaction status files manually, causing irrecoverable data loss. These name changes are intended to discourage such errors in future.

  • Rename SQL functions, tools, and options that reference “xlog” to “wal” (Robert Haas)

    For example, pg_switch_xlog() becomes pg_switch_wal(), pg_receivexlog becomes pg_receivewal, and --xlogdir becomes --waldir. This is for consistency with the change of the pg_xlog directory name; in general, the “xlog” terminology is no longer used in any user-facing places.

  • Rename WAL-related functions and views to use lsn instead of location (David Rowley)

    There was previously an inconsistent mixture of the two terminologies.

  • Change the implementation of set-returning functions appearing in a query's SELECT list (Andres Freund)

    Set-returning functions are now evaluated before evaluation of scalar expressions in the SELECT list, much as though they had been placed in a LATERAL FROM-clause item. This allows saner semantics for cases where multiple set-returning functions are present. If they return different numbers of rows, the shorter results are extended to match the longest result by adding nulls. Previously the results were cycled until they all terminated at the same time, producing a number of rows equal to the least common multiple of the functions' periods. In addition, set-returning functions are now disallowed within CASE and COALESCE constructs. For more information see Section 37.4.8.

  • Use standard row constructor syntax in UPDATE ... SET (column_list) = row_constructor (Tom Lane)

    The row_constructor can now begin with the keyword ROW; previously that had to be omitted. If just one column name appears in the column_list, then the row_constructor now must use the ROW keyword, since otherwise it is not a valid row constructor but just a parenthesized expression. Also, an occurrence of table_name.* within the row_constructor is now expanded into multiple columns, as occurs in other uses of row_constructors.

  • When ALTER TABLE ... ADD PRIMARY KEY marks columns NOT NULL, that change now propagates to inheritance child tables as well (Michael Paquier)

  • Prevent statement-level triggers from firing more than once per statement (Tom Lane)

    Cases involving writable CTEs updating the same table updated by the containing statement, or by another writable CTE, fired BEFORE STATEMENT or AFTER STATEMENT triggers more than once. Also, if there were statement-level triggers on a table affected by a foreign key enforcement action (such as ON DELETE CASCADE), they could fire more than once per outer SQL statement. This is contrary to the SQL standard, so change it.

  • Move sequences' metadata fields into a new pg_sequence system catalog (Peter Eisentraut)

    A sequence relation now stores only the fields that can be modified by nextval(), that is last_value, log_cnt, and is_called. Other sequence properties, such as the starting value and increment, are kept in a corresponding row of the pg_sequence catalog. ALTER SEQUENCE updates are now fully transactional, implying that the sequence is locked until commit. The nextval() and setval() functions remain nontransactional.

    The main incompatibility introduced by this change is that selecting from a sequence relation now returns only the three fields named above. To obtain the sequence's other properties, applications must look into pg_sequence. The new system view pg_sequences can also be used for this purpose; it provides column names that are more compatible with existing code.

    Also, sequences created for SERIAL columns now generate positive 32-bit wide values, whereas previous versions generated 64-bit wide values. This has no visible effect if the values are only stored in a column.

    The output of psql's \d command for a sequence has been redesigned, too.

  • Make pg_basebackup stream the WAL needed to restore the backup by default (Magnus Hagander)

    This changes pg_basebackup's -X/--wal-method default to stream. An option value none has been added to reproduce the old behavior. The pg_basebackup option -x has been removed (instead, use -X fetch).

  • Change how logical replication uses pg_hba.conf (Peter Eisentraut)

    In previous releases, a logical replication connection required the replication keyword in the database column. As of this release, logical replication matches a normal entry with a database name or keywords such as all. Physical replication continues to use the replication keyword. Since built-in logical replication is new in this release, this change only affects users of third-party logical replication plugins.

  • Make all pg_ctl actions wait for completion by default (Peter Eisentraut)

    Previously some pg_ctl actions didn't wait for completion, and required the use of -w to do so.

  • Change the default value of the log_directory server parameter from pg_log to log (Andreas Karlsson)

  • Add configuration option ssl_dh_params_file to specify file name for custom OpenSSL DH parameters (Heikki Linnakangas)

    This replaces the hardcoded, undocumented file name dh1024.pem. Note that dh1024.pem is no longer examined by default; you must set this option if you want to use custom DH parameters.

  • Increase the size of the default DH parameters used for OpenSSL ephemeral DH ciphers to 2048 bits (Heikki Linnakangas)

    The size of the compiled-in DH parameters has been increased from 1024 to 2048 bits, making DH key exchange more resistant to brute-force attacks. However, some old SSL implementations, notably some revisions of Java Runtime Environment version 6, will not accept DH parameters longer than 1024 bits, and hence will not be able to connect over SSL. If it's necessary to support such old clients, you can use custom 1024-bit DH parameters instead of the compiled-in defaults. See ssl_dh_params_file.

  • Remove the ability to store unencrypted passwords on the server (Heikki Linnakangas)

    The password_encryption server parameter no longer supports off or plain. The UNENCRYPTED option is no longer supported in CREATE/ALTER USER ... PASSWORD. Similarly, the --unencrypted option has been removed from createuser. Unencrypted passwords migrated from older versions will be stored encrypted in this release. The default setting for password_encryption is still md5.

  • Add min_parallel_table_scan_size and min_parallel_index_scan_size server parameters to control parallel queries (Amit Kapila, Robert Haas)

    These replace min_parallel_relation_size, which was found to be too generic.

  • Don't downcase unquoted text within shared_preload_libraries and related server parameters (QL Zhuo)

    These settings are really lists of file names, but they were previously treated as lists of SQL identifiers, which have different parsing rules.

  • Remove sql_inheritance server parameter (Robert Haas)

    Changing this setting from the default value caused queries referencing parent tables to not include child tables. The SQL standard requires them to be included, however, and this has been the default since PostgreSQL 7.1.

  • Allow multi-dimensional arrays to be passed into PL/Python functions, and returned as nested Python lists (Alexey Grishchenko, Dave Cramer, Heikki Linnakangas)

    This feature requires a backwards-incompatible change to the handling of arrays of composite types in PL/Python. Previously, you could return an array of composite values by writing, e.g., [[col1, col2], [col1, col2]]; but now that is interpreted as a two-dimensional array. Composite types in arrays must now be written as Python tuples, not lists, to resolve the ambiguity; that is, write [(col1, col2), (col1, col2)] instead.

  • Remove PL/Tcl's “module” auto-loading facility (Tom Lane)

    This functionality has been replaced by new server parameters pltcl.start_proc and pltclu.start_proc, which are easier to use and more similar to features available in other PLs.

  • Remove pg_dump/pg_dumpall support for dumping from pre-8.0 servers (Tom Lane)

    Users needing to dump from pre-8.0 servers will need to use dump programs from PostgreSQL 9.6 or earlier. The resulting output should still load successfully into newer servers.

  • Remove support for floating-point timestamps and intervals (Tom Lane)

    This removes configure's --disable-integer-datetimes option. Floating-point timestamps have few advantages and have not been the default since PostgreSQL 8.3.

  • Remove server support for client/server protocol version 1.0 (Tom Lane)

    This protocol hasn't had client support since PostgreSQL 6.3.

  • Remove contrib/tsearch2 module (Robert Haas)

    This module provided compatibility with the version of full text search that shipped in pre-8.3 PostgreSQL releases.

  • Remove createlang and droplang command-line applications (Peter Eisentraut)

    These had been deprecated since PostgreSQL 9.1. Instead, use CREATE EXTENSION and DROP EXTENSION directly.

  • Remove support for version-0 function calling conventions (Andres Freund)

    Extensions providing C-coded functions must now conform to version 1 calling conventions. Version 0 has been deprecated since 2001.

  • Support parallel B-tree index scans (Rahila Syed, Amit Kapila, Robert Haas, Rafia Sabih)

    This change allows B-tree index pages to be searched by separate parallel workers.

  • Support parallel bitmap heap scans (Dilip Kumar)

    This allows a single index scan to dispatch parallel workers to process different areas of the heap.

  • Allow merge joins to be performed in parallel (Dilip Kumar)

  • Allow non-correlated subqueries to be run in parallel (Amit Kapila)

  • Improve ability of parallel workers to return pre-sorted data (Rushabh Lathia)

  • Increase parallel query usage in procedural language functions (Robert Haas, Rafia Sabih)

  • Add max_parallel_workers server parameter to limit the number of worker processes that can be used for query parallelism (Julien Rouhaud)

    This parameter can be set lower than max_worker_processes to reserve worker processes for purposes other than parallel queries.

  • Enable parallelism by default by changing the default setting of max_parallel_workers_per_gather to 2.

  • Add write-ahead logging support to hash indexes (Amit Kapila)

    This makes hash indexes crash-safe and replicatable. The former warning message about their use is removed.

  • Improve hash index performance (Amit Kapila, Mithun Cy, Ashutosh Sharma)

  • Add SP-GiST index support for INET and CIDR data types (Emre Hasegeli)

  • Add option to allow BRIN index summarization to happen more aggressively (Álvaro Herrera)

    A new CREATE INDEX option enables auto-summarization of the previous BRIN page range when a new page range is created.

  • Add functions to remove and re-add BRIN summarization for BRIN index ranges (Álvaro Herrera)

    The new SQL function brin_summarize_range() updates BRIN index summarization for a specified range and brin_desummarize_range() removes it. This is helpful to update summarization of a range that is now smaller due to UPDATEs and DELETEs.

  • Improve accuracy in determining if a BRIN index scan is beneficial (David Rowley, Emre Hasegeli)

  • Allow faster GiST inserts and updates by reusing index space more efficiently (Andrey Borodin)

  • Reduce page locking during vacuuming of GIN indexes (Andrey Borodin)

  • Reduce locking required to change table parameters (Simon Riggs, Fabrízio Mello)

    For example, changing a table's effective_io_concurrency setting can now be done with a more lightweight lock.

  • Allow tuning of predicate lock promotion thresholds (Dagfinn Ilmari Mannsåker)

    Lock promotion can now be controlled through two new server parameters, max_pred_locks_per_relation and max_pred_locks_per_page.

  • Add multi-column optimizer statistics to compute the correlation ratio and number of distinct values (Tomas Vondra, David Rowley, Álvaro Herrera)

    New commands are CREATE STATISTICS, ALTER STATISTICS, and DROP STATISTICS. This feature is helpful in estimating query memory usage and when combining the statistics from individual columns.

  • Improve performance of queries affected by row-level security restrictions (Tom Lane)

    The optimizer now has more knowledge about where it can place RLS filter conditions, allowing better plans to be generated while still enforcing the RLS conditions safely.

  • Speed up aggregate functions that calculate a running sum using numeric-type arithmetic, including some variants of SUM(), AVG(), and STDDEV() (Heikki Linnakangas)

  • Improve performance of character encoding conversions by using radix trees (Kyotaro Horiguchi, Heikki Linnakangas)

  • Reduce expression evaluation overhead during query execution, as well as plan node calling overhead (Andres Freund)

    This is particularly helpful for queries that process many rows.

  • Allow hashed aggregation to be used with grouping sets (Andrew Gierth)

  • Use uniqueness guarantees to optimize certain join types (David Rowley)

  • Improve sort performance of the macaddr data type (Brandur Leach)

  • Reduce statistics tracking overhead in sessions that reference many thousands of relations (Aleksander Alekseev)

  • Allow explicit control over EXPLAIN's display of planning and execution time (Ashutosh Bapat)

    By default planning and execution time are displayed by EXPLAIN ANALYZE and are not displayed in other cases. The new EXPLAIN option SUMMARY allows explicit control of this.

  • Add default monitoring roles (Dave Page)

    New roles pg_monitor, pg_read_all_settings, pg_read_all_stats, and pg_stat_scan_tables allow simplified permission configuration.

  • Properly update the statistics collector during REFRESH MATERIALIZED VIEW (Jim Mlodgenski)

  • Change the default value of log_line_prefix to include current timestamp (with milliseconds) and the process ID in each line of postmaster log output (Christoph Berg)

    The previous default was an empty prefix.

  • Add functions to return the log and WAL directory contents (Dave Page)

    The new functions are pg_ls_logdir() and pg_ls_waldir() and can be executed by non-superusers with the proper permissions.

  • Add function pg_current_logfile() to read logging collector's current stderr and csvlog output file names (Gilles Darold)

  • Report the address and port number of each listening socket in the server log during postmaster startup (Tom Lane)

    Also, when logging failure to bind a listening socket, include the specific address we attempted to bind to.

  • Reduce log chatter about the starting and stopping of launcher subprocesses (Tom Lane)

    These are now DEBUG1-level messages.

  • Reduce message verbosity of lower-numbered debug levels controlled by log_min_messages (Robert Haas)

    This also changes the verbosity of client_min_messages debug levels.

  • Add pg_stat_activity reporting of low-level wait states (Michael Paquier, Robert Haas, Rushabh Lathia)

    This change enables reporting of numerous low-level wait conditions, including latch waits, file reads/writes/fsyncs, client reads/writes, and synchronous replication.

  • Show auxiliary processes, background workers, and walsender processes in pg_stat_activity (Kuntal Ghosh, Michael Paquier)

    This simplifies monitoring. A new column backend_type identifies the process type.

  • Allow pg_stat_activity to show the SQL query being executed by parallel workers (Rafia Sabih)

  • Rename pg_stat_activity.wait_event_type values LWLockTranche and LWLockNamed to LWLock (Robert Haas)

    This makes the output more consistent.

  • Add SCRAM-SHA-256 support for password negotiation and storage (Michael Paquier, Heikki Linnakangas)

    This provides better security than the existing md5 negotiation and storage method.

  • Change the password_encryption server parameter from boolean to enum (Michael Paquier)

    This was necessary to support additional password hashing options.

  • Add view pg_hba_file_rules to display the contents of pg_hba.conf (Haribabu Kommi)

    This shows the file contents, not the currently active settings.

  • Support multiple RADIUS servers (Magnus Hagander)

    All the RADIUS related parameters are now plural and support a comma-separated list of servers.

  • Allow SSL configuration to be updated during configuration reload (Andreas Karlsson, Tom Lane)

    This allows SSL to be reconfigured without a server restart, by using pg_ctl reload, SELECT pg_reload_conf(), or sending a SIGHUP signal. However, reloading the SSL configuration does not work if the server's SSL key requires a passphrase, as there is no way to re-prompt for the passphrase. The original configuration will apply for the life of the postmaster in that case.

  • Make the maximum value of bgwriter_lru_maxpages effectively unlimited (Jim Nasby)

  • After creating or unlinking files, perform an fsync on their parent directory (Michael Paquier)

    This reduces the risk of data loss after a power failure.

  • Prevent unnecessary checkpoints and WAL archiving on otherwise-idle systems (Michael Paquier)

  • Add wal_consistency_checking server parameter to add details to WAL that can be sanity-checked on the standby (Kuntal Ghosh, Robert Haas)

    Any sanity-check failure generates a fatal error on the standby.

  • Increase the maximum configurable WAL segment size to one gigabyte (Beena Emerson)

    A larger WAL segment size allows for fewer archive_command invocations and fewer WAL files to manage.

  • Add the ability to logically replicate tables to standby servers (Petr Jelinek)

    Logical replication allows more flexibility than physical replication does, including replication between different major versions of PostgreSQL and selective replication.

  • Allow waiting for commit acknowledgment from standby servers irrespective of the order they appear in synchronous_standby_names (Masahiko Sawada)

    Previously the server always waited for the active standbys that appeared first in synchronous_standby_names. The new synchronous_standby_names keyword ANY allows waiting for any number of standbys irrespective of their ordering. This is known as quorum commit.

  • Reduce configuration changes necessary to perform streaming backup and replication (Magnus Hagander, Dang Minh Huong)

    Specifically, the defaults were changed for wal_level, max_wal_senders, max_replication_slots, and hot_standby to make them suitable for these usages out-of-the-box.

  • Enable replication from localhost connections by default in pg_hba.conf (Michael Paquier)

    Previously pg_hba.conf's replication connection lines were commented out by default. This is particularly useful for pg_basebackup.

  • Add columns to pg_stat_replication to report replication delay times (Thomas Munro)

    The new columns are write_lag, flush_lag, and replay_lag.

  • Allow specification of the recovery stopping point by Log Sequence Number (LSN) in recovery.conf (Michael Paquier)

    Previously the stopping point could only be selected by timestamp or XID.

  • Allow users to disable pg_stop_backup()'s waiting for all WAL to be archived (David Steele)

    An optional second argument to pg_stop_backup() controls that behavior.

  • Allow creation of temporary replication slots (Petr Jelinek)

    Temporary slots are automatically removed on session exit or error.

  • Improve performance of hot standby replay with better tracking of Access Exclusive locks (Simon Riggs, David Rowley)

  • Speed up two-phase commit recovery performance (Stas Kelvich, Nikhil Sontakke, Michael Paquier)

  • Add XMLTABLE function that converts XML-formatted data into a row set (Pavel Stehule, Álvaro Herrera)

  • Fix regular expressions' character class handling for large character codes, particularly Unicode characters above U+7FF (Tom Lane)

    Previously, such characters were never recognized as belonging to locale-dependent character classes such as [[:alpha:]].

  • Add table partitioning syntax that automatically creates partition constraints and handles routing of tuple insertions and updates (Amit Langote)

    The syntax supports range and list partitioning.

  • Add AFTER trigger transition tables to record changed rows (Kevin Grittner, Thomas Munro)

    Transition tables are accessible from triggers written in server-side languages.

  • Allow restrictive row-level security policies (Stephen Frost)

    Previously all security policies were permissive, meaning that any matching policy allowed access. A restrictive policy must match for access to be granted. These policy types can be combined.

  • When creating a foreign-key constraint, check for REFERENCES permission on only the referenced table (Tom Lane)

    Previously REFERENCES permission on the referencing table was also required. This appears to have stemmed from a misreading of the SQL standard. Since creating a foreign key (or any other type of) constraint requires ownership privilege on the constrained table, additionally requiring REFERENCES permission seems rather pointless.

  • Allow default permissions on schemas (Matheus Oliveira)

    This is done using the ALTER DEFAULT PRIVILEGES command.

  • Add CREATE SEQUENCE AS command to create a sequence matching an integer data type (Peter Eisentraut)

    This simplifies the creation of sequences matching the range of base columns.

  • Allow COPY view FROM source on views with INSTEAD INSERT triggers (Haribabu Kommi)

    The triggers are fed the data rows read by COPY.

  • Allow the specification of a function name without arguments in DDL commands, if it is unique (Peter Eisentraut)

    For example, allow DROP FUNCTION on a function name without arguments if there is only one function with that name. This behavior is required by the SQL standard.

  • Allow multiple functions, operators, and aggregates to be dropped with a single DROP command (Peter Eisentraut)

  • Support IF NOT EXISTS in CREATE SERVER, CREATE USER MAPPING, and CREATE COLLATION (Anastasia Lubennikova, Peter Eisentraut)

  • Make VACUUM VERBOSE report the number of skipped frozen pages and oldest xmin (Masahiko Sawada, Simon Riggs)

    This information is also included in log_autovacuum_min_duration output.

  • Improve speed of VACUUM's removal of trailing empty heap pages (Claudio Freire, Álvaro Herrera)

  • Add full text search support for JSON and JSONB (Dmitry Dolgov)

    The functions ts_headline() and to_tsvector() can now be used on these data types.

  • Add support for EUI-64 MAC addresses, as a new data type macaddr8 (Haribabu Kommi)

    This complements the existing support for EUI-48 MAC addresses (type macaddr).

  • Add identity columns for assigning a numeric value to columns on insert (Peter Eisentraut)

    These are similar to SERIAL columns, but are SQL standard compliant.

  • Allow ENUM values to be renamed (Dagfinn Ilmari Mannsåker)

    This uses the syntax ALTER TYPE ... RENAME VALUE.

  • Properly treat array pseudotypes (anyarray) as arrays in to_json() and to_jsonb() (Andrew Dunstan)

    Previously columns declared as anyarray (particularly those in the pg_stats view) were converted to JSON strings rather than arrays.

  • Add operators for multiplication and division of money values with int8 values (Peter Eisentraut)

    Previously such cases would result in converting the int8 values to float8 and then using the money-and-float8 operators. The new behavior avoids possible precision loss. But note that division of money by int8 now truncates the quotient, like other integer-division cases, while the previous behavior would have rounded.

  • Check for overflow in the money type's input function (Peter Eisentraut)

  • Add simplified regexp_match() function (Emre Hasegeli)

    This is similar to regexp_matches(), but it only returns results from the first match so it does not need to return a set, making it easier to use for simple cases.

  • Add a version of jsonb's delete operator that takes an array of keys to delete (Magnus Hagander)

  • Make json_populate_record() and related functions process JSON arrays and objects recursively (Nikita Glukhov)

    With this change, array-type fields in the destination SQL type are properly converted from JSON arrays, and composite-type fields are properly converted from JSON objects. Previously, such cases would fail because the text representation of the JSON value would be fed to array_in() or record_in(), and its syntax would not match what those input functions expect.

  • Add function txid_current_if_assigned() to return the current transaction ID or NULL if no transaction ID has been assigned (Craig Ringer)

    This is different from txid_current(), which always returns a transaction ID, assigning one if necessary. Unlike that function, this function can be run on standby servers.

  • Add function txid_status() to check if a transaction was committed (Craig Ringer)

    This is useful for checking after an abrupt disconnection whether your previous transaction committed and you just didn't receive the acknowledgment.

  • Allow make_date() to interpret negative years as BC years (Álvaro Herrera)

  • Make to_timestamp() and to_date() reject out-of-range input fields (Artur Zakirov)

    For example, previously to_date('2009-06-40','YYYY-MM-DD') was accepted and returned 2009-07-10. It will now generate an error.

  • Allow PL/Python's cursor() and execute() functions to be called as methods of their plan-object arguments (Peter Eisentraut)

    This allows a more object-oriented programming style.

  • Allow PL/pgSQL's GET DIAGNOSTICS statement to retrieve values into array elements (Tom Lane)

    Previously, a syntactic restriction prevented the target variable from being an array element.

  • Allow PL/Tcl functions to return composite types and sets (Karl Lehenbauer)

  • Add a subtransaction command to PL/Tcl (Victor Wagner)

    This allows PL/Tcl queries to fail without aborting the entire function.

  • Add server parameters pltcl.start_proc and pltclu.start_proc, to allow initialization functions to be called on PL/Tcl startup (Tom Lane)

  • Allow specification of multiple host names or addresses in libpq connection strings and URIs (Robert Haas, Heikki Linnakangas)

    libpq will connect to the first responsive server in the list.

  • Allow libpq connection strings and URIs to request a read/write host, that is a master server rather than a standby server (Victor Wagner, Mithun Cy)

    This is useful when multiple host names are specified. It is controlled by libpq connection parameter target_session_attrs.

  • Allow the password file name to be specified as a libpq connection parameter (Julian Markwort)

    Previously this could only be specified via an environment variable.

  • Add function PQencryptPasswordConn() to allow creation of more types of encrypted passwords on the client side (Michael Paquier, Heikki Linnakangas)

    Previously only MD5-encrypted passwords could be created using PQencryptPassword(). This new function can also create SCRAM-SHA-256-encrypted passwords.

  • Change ecpg preprocessor version from 4.12 to 10 (Tom Lane)

    Henceforth the ecpg version will match the PostgreSQL distribution version number.

  • Add conditional branch support to psql (Corey Huinker)

    This feature adds psql meta-commands \if, \elif, \else, and \endif. This is primarily helpful for scripting.

  • Add psql \gx meta-command to execute (\g) a query in expanded mode (\x) (Christoph Berg)

  • Expand psql variable references in backtick-executed strings (Tom Lane)

    This is particularly useful in the new psql conditional branch commands.

  • Prevent psql's special variables from being set to invalid values (Daniel Vérité, Tom Lane)

    Previously, setting one of psql's special variables to an invalid value silently resulted in the default behavior. \set on a special variable now fails if the proposed new value is invalid. As a special exception, \set with an empty or omitted new value, on a boolean-valued special variable, still has the effect of setting the variable to on; but now it actually acquires that value rather than an empty string. \unset on a special variable now explicitly sets the variable to its default value, which is also the value it acquires at startup. In sum, a control variable now always has a displayable value that reflects what psql is actually doing.

  • Add variables showing server version and psql version (Fabien Coelho)

  • Improve psql's \d (display relation) and \dD (display domain) commands to show collation, nullable, and default properties in separate columns (Peter Eisentraut)

    Previously they were shown in a single “Modifiers” column.

  • Make the various \d commands handle no-matching-object cases more consistently (Daniel Gustafsson)

    They now all print the message about that to stderr, not stdout, and the message wording is more consistent.

  • Improve psql's tab completion (Jeff Janes, Ian Barwick, Andreas Karlsson, Sehrope Sarkuni, Thomas Munro, Kevin Grittner, Dagfinn Ilmari Mannsåker)

  • Add pgbench option --log-prefix to control the log file prefix (Masahiko Sawada)

  • Allow pgbench's meta-commands to span multiple lines (Fabien Coelho)

    A meta-command can now be continued onto the next line by writing backslash-return.

  • Remove restriction on placement of -M option relative to other command line options (Tom Lane)

  • Add pg_receivewal option -Z/--compress to specify compression (Michael Paquier)

  • Add pg_recvlogical option --endpos to specify the ending position (Craig Ringer)

    This complements the existing --startpos option.

  • Rename initdb options --noclean and --nosync to be spelled --no-clean and --no-sync (Vik Fearing, Peter Eisentraut)

    The old spellings are still supported.

  • Allow pg_restore to exclude schemas (Michael Banck)

    This adds a new -N/--exclude-schema option.

  • Add --no-blobs option to pg_dump (Guillaume Lelarge)

    This suppresses dumping of large objects.

  • Add pg_dumpall option --no-role-passwords to omit role passwords (Robins Tharakan, Simon Riggs)

    This allows use of pg_dumpall by non-superusers; without this option, it fails due to inability to read passwords.

  • Support using synchronized snapshots when dumping from a standby server (Petr Jelinek)

  • Issue fsync() on the output files generated by pg_dump and pg_dumpall (Michael Paquier)

    This provides more security that the output is safely stored on disk before the program exits. This can be disabled with the new --no-sync option.

  • Allow pg_basebackup to stream write-ahead log in tar mode (Magnus Hagander)

    The WAL will be stored in a separate tar file from the base backup.

  • Make pg_basebackup use temporary replication slots (Magnus Hagander)

    Temporary replication slots will be used by default when pg_basebackup uses WAL streaming with default options.

  • Be more careful about fsync'ing in all required places in pg_basebackup and pg_receivewal (Michael Paquier)

  • Add pg_basebackup option --no-sync to disable fsync (Michael Paquier)

  • Improve pg_basebackup's handling of which directories to skip (David Steele)

  • Add wait option for pg_ctl's promote operation (Peter Eisentraut)

  • Add long options for pg_ctl wait (--wait) and no-wait (--no-wait) (Vik Fearing)

  • Add long option for pg_ctl server options (--options) (Peter Eisentraut)

  • Make pg_ctl start --wait detect server-ready by watching postmaster.pid, not by attempting connections (Tom Lane)

    The postmaster has been changed to report its ready-for-connections status in postmaster.pid, and pg_ctl now examines that file to detect whether startup is complete. This is more efficient and reliable than the old method, and it eliminates postmaster log entries about rejected connection attempts during startup.

  • Reduce pg_ctl's reaction time when waiting for postmaster start/stop (Tom Lane)

    pg_ctl now probes ten times per second when waiting for a postmaster state change, rather than once per second.

  • Ensure that pg_ctl exits with nonzero status if an operation being waited for does not complete within the timeout (Peter Eisentraut)

    The start and promote operations now return exit status 1, not 0, in such cases. The stop operation has always done that.

  • Change to two-part release version numbering (Peter Eisentraut, Tom Lane)

    Release numbers will now have two parts (e.g., 10.1) rather than three (e.g., 9.6.3). Major versions will now increase just the first number, and minor releases will increase just the second number. Release branches will be referred to by single numbers (e.g., 10 rather than 9.6). This change is intended to reduce user confusion about what is a major or minor release of PostgreSQL.

  • Improve behavior of pgindent (Piotr Stefaniak, Tom Lane)

    We have switched to a new version of pg_bsd_indent based on recent improvements made by the FreeBSD project. This fixes numerous small bugs that led to odd C code formatting decisions. Most notably, lines within parentheses (such as in a multi-line function call) are now uniformly indented to match the opening paren, even if that would result in code extending past the right margin.

  • Allow the ICU library to optionally be used for collation support (Peter Eisentraut)

    The ICU library has versioning that allows detection of collation changes between versions. It is enabled via configure option --with-icu. The default still uses the operating system's native collation library.

  • Automatically mark all PG_FUNCTION_INFO_V1 functions as DLLEXPORT-ed on Windows (Laurenz Albe)

    If third-party code is using extern function declarations, they should also add DLLEXPORT markers to those declarations.

  • Remove SPI functions SPI_push(), SPI_pop(), SPI_push_conditional(), SPI_pop_conditional(), and SPI_restore_connection() as unnecessary (Tom Lane)

    Their functionality now happens automatically. There are now no-op macros by these names so that external modules don't need to be updated immediately, but eventually such calls should be removed.

    A side effect of this change is that SPI_palloc() and allied functions now require an active SPI connection; they do not degenerate to simple palloc() if there is none. That previous behavior was not very useful and posed risks of unexpected memory leaks.

  • Allow shared memory to be dynamically allocated (Thomas Munro, Robert Haas)

  • Add slab-like memory allocator for efficient fixed-size allocations (Tomas Vondra)

  • Use POSIX semaphores rather than SysV semaphores on Linux and FreeBSD (Tom Lane)

    This avoids platform-specific limits on SysV semaphore usage.

  • Improve support for 64-bit atomics (Andres Freund)

  • Enable 64-bit atomic operations on ARM64 (Roman Shaposhnik)

  • Switch to using clock_gettime(), if available, for duration measurements (Tom Lane)

    gettimeofday() is still used if clock_gettime() is not available.

  • Add more robust random number generators to be used for cryptographically secure uses (Magnus Hagander, Michael Paquier, Heikki Linnakangas)

    If no strong random number generator can be found, configure will fail unless the --disable-strong-random option is used. However, with this option, pgcrypto functions requiring a strong random number generator will be disabled.

  • Allow WaitLatchOrSocket() to wait for socket connection on Windows (Andres Freund)

  • tupconvert.c functions no longer convert tuples just to embed a different composite-type OID in them (Ashutosh Bapat, Tom Lane)

    The majority of callers don't care about the composite-type OID; but if the result tuple is to be used as a composite Datum, steps should be taken to make sure the correct OID is inserted in it.

  • Remove SCO and Unixware ports (Tom Lane)

  • Overhaul documentation build process (Alexander Lakhin)

  • Use XSLT to build the PostgreSQL documentation (Peter Eisentraut)

    Previously Jade, DSSSL, and JadeTex were used.

  • Build HTML documentation using XSLT stylesheets by default (Peter Eisentraut)

  • Allow file_fdw to read from program output as well as files (Corey Huinker, Adam Gomaa)

  • In postgres_fdw, push aggregate functions to the remote server, when possible (Jeevan Chalke, Ashutosh Bapat)

    This reduces the amount of data that must be passed from the remote server, and offloads aggregate computation from the requesting server.

  • In postgres_fdw, push joins to the remote server in more cases (David Rowley, Ashutosh Bapat, Etsuro Fujita)

  • Properly support OID columns in postgres_fdw tables (Etsuro Fujita)

    Previously OID columns always returned zeros.

  • Allow btree_gist and btree_gin to index enum types (Andrew Dunstan)

    This allows enums to be used in exclusion constraints.

  • Add indexing support to btree_gist for the UUID data type (Paul Jungwirth)

  • Add amcheck which can check the validity of B-tree indexes (Peter Geoghegan)

  • Show ignored constants as $N rather than ? in pg_stat_statements (Lukas Fittl)

  • Improve cube's handling of zero-dimensional cubes (Tom Lane)

    This also improves handling of infinite and NaN values.

  • Allow pg_buffercache to run with fewer locks (Ivan Kartyshov)

    This makes it less disruptive when run on production systems.

  • Add pgstattuple function pgstathashindex() to view hash index statistics (Ashutosh Sharma)

  • Use GRANT permissions to control pgstattuple function usage (Stephen Frost)

    This allows DBAs to allow non-superusers to run these functions.

  • Reduce locking when pgstattuple examines hash indexes (Amit Kapila)

  • Add pageinspect function page_checksum() to show a page's checksum (Tomas Vondra)

  • Add pageinspect function bt_page_items() to print page items from a page image (Tomas Vondra)

  • Add hash index support to pageinspect (Jesper Pedersen, Ashutosh Sharma)

• ⇑ Upgrade to 10.1 released on 2017-11-09 - docs

  • Prevent logical replication from setting non-replicated columns to nulls when replicating an UPDATE (Petr Jelinek)

  • Fix logical replication to fire BEFORE ROW DELETE triggers when expected (Masahiko Sawada)

    Previously, that failed to happen unless the table also had a BEFORE ROW UPDATE trigger.

  • Ignore CTEs when looking up the target table for INSERT/UPDATE/DELETE, and prevent matching schema-qualified target table names to trigger transition table names (Thomas Munro)

    This restores the pre-v10 behavior for CTEs attached to DML commands.

  • Avoid evaluating an aggregate function's argument expression(s) at rows where its FILTER test fails (Tom Lane)

    This restores the pre-v10 (and SQL-standard) behavior.

  • Fix query-lifespan memory leakage while evaluating a set-returning function in a SELECT's target list (Tom Lane)

  • Allow parallel execution of prepared statements with generic plans (Amit Kapila, Kuntal Ghosh)

  • Fix crash in parallel execution of a bitmap scan having a BitmapAnd plan node below a BitmapOr node (Dilip Kumar)

  • Fix autovacuum's “work item” logic to prevent possible crashes and silent loss of work items (Álvaro Herrera)

  • Correctly ignore RelabelType expression nodes when examining functional-dependency statistics (David Rowley)

    This allows, e.g., extended statistics on varchar columns to be used properly.

  • Fix insufficient schema-qualification in some new queries in pg_dump and psql (Vitaly Burovoy, Tom Lane, Noah Misch)

  • Avoid use of @> operator in psql's queries for \d (Tom Lane)

    This prevents problems when the parray_gin extension is installed, since that defines a conflicting operator.

  • In the documentation, restore HTML anchors to being upper-case strings (Peter Eisentraut)

    Due to a toolchain change, the 10.0 user manual had lower-case strings for intrapage anchors, thus breaking some external links into our website documentation. Return to our previous convention of using upper-case strings.

• ⇑ Upgrade to 10.2 released on 2018-02-08 - docs

  • Fix processing of partition keys containing multiple expressions (Álvaro Herrera, David Rowley)

    This error led to crashes or, with carefully crafted input, disclosure of arbitrary backend memory. (CVE-2018-1052)

  • Fix failure to mark a hash index's metapage dirty after adding a new overflow page, potentially leading to index corruption (Lixian Zou, Amit Kapila)

  • Fix handling of list partitioning constraints for partition keys of boolean or array types (Amit Langote)

  • During VACUUM FULL, update the table's size fields in pg_class sooner (Amit Kapila)

    This prevents poor behavior when rebuilding hash indexes on the table, since those use the pg_class statistics to govern the initial hash size.

  • Fix UNION/INTERSECT/EXCEPT over zero columns (Tom Lane)

  • Disallow identity columns on typed tables and partitions (Michael Paquier)

    These cases will be treated as unsupported features for now.

  • Fix assorted failures to apply the correct default value when inserting into an identity column (Michael Paquier, Peter Eisentraut)

    In several contexts, notably COPY and ALTER TABLE ADD COLUMN, the expected default value was not applied and instead a null value was inserted.

  • Allow functional dependency statistics to be used for boolean columns (Tom Lane)

    Previously, although extended statistics could be declared and collected on boolean columns, the planner failed to apply them.

  • Avoid underestimating the number of groups emitted by subqueries containing set-returning functions in their grouping columns (Tom Lane)

    Cases similar to SELECT DISTINCT unnest(foo) got a lower output rowcount estimate in 10.0 than they did in earlier releases, possibly resulting in unfavorable plan choices. Restore the prior estimation behavior.

  • Fix use of triggers in logical replication workers (Petr Jelinek)

  • Fix race condition during replication origin drop that could allow the dropping process to wait indefinitely (Tom Lane)

  • Allow members of the pg_read_all_stats role to see walsender statistics in the pg_stat_replication view (Feike Steenbergen)

  • Show walsenders that are sending base backups as active in the pg_stat_activity view (Magnus Hagander)

  • Fix reporting of scram-sha-256 authentication method in the pg_hba_file_rules view (Michael Paquier)

    Previously this was printed as scram-sha256, possibly confusing users as to the correct spelling.

  • Allow a client that supports SCRAM channel binding (such as v11 or later libpq) to connect to a v10 server (Michael Paquier)

    v10 does not have this feature, and the connection-time negotiation about whether to use it was done incorrectly.

  • Avoid live-lock in ConditionVariableBroadcast() (Tom Lane, Thomas Munro)

    Given repeatedly-unlucky timing, a process attempting to awaken all waiters for a condition variable could loop indefinitely. Due to the limited usage of condition variables in v10, this affects only parallel index scans and some operations on replication slots.

  • Clean up waits for condition variables correctly during subtransaction abort (Robert Haas)

  • Ensure that child processes that are waiting for a condition variable will exit promptly if the postmaster process dies (Tom Lane)

  • Fix crashes in parallel queries using more than one Gather node (Thomas Munro)

  • Fix hang in parallel index scan when processing a deleted or half-dead index page (Amit Kapila)

  • Avoid crash if parallel bitmap heap scan is unable to allocate a shared memory segment (Robert Haas)

  • Avoid unnecessary failure when no parallel workers can be obtained during parallel query startup (Robert Haas)

  • Ensure that query strings passed to parallel workers are correctly null-terminated (Thomas Munro)

    This prevents emitting garbage in postmaster log output from such workers.

  • Avoid crash during an EvalPlanQual recheck of an indexscan that is the inner child of a merge join (Tom Lane)

    This could only happen during an update or SELECT FOR UPDATE of a join, when there is a concurrent update of some selected row.

  • Fix crash in autovacuum when extended statistics are defined for a table but can't be computed (Álvaro Herrera)

  • Prevent out-of-memory failures due to excessive growth of simple hash tables (Tomas Vondra, Andres Freund)

  • Fix incorrect output from contrib/pageinspect's hash_page_items() function (Masahiko Sawada)

  • In contrib/postgres_fdw, avoid planner failure when there are duplicate GROUP BY entries (Jeevan Chalke)

• ⇑ Upgrade to 10.3 released on 2018-03-01 - docs

  • Document how to configure installations and applications to guard against search-path-dependent trojan-horse attacks from other users (Noah Misch)

    Using a search_path setting that includes any schemas writable by a hostile user enables that user to capture control of queries and then run arbitrary SQL code with the permissions of the attacked user. While it is possible to write queries that are proof against such hijacking, it is notationally tedious, and it's very easy to overlook holes. Therefore, we now recommend configurations in which no untrusted schemas appear in one's search path. Relevant documentation appears in Section 5.8.6 (for database administrators and users), Section 33.1 (for application authors), Section 37.15.1 (for extension authors), and CREATE FUNCTION (for authors of SECURITY DEFINER functions). (CVE-2018-1058)

  • Prevent logical replication from trying to ship changes for unpublishable relations (Peter Eisentraut)

    A publication marked FOR ALL TABLES would incorrectly ship changes in materialized views and information_schema tables, which are supposed to be omitted from the change stream.

  • Fix incorrect pg_dump output for some non-default sequence limit values (Alexey Bashtanov)

  • Fix pg_dump's mishandling of STATISTICS objects (Tom Lane)

    An extended statistics object's schema was mislabeled in the dump's table of contents, possibly leading to the wrong results in a schema-selective restore. Its ownership was not correctly restored, either. Also, change the logic so that statistics objects are dumped/restored, or not, as independent objects rather than tying them to the dump/restore decision for the table they are on. The original definition could not scale to the planned future extension to cross-table statistics.

• ⇑ Upgrade to 10.4 released on 2018-05-10 - docs

  • Fix incorrect parallel-safety markings on a few built-in functions (Thomas Munro, Tom Lane)

    The functions brin_summarize_new_values, brin_summarize_range, brin_desummarize_range, gin_clean_pending_list, cursor_to_xml, cursor_to_xmlschema, ts_rewrite, ts_stat, binary_upgrade_create_empty_extension, and pg_import_system_collations should be marked parallel-unsafe; some because they perform database modifications directly, and others because they execute user-supplied queries that might do so. They were marked parallel-restricted instead, leading to a risk of unexpected query errors. This has been repaired for new installations by correcting the initial catalog data, but existing installations will continue to contain the incorrect markings. Practical use of these functions seems to pose little hazard unless force_parallel_mode is turned on. In case of trouble, it can be fixed by manually updating these functions' pg_proc entries, for example ALTER FUNCTION pg_catalog.brin_summarize_new_values(regclass) PARALLEL UNSAFE. (Note that that will need to be done in each database of the installation.) Another option is to pg_upgrade the database to a version containing the corrected initial data.

  • Correctly enforce any CHECK constraints on individual partitions during COPY to a partitioned table (Etsuro Fujita)

    Previously, only constraints declared for the partitioned table as a whole were checked.

  • Accept TRUE and FALSE as partition bound values (Amit Langote)

    Previously, only string-literal values were accepted for a boolean partitioning column. But then pg_dump would print such values as TRUE or FALSE, leading to dump/reload failures.

  • Fix memory management for partition key comparison functions (Álvaro Herrera, Amit Langote)

    This error could lead to crashes when using user-defined operator classes for partition keys.

  • Fix possible crash when a query inserts tuples in several partitions of a partitioned table, and those partitions don't have identical row types (Etsuro Fujita, Amit Langote)

  • Include extended-statistics objects in the set of table properties duplicated by CREATE TABLE ... LIKE ... INCLUDING ALL (David Rowley)

    Also add an INCLUDING STATISTICS option, to allow finer-grained control over whether this happens.

  • Fix CREATE TABLE ... LIKE with bigint identity columns (Peter Eisentraut)

    On platforms where long is 32 bits (which includes 64-bit Windows as well as most 32-bit machines), copied sequence parameters would be truncated to 32 bits.

  • Prevent planner crash when a query has multiple GROUPING SETS, none of which can be implemented by sorting (Andrew Gierth)

  • Fix executor crash due to double free in some GROUPING SETS usages (Peter Geoghegan)

  • Fix misexecution of self-joins on transition tables (Thomas Munro)

  • Handle pg_stat_activity information for auxiliary processes correctly (Edmund Horner)

    The application_name, client_hostname, and query fields might show incorrect data for such processes.

  • Fix logical replication to not assume that type OIDs match between the local and remote servers (Masahiko Sawada)

• ⇑ Upgrade to 10.5 released on 2018-08-09 - docs

  • Ensure that a snapshot is provided when executing data type input functions in logical replication subscribers (Minh-Quan Tran, Álvaro Herrera)

    This omission led to failures in some cases, such as domains with constraints using SQL-language functions.

  • Add subtransaction handling in logical-replication table synchronization workers (Amit Khandekar, Robert Haas)

    Previously, table synchronization could misbehave if any subtransactions were aborted after modifying a table being synchronized.

  • Pad arrays of unnamed POSIX semaphores to reduce cache line sharing (Thomas Munro)

    This reduces contention on many-CPU systems, fixing a performance regression (compared to previous releases) on Linux and FreeBSD.

  • Ensure that a process doing a parallel index scan will respond to signals (Amit Kapila)

    Previously, parallel workers could get stuck waiting for a lock on an index page, and not notice requests to abort the query.

  • Fix hash-join costing mistake introduced with inner_unique optimization (David Rowley)

    This could lead to bad plan choices in situations where that optimization was applicable.

  • Fix handling of partition keys whose data type uses a polymorphic btree operator class, such as arrays (Amit Langote, Álvaro Herrera)

  • Remove undocumented restriction against duplicate partition key columns (Yugo Nagata)

  • Disallow temporary tables from being partitions of non-temporary tables (Amit Langote, Michael Paquier)

    While previously allowed, this case didn't work reliably.

  • Fix SHOW ALL to show all settings to roles that are members of pg_read_all_settings, and also allow such roles to see source filename and line number in the pg_settings view (Laurenz Albe, Álvaro Herrera)

  • Fix failure to schema-qualify some object names in getObjectDescription and getObjectIdentity output (Kyotaro Horiguchi, Tom Lane)

    Names of collations, conversions, text search objects, publication relations, and extended statistics objects were not schema-qualified when they should be.

  • Allow replication slots to be dropped in single-user mode (Álvaro Herrera)

    This use-case was accidentally broken in release 10.0.

  • Fix incorrect results from variance(int4) and related aggregates when run in parallel aggregation mode (David Rowley)

  • Process TEXT and CDATA nodes correctly in xmltable() column expressions (Markus Winand)

  • Cope with possible failure of OpenSSL's RAND_bytes() function (Dean Rasheed, Michael Paquier)

    Under rare circumstances, this oversight could result in “could not generate random cancel key” failures that could only be resolved by restarting the postmaster.

  • Fix libpq's handling of some cases where hostaddr is specified (Hari Babu, Tom Lane, Robert Haas)

    PQhost() gave misleading or incorrect results in some cases. Now, it uniformly returns the host name if specified, or the host address if only that is specified, or the default host name (typically /tmp or localhost) if both parameters are omitted.

    Also, the wrong value might be compared to the server name when verifying an SSL certificate.

    Also, the wrong value might be compared to the host name field in ~/.pgpass. Now, that field is compared to the host name if specified, or the host address if only that is specified, or localhost if both parameters are omitted.

    Also, an incorrect error message was reported for an unparseable hostaddr value.

    Also, when the host, hostaddr, or port parameters contain comma-separated lists, libpq is now more careful to treat empty elements of a list as selecting the default behavior.

• ⇑ Upgrade to 11 released on 2018-10-18 - docs

  • Make pg_dump dump the properties of a database, not just its contents (Haribabu Kommi)

    Previously, attributes of the database itself, such as database-level GRANT/REVOKE permissions and ALTER DATABASE SET variable settings, were only dumped by pg_dumpall. Now pg_dump --create and pg_restore --create will restore these database properties in addition to the objects within the database. pg_dumpall -g now only dumps role- and tablespace-related attributes. pg_dumpall's complete output (without -g) is unchanged.

    pg_dump and pg_restore, without --create, no longer dump/restore database-level comments and security labels; those are now treated as properties of the database.

    pg_dumpall's output script will now always create databases with their original locale and encoding, and hence will fail if the locale or encoding name is unknown to the destination system. Previously, CREATE DATABASE would be emitted without these specifications if the database locale and encoding matched the old cluster's defaults.

    pg_dumpall --clean now restores the original locale and encoding settings of the postgres and template1 databases, as well as those of user-created databases.

  • Consider syntactic form when disambiguating function versus column references (Tom Lane)

    When x is a table name or composite column, PostgreSQL has traditionally considered the syntactic forms f(x) and x.f to be equivalent, allowing tricks such as writing a function and then using it as though it were a computed-on-demand column. However, if both interpretations are feasible, the column interpretation was always chosen, leading to surprising results if the user intended the function interpretation. Now, if there is ambiguity, the interpretation that matches the syntactic form is chosen.

  • Fully enforce uniqueness of table and domain constraint names (Tom Lane)

    PostgreSQL expects the names of a table's constraints to be distinct, and likewise for the names of a domain's constraints. However, there was not rigid enforcement of this, and previously there were corner cases where duplicate names could be created.

  • Make power(numeric, numeric) and power(float8, float8) handle NaN inputs according to the POSIX standard (Tom Lane, Dang Minh Huong)

    POSIX says that NaN ^ 0 = 1 and 1 ^ NaN = 1, but all other cases with NaN input(s) should return NaN. power(numeric, numeric) just returned NaN in all such cases; now it honors the two exceptions. power(float8, float8) followed the standard if the C library does; but on some old Unix platforms the library doesn't, and there were also problems on some versions of Windows.

  • Prevent to_number() from consuming characters when the template separator does not match (Oliver Ford)

    Specifically, SELECT to_number('1234', '9,999') used to return 134. It will now return 1234. L and TH now only consume characters that are not digits, positive/negative signs, decimal points, or commas.

  • Fix to_date(), to_number(), and to_timestamp() to skip a character for each template character (Tom Lane)

    Previously, they skipped one byte for each byte of template character, resulting in strange behavior if either string contained multibyte characters.

  • Adjust the handling of backslashes inside double-quotes in template strings for to_char(), to_number(), and to_timestamp().

    Such a backslash now escapes the character after it, particularly a double-quote or another backslash.

  • Correctly handle relative path expressions in xmltable(), xpath(), and other XML-handling functions (Markus Winand)

    Per the SQL standard, relative paths start from the document node of the XML input document, not the root node as these functions previously did.

  • In the extended query protocol, make statement_timeout apply to each Execute message separately, not to all commands before Sync (Tatsuo Ishii, Andres Freund)

  • Remove the relhaspkey column from system catalog pg_class (Peter Eisentraut)

    Applications needing to check for a primary key should consult pg_index.

  • Replace system catalog pg_proc's proisagg and proiswindow columns with prokind (Peter Eisentraut)

    This new column more clearly distinguishes functions, procedures, aggregates, and window functions.

  • Correct information schema column tables.table_type to return FOREIGN instead of FOREIGN TABLE (Peter Eisentraut)

    This new output matches the SQL standard.

  • Change the ps process display labels for background workers to match the pg_stat_activity.backend_type labels (Peter Eisentraut)

  • Cause large object permission checks to happen during large object open, lo_open(), not when a read or write is attempted (Tom Lane, Michael Paquier)

    If write access is requested and not available, an error will now be thrown even if the large object is never written to.

  • Prevent non-superusers from reindexing shared catalogs (Michael Paquier, Robert Haas)

    Previously, database owners were also allowed to do this, but now it is considered outside the bounds of their privileges.

  • Remove deprecated adminpack functions pg_file_read(), pg_file_length(), and pg_logfile_rotate() (Stephen Frost)

    Equivalent functionality is now present in the core backend. Existing adminpack installs will continue to have access to these functions until they are updated via ALTER EXTENSION ... UPDATE.

  • Honor the capitalization of double-quoted command options (Daniel Gustafsson)

    Previously, option names in certain SQL commands were forcibly lower-cased even if entered with double quotes; thus for example "FillFactor" would be accepted as an index storage option, though properly its name is lower-case. Such cases will now generate an error.

  • Remove server parameter replacement_sort_tuples (Peter Geoghegan)

    Replacement sorts were determined to be no longer useful.

  • Remove WITH clause in CREATE FUNCTION (Michael Paquier)

    PostgreSQL has long supported a more standard-compliant syntax for this capability.

  • In PL/pgSQL trigger functions, the OLD and NEW variables now read as NULL when not assigned (Tom Lane)

    Previously, references to these variables could be parsed but not executed.

  • Allow the creation of partitions based on hashing a key column (Amul Sul)

  • Support indexes on partitioned tables (Álvaro Herrera, Amit Langote)

    An “index” on a partitioned table is not a physical index across the whole partitioned table, but rather a template for automatically creating similar indexes on each partition of the table.

    If the partition key is part of the index's column set, a partitioned index may be declared UNIQUE. It will represent a valid uniqueness constraint across the whole partitioned table, even though each physical index only enforces uniqueness within its own partition.

    The new command ALTER INDEX ATTACH PARTITION causes an existing index on a partition to be associated with a matching index template for its partitioned table. This provides flexibility in setting up a new partitioned index for an existing partitioned table.

  • Allow foreign keys on partitioned tables (Álvaro Herrera)

  • Allow FOR EACH ROW triggers on partitioned tables (Álvaro Herrera)

    Creation of a trigger on a partitioned table automatically creates triggers on all existing and future partitions. This also allows deferred unique constraints on partitioned tables.

  • Allow partitioned tables to have a default partition (Jeevan Ladhe, Beena Emerson, Ashutosh Bapat, Rahila Syed, Robert Haas)

    The default partition will store rows that don't match any of the other defined partitions, and is searched accordingly.

  • UPDATE statements that change a partition key column now cause affected rows to be moved to the appropriate partitions (Amit Khandekar)

  • Allow INSERT, UPDATE, and COPY on partitioned tables to properly route rows to foreign partitions (Etsuro Fujita, Amit Langote)

    This is supported by postgres_fdw foreign tables. Since the ExecForeignInsert callback function is called for this in a different way than it used to be, foreign data wrappers must be modified to cope with this change.

  • Allow faster partition elimination during query processing (Amit Langote, David Rowley, Dilip Kumar)

    This speeds access to partitioned tables with many partitions.

  • Allow partition elimination during query execution (David Rowley, Beena Emerson)

    Previously, partition elimination only happened at planning time, meaning many joins and prepared queries could not use partition elimination.

  • In an equality join between partitioned tables, allow matching partitions to be joined directly (Ashutosh Bapat)

    This feature is disabled by default but can be enabled by changing enable_partitionwise_join.

  • Allow aggregate functions on partitioned tables to be evaluated separately for each partition, subsequently merging the results (Jeevan Chalke, Ashutosh Bapat, Robert Haas)

    This feature is disabled by default but can be enabled by changing enable_partitionwise_aggregate.

  • Allow postgres_fdw to push down aggregates to foreign tables that are partitions (Jeevan Chalke)

  • Allow parallel building of a btree index (Peter Geoghegan, Rushabh Lathia, Heikki Linnakangas)

  • Allow hash joins to be performed in parallel using a shared hash table (Thomas Munro)

  • Allow UNION to run each SELECT in parallel if the individual SELECTs cannot be parallelized (Amit Khandekar, Robert Haas, Amul Sul)

  • Allow partition scans to more efficiently use parallel workers (Amit Khandekar, Robert Haas, Amul Sul)

  • Allow LIMIT to be passed to parallel workers (Robert Haas, Tom Lane)

    This allows workers to reduce returned results and use targeted index scans.

  • Allow single-evaluation queries, e.g. WHERE clause aggregate queries, and functions in the target list to be parallelized (Amit Kapila, Robert Haas)

  • Add server parameter parallel_leader_participation to control whether the leader also executes subplans (Thomas Munro)

    The default is enabled, meaning the leader will execute subplans.

  • Allow parallelization of commands CREATE TABLE ... AS, SELECT INTO, and CREATE MATERIALIZED VIEW (Haribabu Kommi)

  • Improve performance of sequential scans with many parallel workers (David Rowley)

  • Add reporting of parallel workers' sort activity in EXPLAIN (Robert Haas, Tom Lane)

  • Allow B-tree indexes to include columns that are not part of the search key or unique constraint, but are available to be read by index-only scans (Anastasia Lubennikova, Alexander Korotkov, Teodor Sigaev)

    This is enabled by the new INCLUDE clause of CREATE INDEX. It facilitates building “covering indexes” that optimize specific types of queries. Columns can be included even if their data types don't have B-tree support.

  • Improve performance of monotonically increasing index additions (Pavan Deolasee, Peter Geoghegan)

  • Improve performance of hash index scans (Ashutosh Sharma)

  • Add predicate locking for hash, GiST and GIN indexes (Shubham Barai)

    This reduces the likelihood of serialization conflicts in serializable-mode transactions.

  • Add prefix-match operator text ^@ text, which is supported by SP-GiST (Ildus Kurbangaliev)

    This is similar to using var LIKE 'word%' with a btree index, but it is more efficient.

  • Allow polygons to be indexed with SP-GiST (Nikita Glukhov, Alexander Korotkov)

  • Allow SP-GiST to use lossy representation of leaf keys (Teodor Sigaev, Heikki Linnakangas, Alexander Korotkov, Nikita Glukhov)

  • Improve selection of the most common values for statistics (Jeff Janes, Dean Rasheed)

    Previously, the most common values (MCVs) were identified based on their frequency compared to all column values. Now, MCVs are chosen based on their frequency compared to the non-MCV values. This improves the robustness of the algorithm for both uniform and non-uniform distributions.

  • Improve selectivity estimates for >= and <= (Tom Lane)

    Previously, such cases used the same selectivity estimates as > and <, respectively, unless the comparison constants are MCVs. This change is particularly helpful for queries involving BETWEEN with small ranges.

  • Reduce var = var to var IS NOT NULL where equivalent (Tom Lane)

    This leads to better selectivity estimates.

  • Improve optimizer's row count estimates for EXISTS and NOT EXISTS queries (Tom Lane)

  • Make the optimizer account for evaluation costs and selectivity of HAVING clauses (Tom Lane)

  • Add Just-in-Time (JIT) compilation of some parts of query plans to improve execution speed (Andres Freund)

    This feature requires LLVM to be available. It is not currently enabled by default, even in builds that support it.

  • Allow bitmap scans to perform index-only scans when possible (Alexander Kuzmenkov)

  • Update the free space map during VACUUM (Claudio Freire)

    This allows free space to be reused more quickly.

  • Allow VACUUM to avoid unnecessary index scans (Masahiko Sawada, Alexander Korotkov)

  • Improve performance of committing multiple concurrent transactions (Amit Kapila)

  • Reduce memory usage for queries using set-returning functions in their target lists (Andres Freund)

  • Improve the speed of aggregate computations (Andres Freund)

  • Allow postgres_fdw to push UPDATEs and DELETEs using joins to foreign servers (Etsuro Fujita)

    Previously, only non-join UPDATEs and DELETEs were pushed.

  • Add support for large pages on Windows (Takayuki Tsunakawa, Thomas Munro)

    This is controlled by the huge_pages configuration parameter.

  • Show memory usage in output from log_statement_stats, log_parser_stats, log_planner_stats, and log_executor_stats (Justin Pryzby, Peter Eisentraut)

  • Add column pg_stat_activity.backend_type to show the type of a background worker (Peter Eisentraut)

    The type is also visible in ps output.

  • Make log_autovacuum_min_duration log skipped tables that are concurrently being dropped (Nathan Bossart)

  • Add information_schema columns related to table constraints and triggers (Peter Eisentraut)

    Specifically, triggers.action_order, triggers.action_reference_old_table, and triggers.action_reference_new_table are now populated, where before they were always null. Also, table_constraints.enforced now exists but is not yet usefully populated.

  • Allow the server to specify more complex LDAP specifications in search+bind mode (Thomas Munro)

    Specifically, ldapsearchfilter allows pattern matching using combinations of LDAP attributes.

  • Allow LDAP authentication to use encrypted LDAP (Thomas Munro)

    We already supported LDAP over TLS by using ldaptls=1. This new TLS LDAP method for encrypted LDAP is enabled with ldapscheme=ldaps or ldapurl=ldaps://.

  • Improve logging of LDAP errors (Thomas Munro)

  • Add default roles that enable file system access (Stephen Frost)

    Specifically, the new roles are: pg_read_server_files, pg_write_server_files, and pg_execute_server_program. These roles now also control who can use server-side COPY and the file_fdw extension. Previously, only superusers could use these functions, and that is still the default behavior.

  • Allow access to file system functions to be controlled by GRANT/REVOKE permissions, rather than superuser checks (Stephen Frost)

    Specifically, these functions were modified: pg_ls_dir(), pg_read_file(), pg_read_binary_file(), pg_stat_file().

  • Use GRANT/REVOKE to control access to lo_import() and lo_export() (Michael Paquier, Tom Lane)

    Previously, only superusers were granted access to these functions.

    The compile-time option ALLOW_DANGEROUS_LO_FUNCTIONS has been removed.

  • Use view owner not session owner when preventing non-password access to postgres_fdw tables (Robert Haas)

    PostgreSQL only allows superusers to access postgres_fdw tables without passwords, e.g. via peer. Previously, the session owner had to be a superuser to allow such access; now the view owner is checked instead.

  • Fix invalid locking permission check in SELECT FOR UPDATE on views (Tom Lane)

  • Add server setting ssl_passphrase_command to allow supplying of the passphrase for SSL key files (Peter Eisentraut)

    Also add ssl_passphrase_command_supports_reload to specify whether the SSL configuration should be reloaded and ssl_passphrase_command called during a server configuration reload.

  • Add storage parameter toast_tuple_target to control the minimum tuple length before TOAST storage will be considered (Simon Riggs)

    The default TOAST threshold has not been changed.

  • Allow server options related to memory and file sizes to be specified in units of bytes (Beena Emerson)

    The new unit suffix is “B”. This is in addition to the existing units “kB”, “MB”, “GB” and “TB”.

  • Allow the WAL file size to be set during initdb (Beena Emerson)

    Previously, the 16MB default could only be changed at compile time.

  • Retain WAL data for only a single checkpoint (Simon Riggs)

    Previously, WAL was retained for two checkpoints.

  • Fill the unused portion of force-switched WAL segment files with zeros for improved compressibility (Chapman Flack)

  • Replicate TRUNCATE activity when using logical replication (Simon Riggs, Marco Nenciarini, Peter Eisentraut)

  • Pass prepared transaction information to logical replication subscribers (Nikhil Sontakke, Stas Kelvich)

  • Exclude unlogged tables, temporary tables, and pg_internal.init files from streaming base backups (David Steele)

    There is no need to copy such files.

  • Allow checksums of heap pages to be verified during streaming base backup (Michael Banck)

  • Allow replication slots to be advanced programmatically, rather than be consumed by subscribers (Petr Jelinek)

    This allows efficient advancement of replication slots when the contents do not need to be consumed. This is performed by pg_replication_slot_advance().

  • Add timeline information to the backup_label file (Michael Paquier)

    Also add a check that the WAL timeline matches the backup_label file's timeline.

  • Add host and port connection information to the pg_stat_wal_receiver system view (Haribabu Kommi)

  • Allow ALTER TABLE to add a column with a non-null default without doing a table rewrite (Andrew Dunstan, Serge Rielau)

    This is enabled when the default value is a constant.

  • Allow views to be locked by locking the underlying tables (Yugo Nagata)

  • Allow ALTER INDEX to set statistics-gathering targets for expression indexes (Alexander Korotkov, Adrien Nayrat)

    In psql, \d+ now shows the statistics target for indexes.

  • Allow multiple tables to be specified in one VACUUM or ANALYZE command (Nathan Bossart)

    Also, if any table mentioned in VACUUM uses a column list, then the ANALYZE keyword must be supplied; previously, ANALYZE was implied in such cases.

  • Add parenthesized options syntax to ANALYZE (Nathan Bossart)

    This is similar to the syntax supported by VACUUM.

  • Add CREATE AGGREGATE option to specify the behavior of the aggregate's finalization function (Tom Lane)

    This is helpful for allowing user-defined aggregate functions to be optimized and to work as window functions.

  • Allow the creation of arrays of domains (Tom Lane)

    This also allows array_agg() to be used on domains.

  • Support domains over composite types (Tom Lane)

    Also allow PL/Perl, PL/Python, and PL/Tcl to handle composite-domain function arguments and results. Also improve PL/Python domain handling.

  • Add casts from JSONB scalars to numeric and boolean data types (Anastasia Lubennikova)

  • Add all window function framing options specified by SQL:2011 (Oliver Ford, Tom Lane)

    Specifically, allow RANGE mode to use PRECEDING and FOLLOWING to select rows having grouping values within plus or minus the specified offset. Add GROUPS mode to include plus or minus the number of peer groups. Frame exclusion syntax was also added.

  • Add SHA-2 family of hash functions (Peter Eisentraut)

    Specifically, sha224(), sha256(), sha384(), sha512() were added.

  • Add support for 64-bit non-cryptographic hash functions (Robert Haas, Amul Sul)

  • Allow to_char() and to_timestamp() to specify the time zone's offset from UTC in hours and minutes (Nikita Glukhov, Andrew Dunstan)

    This is done with format specifications TZH and TZM.

  • Add text search function websearch_to_tsquery() that supports a query syntax similar to that used by web search engines (Victor Drobny, Dmitry Ivanov)

  • Add functions json(b)_to_tsvector() to create a text search query for matching JSON/JSONB values (Dmitry Dolgov)

  • Add SQL-level procedures, which can start and commit their own transactions (Peter Eisentraut)

    They are created with the new CREATE PROCEDURE command and invoked via CALL.

    The new ALTER/DROP ROUTINE commands allow altering/dropping of all routine-like objects, including procedures, functions, and aggregates.

    Also, writing FUNCTION is now preferred over writing PROCEDURE in CREATE OPERATOR and CREATE TRIGGER, because the referenced object must be a function not a procedure. However, the old syntax is still accepted for compatibility.

  • Add transaction control to PL/pgSQL, PL/Perl, PL/Python, PL/Tcl, and SPI server-side languages (Peter Eisentraut)

    Transaction control is only available within top-transaction-level procedures and nested DO and CALL blocks that only contain other DO and CALL blocks.

  • Add the ability to define PL/pgSQL composite-type variables as not null, constant, or with initial values (Tom Lane)

  • Allow PL/pgSQL to handle changes to composite types (e.g. record, row) that happen between the first and later function executions in the same session (Tom Lane)

    Previously, such circumstances generated errors.

  • Add extension jsonb_plpython to transform JSONB to/from PL/Python types (Anthony Bykov)

  • Add extension jsonb_plperl to transform JSONB to/from PL/Perl types (Anthony Bykov)

  • Change libpq to disable compression by default (Peter Eisentraut)

    Compression is already disabled in modern OpenSSL versions, so that the libpq setting had no effect with such libraries.

  • Add DO CONTINUE option to ecpg's WHENEVER statement (Vinayak Pokale)

    This generates a C continue statement, causing a return to the top of the contained loop when the specified condition occurs.

  • Add an ecpg mode to enable Oracle Pro*C-style handling of char arrays.

    This mode is enabled with -C.

  • Add psql command \gdesc to display the names and types of the columns in a query result (Pavel Stehule)

  • Add psql variables to report query activity and errors (Fabien Coelho)

    Specifically, the new variables are ERROR, SQLSTATE, ROW_COUNT, LAST_ERROR_MESSAGE, and LAST_ERROR_SQLSTATE.

  • Allow psql to test for the existence of a variable (Fabien Coelho)

    Specifically, the syntax :{?variable_name} allows a variable's existence to be tested in an \if statement.

  • Allow environment variable PSQL_PAGER to control psql's pager (Pavel Stehule)

    This allows psql's default pager to be specified as a separate environment variable from the pager for other applications. PAGER is still honored if PSQL_PAGER is not set.

  • Make psql's \d+ command always show the table's partitioning information (Amit Langote, Ashutosh Bapat)

    Previously, partition information would not be displayed for a partitioned table if it had no partitions. Also indicate which partitions are themselves partitioned.

  • Ensure that psql reports the proper user name when prompting for a password (Tom Lane)

    Previously, combinations of -U and a user name embedded in a URI caused incorrect reporting. Also suppress the user name before the password prompt when --password is specified.

  • Allow quit and exit to exit psql when given with no prior input (Bruce Momjian)

    Also print hints about how to exit when quit and exit are used alone on a line while the input buffer is not empty. Add a similar hint for help.

  • Make psql hint at using control-D when \q is entered alone on a line but ignored (Bruce Momjian)

    For example, \q does not exit when supplied in character strings.

  • Improve tab completion for ALTER INDEX RESET/SET (Masahiko Sawada)

  • Add infrastructure to allow psql to adapt its tab completion queries based on the server version (Tom Lane)

    Previously, tab completion queries could fail against older servers.

  • Add pgbench expression support for NULLs, booleans, and some functions and operators (Fabien Coelho)

  • Add \if conditional support to pgbench (Fabien Coelho)

  • Allow the use of non-ASCII characters in pgbench variable names (Fabien Coelho)

  • Add pgbench option --init-steps to control the initialization steps performed (Masahiko Sawada)

  • Add an approximately Zipfian-distributed random generator to pgbench (Alik Khilazhev)

  • Allow the random seed to be set in pgbench (Fabien Coelho)

  • Allow pgbench to do exponentiation with pow() and power() (Raúl Marín Rodríguez)

  • Add hashing functions to pgbench (Ildar Musin)

  • Make pgbench statistics more accurate when using --latency-limit and --rate (Fabien Coelho)

  • Add an option to pg_basebackup that creates a named replication slot (Michael Banck)

    The option --create-slot creates the named replication slot (--slot) when the WAL streaming method (--wal-method=stream) is used.

  • Allow initdb to set group read access to the data directory (David Steele)

    This is accomplished with the new initdb option --allow-group-access. Administrators can also set group permissions on the empty data directory before running initdb. Server variable data_directory_mode allows reading of data directory group permissions.

  • Add pg_verify_checksums tool to verify database checksums while offline (Magnus Hagander)

  • Allow pg_resetwal to change the WAL segment size via --wal-segsize (Nathan Bossart)

  • Add long options to pg_resetwal and pg_controldata (Nathan Bossart, Peter Eisentraut)

  • Add pg_receivewal option --no-sync to prevent synchronous WAL writes, for testing (Michael Paquier)

  • Add pg_receivewal option --endpos to specify when WAL receiving should stop (Michael Paquier)

  • Allow pg_ctl to send the SIGKILL signal to processes (Andres Freund)

    This was previously unsupported due to concerns over possible misuse.

  • Reduce the number of files copied by pg_rewind (Michael Paquier)

  • Prevent pg_rewind from running as root (Michael Paquier)

  • Add pg_dumpall option --encoding to control output encoding (Michael Paquier)

    pg_dump already had this option.

  • Add pg_dump option --load-via-partition-root to force loading of data into the partition's root table, rather than the original partition (Rushabh Lathia)

    This is useful if the system to be loaded to has different collation definitions or endianness, possibly requiring rows to be stored in different partitions than previously.

  • Add an option to suppress dumping and restoring database object comments (Robins Tharakan)

    The new pg_dump, pg_dumpall, and pg_restore option is --no-comments.

  • Add PGXS support for installing include files (Andrew Gierth)

    This supports creating extension modules that depend on other modules. Formerly there was no easy way for the dependent module to find the referenced one's include files. Several existing contrib modules that define data types have been adjusted to install relevant files. Also, PL/Perl and PL/Python now install their include files, to support creation of transform modules for those languages.

  • Install errcodes.txt to allow extensions to access the list of error codes known to PostgreSQL (Thomas Munro)

  • Convert documentation to DocBook XML (Peter Eisentraut, Alexander Lakhin, Jürgen Purtz)

    The file names still use an sgml extension for compatibility with back branches.

  • Use stdbool.h to define type bool on platforms where it's suitable, which is most (Peter Eisentraut)

    This eliminates a coding hazard for extension modules that need to include stdbool.h.

  • Overhaul the way that initial system catalog contents are defined (John Naylor)

    The initial data is now represented in Perl data structures, making it much easier to manipulate mechanically.

  • Prevent extensions from creating custom server parameters that take a quoted list of values (Tom Lane)

    This cannot be supported at present because knowledge of the parameter's property would be required even before the extension is loaded.

  • Add ability to use channel binding when using SCRAM authentication (Michael Paquier)

    Channel binding is intended to prevent man-in-the-middle attacks, but SCRAM cannot prevent them unless it can be forced to be active. Unfortunately, there is no way to do that in libpq. Support for it is expected in future versions of libpq and in interfaces not built using libpq, e.g. JDBC.

  • Allow background workers to attach to databases that normally disallow connections (Magnus Hagander)

  • Add support for hardware CRC calculations on ARMv8 (Yuqi Gu, Heikki Linnakangas, Thomas Munro)

  • Speed up lookups of built-in functions by OID (Andres Freund)

    The previous binary search has been replaced by a lookup array.

  • Speed up construction of query results (Andres Freund)

  • Improve speed of access to system caches (Andres Freund)

  • Add a generational memory allocator which is optimized for serial allocation/deallocation (Tomas Vondra)

    This reduces memory usage for logical decoding.

  • Make the computation of pg_class.reltuples by VACUUM consistent with its computation by ANALYZE (Tomas Vondra)

  • Update to use perltidy version 20170521 (Tom Lane, Peter Eisentraut)

  • Allow extension pg_prewarm to restore the previous shared buffer contents on startup (Mithun Cy, Robert Haas)

    This is accomplished by having pg_prewarm store the shared buffers' relation and block number data to disk occasionally during server operation, and at shutdown.

  • Add pg_trgm function strict_word_similarity() to compute the similarity of whole words (Alexander Korotkov)

    The function word_similarity() already existed for this purpose, but it was designed to find similar parts of words, while strict_word_similarity() computes the similarity to whole words.

  • Allow btree_gin to index bool, bpchar, name and uuid data types (Matheus Oliveira)

  • Allow cube and seg extensions to perform index-only scans using GiST indexes (Andrey Borodin)

  • Allow retrieval of negative cube coordinates using the ~> operator (Alexander Korotkov)

    This is useful for KNN-GiST searches when looking for coordinates in descending order.

  • Add Vietnamese letter handling to the unaccent extension (Dang Minh Huong, Michael Paquier)

  • Enhance amcheck to check that each heap tuple has an index entry (Peter Geoghegan)

  • Have adminpack use the new default file system access roles (Stephen Frost)

    Previously, only superusers could call adminpack functions; now role permissions are checked.

  • Widen pg_stat_statement's query ID to 64 bits (Robert Haas)

    This greatly reduces the chance of query ID hash collisions. The query ID can now potentially display as a negative value.

  • Remove the contrib/start-scripts/osx scripts since they are no longer recommended (use contrib/start-scripts/macos instead) (Tom Lane)

  • Remove the chkpass extension (Peter Eisentraut)

    This extension is no longer considered to be a usable security tool or example of how to write an extension.

• ⇑ Upgrade to 11.1 released on 2018-11-08 - docs

  • Ensure proper quoting of transition table names when pg_dump emits CREATE TRIGGER ... REFERENCING commands (Tom Lane)

    This oversight could be exploited by an unprivileged user to gain superuser privileges during the next dump/reload or pg_upgrade run. (CVE-2018-16850)

  • Apply the tablespace specified for a partitioned index when creating a child index (Álvaro Herrera)

    Previously, child indexes were always created in the default tablespace.

  • Fix NULL handling in parallel hashed multi-batch left joins (Andrew Gierth, Thomas Munro)

    Outer-relation rows with null values of the hash key were omitted from the join result.

  • Fix incorrect processing of an array-type coercion expression appearing within a CASE clause that has a constant test expression (Tom Lane)

  • Fix incorrect expansion of tuples lacking recently-added columns (Andrew Dunstan, Amit Langote)

    This is known to lead to crashes in triggers on tables with recently-added columns, and could have other symptoms as well.

  • Fix bugs with named or defaulted arguments in CALL argument lists (Tom Lane, Pavel Stehule)

  • Fix strictness check for strict aggregates with ORDER BY columns (Andrew Gierth, Andres Freund)

    The strictness logic incorrectly ignored rows for which the ORDER BY value(s) were null.

  • Disable recheck_on_update optimization (Tom Lane)

    This new-in-v11 feature turns out not to have been ready for prime time. Disable it until something can be done about it.

  • Prevent creation of a partition in a trigger attached to its parent table (Amit Langote)

    Ideally we'd allow that, but for the moment it has to be blocked to avoid crashes.

  • Fix problems with applying ON COMMIT DELETE ROWS to a partitioned temporary table (Amit Langote)

  • Fix pg_verify_checksums's determination of which files to check the checksums of (Michael Paquier)

    In some cases it complained about files that are not expected to have checksums.

  • In contrib/pg_stat_statements, disallow the pg_read_all_stats role from executing pg_stat_statements_reset() (Haribabu Kommi)

    pg_read_all_stats is only meant to grant permission to read statistics, not to change them, so this grant was incorrect.

    To cause this change to take effect, run ALTER EXTENSION pg_stat_statements UPDATE in each database where pg_stat_statements has been installed. (A database freshly created in 11.0 should not need this, but a database upgraded from a previous release probably still contains the old version of pg_stat_statements. The UPDATE command is harmless if the module was already updated.)

  • Rename red-black tree support functions to use rbt prefix not rb prefix (Tom Lane)

    This avoids name collisions with Ruby functions, which broke PL/Ruby. It's hoped that there are no other affected extensions.

• ⇑ Upgrade to 11.2 released on 2019-02-14 - docs

  • Fix handling of unique indexes with INCLUDE columns on partitioned tables (Álvaro Herrera)

    The uniqueness condition was not checked properly in such cases.

  • Ensure that NOT NULL constraints of a partitioned table are honored within its partitions (Álvaro Herrera, Amit Langote)

  • Update catalog state correctly for partition table constraints when detaching their partition (Amit Langote, Álvaro Herrera)

    Previously, the pg_constraint.conislocal field for such a constraint might improperly be left as false, rendering it undroppable. A dump/restore or pg_upgrade would cure the problem, but if necessary, the catalog field can be adjusted manually.

  • Create or delete foreign key enforcement triggers correctly when attaching or detaching a partition in a partitioned table that has a foreign-key constraint (Amit Langote, Álvaro Herrera)

  • Avoid useless creation of duplicate foreign key constraints in partitioned tables (Álvaro Herrera)

  • When an index is created on a partitioned table using ONLY, and there are no partitions yet, mark it valid immediately (Álvaro Herrera)

    Otherwise there is no way to make it become valid.

  • Use a safe table lock level when detaching a partition (Álvaro Herrera)

    The previous locking level was too weak and might allow concurrent DDL on the table, with bad results.

  • Fix problems with applying ON COMMIT DROP and ON COMMIT DELETE ROWS to partitioned tables and tables with inheritance children (Michael Paquier)

  • Disallow COPY FREEZE on partitioned tables (David Rowley)

    This should eventually be made to work, but it may require a patch that's too complicated to risk back-patching.

  • Fix possible index corruption when the indexed column has a “fast default” (that is, it was added by ALTER TABLE ADD COLUMN with a constant non-NULL default value specified, after the table already contained some rows) (Andres Freund)

  • Correctly adjust “fast default” values during ALTER TABLE ... ALTER COLUMN TYPE (Andrew Dunstan)

  • Avoid deadlock between GIN vacuuming and concurrent index insertions (Alexander Korotkov, Andrey Borodin, Peter Geoghegan)

    This change partially reverts a performance improvement, introduced in version 10.0, that attempted to reduce the number of index pages locked during deletion of a GIN posting tree page. That's now been found to lead to deadlocks, so we've removed it pending closer analysis.

  • Prevent incorrect use of WAL-skipping optimization during COPY to a view or foreign table (Amit Langote, Michael Paquier)

  • Fix crash when zero rows are fed to json[b]_populate_recordset() or json[b]_to_recordset() (Tom Lane)

  • Fix incorrect JIT tuple deforming code for tables with many columns (more than approximately 800) (Andres Freund)

  • Fix performance and memory leakage issues in hash-based grouping (Andres Freund)

  • Fix parsing of collation-sensitive expressions in the arguments of a CALL statement (Peter Eisentraut)

  • Ensure proper cleanup after detecting an error in the argument list of a CALL statement (Tom Lane)

  • Fix planner failure when the first column of a row comparison matches an index column, but later column(s) do not, and the index has included (non-key) columns (Tom Lane)

  • Improve planning speed for large inheritance or partitioning table groups (Amit Langote, Etsuro Fujita)

  • Prevent use of a session's temporary schema within a two-phase transaction (Michael Paquier)

    Accessing a temporary table within such a transaction has been forbidden for a long time, but it was still possible to cause problems with other operations on temporary objects.

  • Fix parsing of space-separated lists of host names in the ldapserver parameter of LDAP authentication entries in pg_hba.conf (Thomas Munro)

  • Make pgbench's random number generation fully deterministic and platform-independent when --random-seed=N is specified (Fabien Coelho, Tom Lane)

    On any specific platform, the sequence obtained with a particular value of N will probably be different from what it was before this patch.

  • Fix pg_basebackup and pg_verify_checksums to ignore temporary files appropriately (Michael Banck, Michael Paquier)

  • Make pg_dump include ALTER INDEX SET STATISTICS commands (Michael Paquier)

    When the ability to attach statistics targets to index expressions was added, we forgot to teach pg_dump about it, so that such settings were lost in dump/reload.

  • Fix pg_dump's dumping of tables that have OIDs (Peter Eisentraut)

    The WITH OIDS clause was omitted if it needed to be applied to the first table to be dumped.

  • Prevent false index-corruption reports from contrib/amcheck caused by inline-compressed data (Peter Geoghegan)

  • Properly disregard SIGPIPE errors if COPY FROM PROGRAM stops reading the program's output early (Tom Lane)

    This case isn't actually reachable directly with COPY, but it can happen when using contrib/file_fdw.

  • In configure, look for python3 and then python2 if python isn't found (Peter Eisentraut)

    This allows PL/Python to be configured without explicitly specifying PYTHON on platforms that no longer provide an unversioned python executable.

  • Include JIT-related headers in the installed set of header files (Donald Dong)

• ⇑ Upgrade to 11.3 released on 2019-05-09 - docs

  • Avoid access to already-freed memory during partition routing error reports (Michael Paquier)

    This mistake could lead to a crash, and in principle it might be possible to use it to disclose server memory contents. (CVE-2019-10129)

  • Avoid catalog corruption when an ALTER TABLE on a partitioned table finds that a partitioned index is reusable (Amit Langote, Tom Lane)

    This occurs, for example, when ALTER COLUMN TYPE finds that no physical table rewrite is required.

  • Avoid catalog corruption when a temporary table with ON COMMIT DROP and an identity column is created in a single-statement transaction (Peter Eisentraut)

    This hazard was overlooked because the case is not actually useful, since the temporary table would be dropped immediately after creation.

  • Fix failure in ALTER INDEX ... ATTACH PARTITION if the partitioned table contains more dropped columns than its partition does (Álvaro Herrera)

  • Fix failure to attach a partition's existing index to a newly-created partitioned index in some cases (Amit Langote, Álvaro Herrera)

    This would lead to errors such as “index ... not found in partition” in subsequent DDL that uses the partitioned index.

  • Avoid crash when an EPQ recheck is performed for a partitioned query result relation (Amit Langote)

    This occurs when using READ COMMITTED isolation level and another session has concurrently updated some of the target row(s).

  • Fix tuple routing in multi-level partitioned tables that have dropped attributes (Amit Langote, Michael Paquier)

  • Fix failure when the slow path of foreign key constraint initial validation is applied to partitioned tables (Hadi Moshayedi, Tom Lane, Andres Freund)

    This didn't manifest except in the uncommon cases where the fast path can't be used (such as permissions problems).

  • When accessing a partition directly, and constraint_exclusion is set to on, use the partition's partition constraint as well as any CHECK constraints for exclusion checking (Amit Langote, Tom Lane)

    This change restores the behavior to what it was in v10.

  • Avoid server crash when an error occurs while trying to persist a cursor query across a transaction commit (Tom Lane)

    If a procedure attempts to commit while it has an open explicit or implicit cursor (for example, a PL/pgSQL FOR-loop query), the cursor must be executed to completion and its results saved before the transaction commit can be performed. An error occurring during such execution led to a crash.

  • Avoid throwing incorrect errors for updates of temporary tables and unlogged tables when a FOR ALL TABLES publication exists (Peter Eisentraut)

    Such tables should be ignored for publication purposes, but some parts of the code failed to do so.

  • Avoid possible division-by-zero in btree index vacuum logic (Piotr Stefaniak, Alexander Korotkov)

    This could lead to incorrect decisions about whether index cleanup is needed.

  • Fix possible crash while executing a SHOW command in a replication connection (Michael Paquier)

  • Avoid server memory leak when fetching rows from a portal one at a time (Tom Lane)

  • Avoid memory leak when a partition's relation cache entry is rebuilt (Amit Langote, Tom Lane)

  • Report correct relation name in autovacuum's pg_stat_activity display during BRIN summarize operations (Álvaro Herrera)

  • Avoid crash when trying to plan a partition-wise join when GEQO is active (Tom Lane)

  • Fix misplanning of queries in which a set-returning function is applied to a relation that is provably empty (Tom Lane, Julien Rouhaud)

    In v10, this oversight only led to slightly inefficient plans, but in v11 it could cause “set-valued function called in context that cannot accept a set” errors.

  • Fix planner's parallel-safety assessment for grouped queries (Etsuro Fujita)

    Previously, target-list evaluation work that could have been parallelized might not be.

  • Fix mishandling of “included” index columns in planner's unique-index logic (Tom Lane)

    This could result in failing to recognize that a unique index with included columns proves uniqueness of a query result, leading to a poor plan.

  • Fix incorrect strictness check for array coercion expressions (Tom Lane)

    This might allow, for example, incorrect inlining of a strict SQL function, leading to non-enforcement of the strictness condition.

  • Fix corner-case server crashes in dynamic shared memory allocation (Thomas Munro, Robert Haas)

  • Fix possible “could not access status of transaction” failures in txid_status() (Thomas Munro)

  • Fix authentication failure when attempting to use SCRAM authentication with mixed OpenSSL library versions (Michael Paquier, Peter Eisentraut)

    If libpq is using OpenSSL 1.0.1 or older while the server is using OpenSSL 1.0.2 or newer, the negotiation of which SASL mechanism to use went wrong, leading to a confusing “channel binding not supported by this build” error message.

  • Create the current_logfiles file with the same permissions as other files in the server's data directory (Haribabu Kommi)

    Previously it used the permissions specified by log_file_mode, but that can cause problems for backup utilities.

  • Fix pg_rewind failures due to failure to remove some transient files in the target data directory (Michael Paquier)

  • Make pg_verify_checksums verify that the data directory it's pointed at is of the right PostgreSQL version (Michael Paquier)

  • Avoid crash in contrib/postgres_fdw when a query using remote grouping or aggregation has a SELECT-list item that is an uncorrelated sub-select, outer reference, or parameter symbol (Tom Lane)

  • Change contrib/postgres_fdw to report an error when a remote partition chosen to insert a routed row into is also an UPDATE subplan target that will be updated later in the same command (Amit Langote, Etsuro Fujita)

    Previously, such situations led to server crashes or incorrect results of the UPDATE. Allowing such cases to work correctly is a matter for future work.

  • In contrib/pg_prewarm, avoid indefinitely respawning background worker processes if prewarming fails for some reason (Mithun Cy)

• ⇑ Upgrade to 11.4 released on 2019-06-20 - docs

  • Fix buffer-overflow hazards in SCRAM verifier parsing (Jonathan Katz, Heikki Linnakangas, Michael Paquier)

    Any authenticated user could cause a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could suffice for executing arbitrary code as the PostgreSQL operating system account.

    A similar overflow hazard existed in libpq, which could allow a rogue server to crash a client or perhaps execute arbitrary code as the client's operating system account.

    The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. (CVE-2019-10164)

  • Fix assorted errors in run-time partition pruning logic (Tom Lane, Amit Langote, David Rowley)

    These mistakes could lead to wrong answers in queries on partitioned tables, if the comparison value used for pruning is dynamically determined, or if multiple range-partitioned columns are involved in pruning decisions, or if stable (not immutable) comparison operators are involved.

  • Fix possible crash while trying to copy trigger definitions to a new partition (Tom Lane)

  • Prevent possible memory clobber when there are duplicate columns in a hash aggregate's hash key list (Andrew Gierth)

  • Fix incorrect argument null-ness checking during partial aggregation of aggregates with zero or multiple arguments (David Rowley, Kyotaro Horiguchi, Andres Freund)

  • Fix conversion of JSON string literals to JSON-type output columns in json_to_record() and json_populate_record() (Tom Lane)

    Such cases should produce the literal as a standalone JSON value, but the code misbehaved if the literal contained any characters requiring escaping.

  • Avoid writing an invalid empty btree index page in the unlikely case that a failure occurs while processing INCLUDEd columns during a page split (Peter Geoghegan)

    The invalid page would not affect normal index operations, but it might cause failures in subsequent VACUUMs. If that has happened to one of your indexes, recover by reindexing the index.

  • Fix unsafe coding in walreceiver's signal handler (Tom Lane)

    This avoids rare problems in which the walreceiver process would crash or deadlock when commanded to shut down.

  • Make pg_dump recreate table partitions using CREATE TABLE then ATTACH PARTITION, rather than including PARTITION OF in the creation command (Álvaro Herrera, David Rowley)

    This avoids problems with the partition's column order possibly being changed to match the parent's. Also, a partition is now restorable from the dump (as a standalone table) even if its parent table isn't restored; the ATTACH will fail, but that can just be ignored.

• ⇑ Upgrade to 11.5 released on 2019-08-08 - docs

  • Fix execution of hashed subplans that require cross-type comparison (Tom Lane, Andreas Seltenreich)

    Hashed subplans used the outer query's original comparison operator to compare entries of the hash table. This is the wrong thing if that operator is cross-type, since all the hash table entries will be of the subquery's output type. For the set of hashable cross-type operators in core PostgreSQL, this mistake seems nearly harmless on 64-bit machines, but it can result in crashes or perhaps unauthorized disclosure of server memory on 32-bit machines. Extensions might provide hashable cross-type operators that create larger risks. (CVE-2019-10209)

  • Prevent dropping a partitioned table's trigger if there are pending trigger events in child partitions (Álvaro Herrera)

    This notably applies to foreign key constraints, since those are implemented by triggers.

  • Include user-specified trigger arguments when copying a trigger definition from a partitioned table to one of its partitions (Patrick McHardy)

  • Install dependencies to prevent dropping partition key columns (Tom Lane)

    ALTER TABLE ... DROP COLUMN will refuse to drop a column that is a partition key column. However, indirect drops (such as a cascade from dropping a key column's data type) had no such check, allowing the deletion of a key column. This resulted in a badly broken partitioned table that could neither be accessed nor dropped.

    This fix adds pg_depend entries that enforce that the whole partitioned table, not just the key column, will be dropped if a cascaded drop forces removal of the key column. However, such entries will only be created when a partitioned table is created; so this fix does not remove the risk for pre-existing partitioned tables. The issue can only arise for partition key columns of non-built-in data types, so it seems not to be a hazard for most users.

  • Ensure that column numbers are correctly mapped between a partitioned table and its default partition (Amit Langote)

    Some operations misbehaved if the mapping wasn't exactly one-to-one, for example if there were dropped columns in one table and not the other.

  • Ignore partitions that are foreign tables when creating indexes on partitioned tables (Álvaro Herrera)

    Previously an error was thrown on encountering a foreign-table partition, but that's unhelpful and doesn't protect against any actual problem.

  • Prune a partitioned table's default partition (that is, avoid uselessly scanning it) in more cases (Yuzuko Hosoya)

  • Fix possible failure to prune partitions when there are multiple partition key columns of boolean type (David Rowley)

  • Avoid incorrect use of parallel hash join for semi-join queries (Thomas Munro)

    This error resulted in duplicate result rows from some EXISTS queries.

  • Fix possible failure of planner's index endpoint probes (Tom Lane)

    When using a recently-created index to determine the minimum or maximum value of a column, the planner could select a recently-dead tuple that does not actually contain the endpoint value. In the worst case the tuple might contain a null, resulting in a visible error “found unexpected null value in index”; more likely we would just end up using the wrong value, degrading the quality of planning estimates.

  • Fix failure to access trigger transition tables during EvalPlanQual rechecks (Alex Aktsipetrov)

    Triggers that rely on transition tables sometimes failed in the presence of concurrent updates.

  • Don't build extended statistics for inheritance trees (Tomas Vondra)

    This avoids a “tuple already updated by self” error during ANALYZE.

  • Fix printing of BTREE_META_CLEANUP WAL records (Michael Paquier)

  • Prevent assertion failures due to mishandling of version-2 btree metapages (Peter Geoghegan)

  • Ensure that a record or row value returned from a PL/pgSQL function is marked with the function's declared composite type (Tom Lane)

    This avoids problems if the result is stored directly into a table.

  • Fix a small memory leak in psql's \d command (Tom Lane)

  • Fix possible lockup in pgbench when using -R option (Fabien Coelho)

  • Improve reliability of contrib/amcheck's index verification (Peter Geoghegan)

  • Fix handling of Perl undef values in contrib/jsonb_plperl (Ivan Panchenko)

  • Improve stability of src/test/kerberos and src/test/ldap regression tests (Thomas Munro, Tom Lane)

  • Fix pgbench regression tests to work on Windows (Fabien Coelho)

• ⇑ Upgrade to 12 released on 2019-10-03 - docs

  • Remove the special behavior of oid columns (Andres Freund, John Naylor)

    Previously, a normally-invisible oid column could be specified during table creation using WITH OIDS; that ability has been removed. Columns can still be explicitly declared as type oid. Operations on tables that have columns created using WITH OIDS will need adjustment.

    The system catalogs that previously had hidden oid columns now have ordinary oid columns. Hence, SELECT * will now output those columns, whereas previously they would be displayed only if selected explicitly.

  • Remove data types abstime, reltime, and tinterval (Andres Freund)

    These are obsoleted by SQL-standard types such as timestamp.

  • Remove the timetravel extension (Andres Freund)

  • Move recovery.conf settings into postgresql.conf (Masao Fujii, Simon Riggs, Abhijit Menon-Sen, Sergei Kornilov)

    recovery.conf is no longer used, and the server will not start if that file exists. recovery.signal and standby.signal files are now used to switch into non-primary mode. The trigger_file setting has been renamed to promote_trigger_file. The standby_mode setting has been removed.

  • Do not allow multiple conflicting recovery_target* specifications (Peter Eisentraut)

    Specifically, only allow one of recovery_target, recovery_target_lsn, recovery_target_name, recovery_target_time, and recovery_target_xid. Previously, multiple different instances of these parameters could be specified, and the last one was honored. Now, only one can be specified, though the same one can be specified multiple times and the last specification is honored.

  • Cause recovery to advance to the latest timeline by default (Peter Eisentraut)

    Specifically, recovery_target_timeline now defaults to latest. Previously, it defaulted to current.

  • Refactor code for geometric functions and operators (Emre Hasegeli)

    This could lead to more accurate, but slightly different, results compared to previous releases. Notably, cases involving NaN, underflow, overflow, and division by zero are handled more consistently than before.

  • Improve performance by using a new algorithm for output of real and double precision values (Andrew Gierth)

    Previously, displayed floating-point values were rounded to 6 (for real) or 15 (for double precision) digits by default, adjusted by the value of extra_float_digits. Now, whenever extra_float_digits is more than zero (as it now is by default), only the minimum number of digits required to preserve the exact binary value are output. The behavior is the same as before when extra_float_digits is set to zero or less.

    Also, formatting of floating-point exponents is now uniform across platforms: two digits are used unless three are necessary. In previous releases, Windows builds always printed three digits.

  • random() and setseed() now behave uniformly across platforms (Tom Lane)

    The sequence of random() values generated following a setseed() call with a particular seed value is likely to be different now than before. However, it will also be repeatable, which was not previously guaranteed because of interference from other uses of random numbers inside the server. The SQL random() function now has its own private per-session state to forestall that.

  • Change SQL-style substring() to have standard-compliant greediness behavior (Tom Lane)

    In cases where the pattern can be matched in more than one way, the initial sub-pattern is now treated as matching the least possible amount of text rather than the greatest; for example, a pattern such as %#"aa*#"% now selects the first group of a's from the input, not the last group.

  • Do not pretty-print the result of xpath() or the XMLTABLE construct (Tom Lane)

    In some cases, these functions would insert extra whitespace (newlines and/or spaces) in nodeset values. This is undesirable since depending on usage, the whitespace might be considered semantically significant.

  • Rename command-line tool pg_verify_checksums to pg_checksums (Michaël Paquier)

  • In pg_restore, require specification of -f - to send the dump contents to standard output (Euler Taveira)

    Previously, this happened by default if no destination was specified, but that was deemed to be unfriendly.

  • Disallow non-unique abbreviations in psql's \pset format command (Daniel Vérité)

    Previously, for example, \pset format a chose aligned; it will now fail since that could equally well mean asciidoc.

  • In new btree indexes, the maximum index entry length is reduced by eight bytes, to improve handling of duplicate entries (Peter Geoghegan)

    This means that a REINDEX operation on an index pg_upgrade'd from a previous release could potentially fail.

  • Cause DROP IF EXISTS FUNCTION/PROCEDURE/AGGREGATE/ROUTINE to generate an error if no argument list is supplied and there are multiple matching objects (David Rowley)

    Also improve the error message in such cases.

  • Split the pg_statistic_ext catalog into two catalogs, and add the pg_stats_ext view of it (Dean Rasheed, Tomas Vondra)

    This change supports hiding potentially-sensitive statistics data from unprivileged users.

  • Remove obsolete pg_constraint.consrc column (Peter Eisentraut)

  • Remove obsolete pg_attrdef.adsrc column (Peter Eisentraut)

  • Mark table columns of type name as having “C” collation by default (Tom Lane, Daniel Vérité)

    The comparison operators for data type name can now use any collation, rather than always using “C” collation. To preserve the previous semantics of queries, columns of type name are now explicitly marked as having “C” collation. A side effect of this is that regular-expression operators on name columns will now use the “C” collation by default, not the database collation, to determine the behavior of locale-dependent regular expression patterns (such as \w). If you want non-C behavior for a regular expression on a name column, attach an explicit COLLATE clause. (For user-defined name columns, another possibility is to specify a different collation at table creation time; but that just moves the non-backwards-compatibility to the comparison operators.)

  • Treat object-name columns in the information_schema views as being of type name, not varchar (Tom Lane)

    Per the SQL standard, object-name columns in the information_schema views are declared as being of domain type sql_identifier. In PostgreSQL, the underlying catalog columns are really of type name. This change makes sql_identifier be a domain over name, rather than varchar as before. This eliminates a semantic mismatch in comparison and sorting behavior, which can greatly improve the performance of queries on information_schema views that restrict an object-name column. Note however that inequality restrictions, for example

    SELECT ... FROM information_schema.tables WHERE table_name < 'foo';
    

    will now use “C”-locale comparison semantics by default, rather than the database's default collation as before. Sorting on these columns will also follow “C” ordering rules. The previous behavior (and inefficiency) can be enforced by adding a COLLATE "default" clause.

  • Remove the ability to disable dynamic shared memory (Kyotaro Horiguchi)

    Specifically, dynamic_shared_memory_type can no longer be set to none.

  • Parse libpq integer connection parameters more strictly (Fabien Coelho)

    In previous releases, using an incorrect integer value for connection parameters connect_timeout, keepalives, keepalives_count, keepalives_idle, keepalives_interval and port resulted in libpq either ignoring those values or failing with incorrect error messages.

  • Improve performance of many operations on partitioned tables (Amit Langote, David Rowley, Tom Lane, Álvaro Herrera)

    Allow tables with thousands of child partitions to be processed efficiently by operations that only affect a small number of partitions.

  • Allow foreign keys to reference partitioned tables (Álvaro Herrera)

  • Improve speed of COPY into partitioned tables (David Rowley)

  • Allow partition bounds to be any expression (Kyotaro Horiguchi, Tom Lane, Amit Langote)

    Such expressions are evaluated at partitioned-table creation time. Previously, only simple constants were allowed as partition bounds.

  • Allow CREATE TABLE's tablespace specification for a partitioned table to affect the tablespace of its children (David Rowley, Álvaro Herrera)

  • Avoid sorting when partitions are already being scanned in the necessary order (David Rowley)

  • ALTER TABLE ATTACH PARTITION is now performed with reduced locking requirements (Robert Haas)

  • Add partition introspection functions (Michaël Paquier, Álvaro Herrera, Amit Langote)

    The new function pg_partition_root() returns the top-most parent of a partition tree, pg_partition_ancestors() reports all ancestors of a partition, and pg_partition_tree() displays information about partitions.

  • Include partitioned indexes in the system view pg_indexes (Suraj Kharage)

  • Add psql command \dP to list partitioned tables and indexes (Pavel Stehule)

  • Improve psql \d and \z display of partitioned tables (Pavel Stehule, Michaël Paquier, Álvaro Herrera)

  • Fix bugs that could cause ALTER TABLE DETACH PARTITION to leave behind incorrect dependency state, allowing subsequent operations to misbehave, for example by not dropping a former partition child index when its table is dropped (Tom Lane)

  • Improve performance and space utilization of btree indexes with many duplicates (Peter Geoghegan, Heikki Linnakangas)

    Previously, duplicate index entries were stored unordered within their duplicate groups. This caused overhead during index inserts, wasted space due to excessive page splits, and it reduced VACUUM's ability to recycle entire pages. Duplicate index entries are now sorted in heap-storage order.

    Indexes pg_upgrade'd from previous releases will not have these benefits.

  • Allow multi-column btree indexes to be smaller (Peter Geoghegan, Heikki Linnakangas)

    Internal pages and min/max leaf page indicators now only store index keys until the change key, rather than all indexed keys. This also improves the locality of index access.

    Indexes pg_upgrade'd from previous releases will not have these benefits.

  • Improve speed of btree index insertions by reducing locking overhead (Alexander Korotkov)

  • Support INCLUDE columns in GiST indexes (Andrey Borodin)

  • Add support for nearest-neighbor (KNN) searches of SP-GiST indexes (Nikita Glukhov, Alexander Korotkov, Vlad Sterzhanov)

  • Reduce the WAL write overhead of GiST, GIN, and SP-GiST index creation (Anastasia Lubennikova, Andrey V. Lepikhov)

  • Allow index-only scans to be more efficient on indexes with many columns (Konstantin Knizhnik)

  • Improve the performance of vacuum scans of GiST indexes (Andrey Borodin, Konstantin Kuznetsov, Heikki Linnakangas)

  • Delete empty leaf pages during GiST VACUUM (Andrey Borodin)

  • Reduce locking requirements for index renaming (Peter Eisentraut)

  • Allow CREATE STATISTICS to create most-common-value statistics for multiple columns (Tomas Vondra)

    This improves optimization for queries that test several columns, requiring an estimate of the combined effect of several WHERE clauses. If the columns are correlated and have non-uniform distributions then multi-column statistics will allow much better estimates.

  • Allow common table expressions (CTEs) to be inlined into the outer query (Andreas Karlsson, Andrew Gierth, David Fetter, Tom Lane)

    Specifically, CTEs are automatically inlined if they have no side-effects, are not recursive, and are referenced only once in the query. Inlining can be prevented by specifying MATERIALIZED, or forced for multiply-referenced CTEs by specifying NOT MATERIALIZED. Previously, CTEs were never inlined and were always evaluated before the rest of the query.

  • Allow control over when generic plans are used for prepared statements (Pavel Stehule)

    This is controlled by the plan_cache_mode server parameter.

  • Improve optimization of partition and UNION ALL queries that have only a single child (David Rowley)

  • Improve processing of domains that have no check constraints (Tom Lane)

    Domains that are being used purely as type aliases no longer cause optimization difficulties.

  • Pre-evaluate calls of LEAST and GREATEST when their arguments are constants (Vik Fearing)

  • Improve optimizer's ability to verify that partial indexes with IS NOT NULL conditions are usable in queries (Tom Lane, James Coleman)

    Usability can now be recognized in more cases where the calling query involves casts or large x IN (array) clauses.

  • Compute ANALYZE statistics using the collation defined for each column (Tom Lane)

    Previously, the database's default collation was used for all statistics. This potentially gives better optimizer behavior for columns with non-default collations.

  • Improve selectivity estimates for inequality comparisons on ctid columns (Edmund Horner)

  • Improve optimization of joins on columns of type tid (Tom Lane)

    These changes primarily improve the efficiency of self-joins on ctid columns.

  • Fix the leakproofness designations of some btree comparison operators and support functions (Tom Lane)

    This allows some optimizations that previously would not have been applied in the presence of security barrier views or row-level security.

  • Enable Just-in-Time (JIT) compilation by default, if the server has been built with support for it (Andres Freund)

    Note that this support is not built by default, but has to be selected explicitly while configuring the build.

  • Speed up keyword lookup (John Naylor, Joerg Sonnenberger, Tom Lane)

  • Improve search performance for multi-byte characters in position() and related functions (Heikki Linnakangas)

  • Allow toasted values to be minimally decompressed (Paul Ramsey)

    This is useful for routines that only need to examine the initial portion of a toasted field.

  • Allow ALTER TABLE ... SET NOT NULL to avoid unnecessary table scans (Sergei Kornilov)

    This can be optimized when the table's column constraints can be recognized as disallowing nulls.

  • Allow ALTER TABLE ... SET DATA TYPE changing between timestamp and timestamptz to avoid a table rewrite when the session time zone is UTC (Noah Misch)

    In the UTC time zone, these two data types are binary compatible.

  • Improve speed in converting strings to int2 or int4 integers (Andres Freund)

  • Allow parallelized queries when in SERIALIZABLE isolation mode (Thomas Munro)

    Previously, parallelism was disabled when in this mode.

  • Use pread() and pwrite() for random I/O (Oskari Saarenmaa, Thomas Munro)

    This reduces the number of system calls required for I/O.

  • Improve the speed of setting the process title on FreeBSD (Thomas Munro)

  • Allow logging of statements from only a percentage of transactions (Adrien Nayrat)

    The parameter log_transaction_sample_rate controls this.

  • Add progress reporting to CREATE INDEX and REINDEX operations (Álvaro Herrera, Peter Eisentraut)

    Progress is reported in the pg_stat_progress_create_index system view.

  • Add progress reporting to CLUSTER and VACUUM FULL (Tatsuro Yamada)

    Progress is reported in the pg_stat_progress_cluster system view.

  • Add progress reporting to pg_checksums (Michael Banck, Bernd Helmle)

    This is enabled with the option --progress.

  • Add counter of checksum failures to pg_stat_database (Magnus Hagander)

  • Add tracking of global objects in system view pg_stat_database (Julien Rouhaud)

    Global objects are shown with a pg_stat_database.datid value of zero.

  • Add the ability to list the contents of the archive directory (Christoph Moench-Tegeder)

    The function is pg_ls_archive_statusdir().

  • Add the ability to list the contents of temporary directories (Nathan Bossart)

    The function, pg_ls_tmpdir(), optionally allows specification of a tablespace.

  • Add information about the client certificate to the system view pg_stat_ssl (Peter Eisentraut)

    The new columns are client_serial and issuer_dn. Column clientdn has been renamed to client_dn for clarity.

  • Restrict visibility of rows in pg_stat_ssl for unprivileged users (Peter Eisentraut)

  • At server start, emit a log message including the server version number (Christoph Berg)

  • Prevent logging “incomplete startup packet” if a new connection is immediately closed (Tom Lane)

    This avoids log spam from certain forms of monitoring.

  • Include the application_name, if set, in log_connections log messages (Don Seiler)

  • Make the walreceiver set its application name to the cluster name, if set (Peter Eisentraut)

  • Add the timestamp of the last received standby message to pg_stat_replication (Lim Myungkyu)

  • Add a wait event for fsync of WAL segments (Konstantin Knizhnik)

  • Add GSSAPI encryption support (Robbie Harwood, Stephen Frost)

    This feature allows TCP/IP connections to be encrypted when using GSSAPI authentication, without having to set up a separate encryption facility such as SSL. In support of this, add hostgssenc and hostnogssenc record types in pg_hba.conf for selecting connections that do or do not use GSSAPI encryption, corresponding to the existing hostssl and hostnossl record types. There is also a new gssencmode libpq option, and a pg_stat_gssapi system view.

  • Allow the clientcert pg_hba.conf option to check that the database user name matches the client certificate's common name (Julian Markwort, Marius Timmer)

    This new check is enabled with clientcert=verify-full.

  • Allow discovery of an LDAP server using DNS SRV records (Thomas Munro)

    This avoids the requirement of specifying ldapserver. It is only supported if PostgreSQL is compiled with OpenLDAP.

  • Add ability to enable/disable cluster checksums using pg_checksums (Michael Banck, Michaël Paquier)

    The cluster must be shut down for these operations.

  • Reduce the default value of autovacuum_vacuum_cost_delay to 2ms (Tom Lane)

    This allows autovacuum operations to proceed faster by default.

  • Allow vacuum_cost_delay to specify sub-millisecond delays, by accepting fractional values (Tom Lane)

  • Allow time-based server parameters to use units of microseconds (us) (Tom Lane)

  • Allow fractional input for integer server parameters (Tom Lane)

    For example, SET work_mem = '30.1GB' is now allowed, even though work_mem is an integer parameter. The value will be rounded to an integer after any required units conversion.

  • Allow units to be defined for floating-point server parameters (Tom Lane)

  • Add wal_recycle and wal_init_zero server parameters to control WAL file recycling (Jerry Jelinek)

    Avoiding file recycling can be beneficial on copy-on-write file systems like ZFS.

  • Add server parameter tcp_user_timeout to control the server's TCP timeout (Ryohei Nagaura)

  • Allow control of the minimum and maximum SSL protocol versions (Peter Eisentraut)

    The server parameters are ssl_min_protocol_version and ssl_max_protocol_version.

  • Add server parameter ssl_library to report the SSL library version used by the server (Peter Eisentraut)

  • Add server parameter shared_memory_type to control the type of shared memory to use (Andres Freund)

    This allows selection of System V shared memory, if desired.

  • Allow some recovery parameters to be changed with reload (Peter Eisentraut)

    These parameters are archive_cleanup_command, promote_trigger_file, recovery_end_command, and recovery_min_apply_delay.

  • Allow the streaming replication timeout (wal_sender_timeout) to be set per connection (Takayuki Tsunakawa)

    Previously, this could only be set cluster-wide.

  • Add function pg_promote() to promote standbys to primaries (Laurenz Albe, Michaël Paquier)

    Previously, this operation was only possible by using pg_ctl or creating a trigger file.

  • Allow replication slots to be copied (Masahiko Sawada)

    The functions for this are pg_copy_physical_replication_slot() and pg_copy_logical_replication_slot().

  • Make max_wal_senders not count as part of max_connections (Alexander Kukushkin)

  • Add an explicit value of current for recovery_target_timeline (Peter Eisentraut)

  • Make recovery fail if a two-phase transaction status file is corrupt (Michaël Paquier)

    Previously, a warning was logged and recovery continued, allowing the transaction to be lost.

  • Add REINDEX CONCURRENTLY option to allow reindexing without locking out writes (Michaël Paquier, Andreas Karlsson, Peter Eisentraut)

    This is also controlled by the reindexdb application's --concurrently option.

  • Add support for generated columns (Peter Eisentraut)

    The content of generated columns are computed from expressions (including references to other columns in the same table) rather than being specified by INSERT or UPDATE commands.

  • Add a WHERE clause to COPY FROM to control which rows are accepted (Surafel Temesgen)

    This provides a simple way to filter incoming data.

  • Allow enumerated values to be added more flexibly (Andrew Dunstan, Tom Lane, Thomas Munro)

    Previously, ALTER TYPE ... ADD VALUE could not be called in a transaction block, unless it was part of the same transaction that created the enumerated type. Now it can be called in a later transaction, so long as the new enumerated value is not referenced until after it is committed.

  • Add commands to end a transaction and start a new one (Peter Eisentraut)

    The commands are COMMIT AND CHAIN and ROLLBACK AND CHAIN.

  • Add VACUUM and CREATE TABLE options to prevent VACUUM from truncating trailing empty pages (Takayuki Tsunakawa)

    These options are vacuum_truncate and toast.vacuum_truncate. Use of these options reduces VACUUM's locking requirements, but prevents returning disk space to the operating system.

  • Allow VACUUM to skip index cleanup (Masahiko Sawada)

    This change adds a VACUUM command option INDEX_CLEANUP as well as a table storage option vacuum_index_cleanup. Use of this option reduces the ability to reclaim space and can lead to index bloat, but it is helpful when the main goal is to freeze old tuples.

  • Add the ability to skip VACUUM and ANALYZE operations on tables that cannot be locked immediately (Nathan Bossart)

    This option is called SKIP_LOCKED.

  • Allow VACUUM and ANALYZE to take optional Boolean argument specifications (Masahiko Sawada)

  • Prevent TRUNCATE, VACUUM and ANALYZE from requesting a lock on tables for which the user lacks permission (Michaël Paquier)

    This prevents unauthorized locking, which could interfere with user queries.

  • Add EXPLAIN option SETTINGS to output non-default optimizer settings (Tomas Vondra)

    This output can also be obtained when using auto_explain by setting auto_explain.log_settings.

  • Add OR REPLACE option to CREATE AGGREGATE (Andrew Gierth)

  • Allow modifications of system catalogs' options using ALTER TABLE (Peter Eisentraut)

    Modifications of catalogs' reloptions and autovacuum settings are now supported. (Setting allow_system_table_mods is still required.)

  • Use all key columns' names when selecting default constraint names for foreign keys (Peter Eisentraut)

    Previously, only the first column name was included in the constraint name, resulting in ambiguity for multi-column foreign keys.

  • Update assorted knowledge about Unicode to match Unicode 12.1.0 (Peter Eisentraut)

    This fixes, for example, cases where psql would misformat output involving combining characters.

  • Update Snowball stemmer dictionaries with support for new languages (Arthur Zakirov)

    This adds word stemming support for Arabic, Indonesian, Irish, Lithuanian, Nepali, and Tamil to full text search.

  • Allow creation of collations that report string equality for strings that are not bit-wise equal (Peter Eisentraut)

    This feature supports “nondeterministic” collations that can define case- and accent-agnostic equality comparisons. Thus, for example, a case-insensitive uniqueness constraint on a text column can be made more easily than before. This is only supported for ICU collations.

  • Add support for ICU collation attributes on older ICU versions (Peter Eisentraut)

    This allows customization of the collation rules in a consistent way across all ICU versions.

  • Allow data type name to more seamlessly be compared to other text types (Tom Lane)

    Type name now behaves much like a domain over type text that has default collation “C”. This allows cross-type comparisons to be processed more efficiently.

  • Add support for the SQL/JSON path language (Nikita Glukhov, Teodor Sigaev, Alexander Korotkov, Oleg Bartunov, Liudmila Mantrova)

    This allows execution of complex queries on JSON values using an SQL-standard language.

  • Add support for hyperbolic functions (Lætitia Avrot)

    Also add log10() as an alias for log(), for standards compliance.

  • Improve the accuracy of statistical aggregates like variance() by using more precise algorithms (Dean Rasheed)

  • Allow date_trunc() to have an additional argument to control the time zone (Vik Fearing, Tom Lane)

    This is faster and simpler than using the AT TIME ZONE clause.

  • Adjust to_timestamp()/to_date() functions to be more forgiving of template mismatches (Artur Zakirov, Alexander Korotkov, Liudmila Mantrova)

    This new behavior more closely matches the Oracle functions of the same name.

  • Fix assorted bugs in XML functions (Pavel Stehule, Markus Winand, Chapman Flack)

    Specifically, in XMLTABLE, xpath(), and xmlexists(), fix some cases where nothing was output for a node, or an unexpected error was thrown, or necessary escaping of XML special characters was omitted.

  • Allow the BY VALUE clause in XMLEXISTS and XMLTABLE (Chapman Flack)

    This SQL-standard clause has no effect in PostgreSQL's implementation, but it was unnecessarily being rejected.

  • Prevent current_schema() and current_schemas() from being run by parallel workers, as they are not parallel-safe (Michaël Paquier)

  • Allow RECORD and RECORD[] to be used as column types in a query's column definition list for a table function that is declared to return RECORD (Elvis Pranskevichus)

  • Allow SQL commands and variables with the same names as those commands to be used in the same PL/pgSQL function (Tom Lane)

    For example, allow a variable called comment to exist in a function that calls the COMMENT SQL command. Previously this combination caused a parse error.

  • Add new optional warning and error checks to PL/pgSQL (Pavel Stehule)

    The new checks allow for run-time validation of INTO column counts and single-row results.

  • Add connection parameter tcp_user_timeout to control libpq's TCP timeout (Ryohei Nagaura)

  • Allow libpq (and thus psql) to report only the SQLSTATE value in error messages (Didier Gautheron)

  • Add libpq function PQresultMemorySize() to report the memory used by a query result (Lars Kanis, Tom Lane)

  • Remove the no-display/debug flag from libpq's options connection parameter (Peter Eisentraut)

    This allows this parameter to be set by postgres_fdw.

  • Allow ecpg to create variables of data type bytea (Ryo Matsumura)

    This allows ECPG clients to interact with bytea data directly, rather than using an encoded form.

  • Add PREPARE AS support to ECPG (Ryo Matsumura)

  • Allow vacuumdb to select tables for vacuum based on their wraparound horizon (Nathan Bossart)

    The options are --min-xid-age and --min-mxid-age.

  • Allow vacuumdb to disable waiting for locks or skipping all-visible pages (Nathan Bossart)

    The options are --skip-locked and --disable-page-skipping.

  • Add colorization to the output of command-line utilities (Peter Eisentraut)

    This is enabled by setting the environment variable PG_COLOR to always or auto. The specific colors used can be adjusted by setting the environment variable PG_COLORS, using ANSI escape codes for colors. For example, the default behavior is equivalent to PG_COLORS="error=01;31:warning=01;35:locus=01".

  • Add CSV table output mode in psql (Daniel Vérité)

    This is controlled by \pset format csv or the command-line --csv option.

  • Show the manual page URL in psql's \help output for a SQL command (Peter Eisentraut)

  • Display the IP address in psql's \conninfo (Fabien Coelho)

  • Improve tab completion of CREATE TABLE, CREATE TRIGGER, CREATE EVENT TRIGGER, ANALYZE, EXPLAIN, VACUUM, ALTER TABLE, ALTER INDEX, ALTER DATABASE, and ALTER INDEX ALTER COLUMN (Dagfinn Ilmari Mannsåker, Tatsuro Yamada, Michaël Paquier, Tom Lane, Justin Pryzby)

  • Allow values produced by queries to be assigned to pgbench variables (Fabien Coelho, Álvaro Herrera)

    The command for this is \gset.

  • Improve precision of pgbench's --rate option (Tom Lane)

  • Improve pgbench's error reporting with clearer messages and return codes (Peter Eisentraut)

  • Allow control of log file rotation via pg_ctl (Kyotaro Horiguchi, Alexander Kuzmenkov, Alexander Korotkov)

    Previously, this was only possible via an SQL function or a process signal.

  • Properly detach the new server process during pg_ctl start (Paul Guo)

    This prevents the server from being shut down if the shell script that invoked pg_ctl is interrupted later.

  • Allow pg_upgrade to use the file system's cloning feature, if there is one (Peter Eisentraut)

    The --clone option has the advantages of --link, while preventing the old cluster from being changed after the new cluster has started.

  • Allow specification of the socket directory to use in pg_upgrade (Daniel Gustafsson)

    This is controlled by --socketdir; the default is the current directory.

  • Allow pg_checksums to disable fsync operations (Michaël Paquier)

    This is controlled by the --no-sync option.

  • Allow pg_rewind to disable fsync operations (Michaël Paquier)

  • Fix pg_test_fsync to report accurate open_datasync durations on Windows (Laurenz Albe)

  • When pg_dump emits data with INSERT commands rather than COPY, allow more than one data row to be included in each INSERT (Surafel Temesgen, David Rowley)

    The option controlling this is --rows-per-insert.

  • Allow pg_dump to emit INSERT ... ON CONFLICT DO NOTHING (Surafel Temesgen)

    This avoids conflict failures during restore. The option is --on-conflict-do-nothing.

  • Decouple the order of operations in a parallel pg_dump from the order used by a subsequent parallel pg_restore (Tom Lane)

    This allows pg_restore to perform more-fully-parallelized parallel restores, especially in cases where the original dump was not done in parallel. Scheduling of a parallel pg_dump is also somewhat improved.

  • Allow the extra_float_digits setting to be specified for pg_dump and pg_dumpall (Andrew Dunstan)

    This is primarily useful for making dumps that are exactly comparable across different source server versions. It is not recommended for normal use, as it may result in loss of precision when the dump is restored.

  • Add --exclude-database option to pg_dumpall (Andrew Dunstan)

  • Add CREATE ACCESS METHOD command to create new table types (Andres Freund, Haribabu Kommi, Álvaro Herrera, Alexander Korotkov, Dmitry Dolgov)

    This enables the development of new table access methods, which can optimize storage for different use cases. The existing heap access method remains the default.

  • Add planner support function interfaces to improve optimizer estimates, inlining, and indexing for functions (Tom Lane)

    This allows extensions to create planner support functions that can provide function-specific selectivity, cost, and row-count estimates that can depend on the function's arguments. Support functions can also supply simplified representations and index conditions, greatly expanding optimization possibilities.

  • Simplify renumbering manually-assigned OIDs, and establish a new project policy for management of such OIDs (John Naylor, Tom Lane)

    Patches that manually assign OIDs for new built-in objects (such as new functions) should now randomly choose OIDs in the range 8000—9999. At the end of a development cycle, the OIDs used by committed patches will be renumbered down to lower numbers, currently somewhere in the 4xxx range, using the new renumber_oids.pl script. This approach should greatly reduce the odds of OID collisions between different in-process patches.

    While there is no specific policy reserving any OIDs for external use, it is recommended that forks and other projects needing private manually-assigned OIDs use numbers in the high 7xxx range. This will avoid conflicts with recently-merged patches, and it should be a long time before the core project reaches that range.

  • Build Cygwin binaries using dynamic instead of static libraries (Marco Atzeri)

  • Remove configure switch --disable-strong-random (Michaël Paquier)

    A strong random-number source is now required.

  • printf-family functions, as well as strerror and strerror_r, now behave uniformly across platforms within Postgres code (Tom Lane)

    Notably, printf understands %m everywhere; on Windows, strerror copes with Winsock error codes (it used to do so in backend but not frontend code); and strerror_r always follows the GNU return convention.

  • Require a C99-compliant compiler, and MSVC 2013 or later on Windows (Andres Freund)

  • Use pandoc, not lynx, for generating plain-text documentation output files (Peter Eisentraut)

    This affects only the INSTALL file generated during make dist and the seldom-used plain-text postgres.txt output file. Pandoc produces better output than lynx and avoids some locale/encoding issues. Pandoc version 1.13 or later is required.

  • Support use of images in the PostgreSQL documentation (Jürgen Purtz)

  • Allow ORDER BY sorts and LIMIT clauses to be pushed to postgres_fdw foreign servers in more cases (Etsuro Fujita)

  • Improve optimizer cost accounting for postgres_fdw queries (Etsuro Fujita)

  • Properly honor WITH CHECK OPTION on views that reference postgres_fdw tables (Etsuro Fujita)

    While CHECK OPTIONs on postgres_fdw tables are ignored (because the reference is foreign), views on such tables are considered local, so this change enforces CHECK OPTIONs on them. Previously, only INSERTs and UPDATEs with RETURNING clauses that returned CHECK OPTION values were validated.

  • Allow pg_stat_statements_reset() to be more granular (Haribabu Kommi, Amit Kapila)

    The function now allows reset of statistics for specific databases, users, and queries.

  • Allow control of the auto_explain log level (Tom Dunstan, Andrew Dunstan)

    The default is LOG.

  • Update unaccent rules with new punctuation and symbols (Hugh Ranalli, Michaël Paquier)

  • Allow unaccent to handle some accents encoded as combining characters (Hugh Ranalli)

  • Allow unaccent to remove accents from Greek characters (Tasos Maschalidis)

  • Add a parameter to amcheck's bt_index_parent_check() function to check each index tuple from the root of the tree (Peter Geoghegan)

  • Improve oid2name and vacuumlo option handling to match other commands (Tatsuro Yamada)

• ⇑ Upgrade to 12.1 released on 2019-11-14 - docs

  • Fix crash when ALTER TABLE adds a column without a default value along with making other changes that require a table rewrite (Andres Freund)

  • Fix lock handling in REINDEX CONCURRENTLY (Michael Paquier)

    REINDEX CONCURRENTLY neglected to take a session-level lock on the new index version, potentially allowing other sessions to manipulate it too soon. Also, a query-cancel or session-termination interrupt arriving at the wrong time could result in failure to release the session-level locks that REINDEX CONCURRENTLY does hold.

  • Avoid crash due to race condition when reporting the progress of a CREATE INDEX CONCURRENTLY or REINDEX CONCURRENTLY command (Álvaro Herrera)

  • Avoid creating duplicate dependency entries during REINDEX CONCURRENTLY (Michael Paquier)

    This bug resulted in bloat in pg_depend, but no worse consequences than that.

  • Fix “wrong type of slot” error when trying to CLUSTER on an expression index (Andres Freund)

  • SET CONSTRAINTS ... DEFERRED failed on partitioned tables, incorrectly complaining about lack of triggers (Álvaro Herrera)

  • Fix failure when creating indexes for a partition, if the parent partitioned table contains any dropped columns (Michael Paquier)

  • Fix dropping of indexed columns in partitioned tables (Amit Langote, Michael Paquier)

    Previously this might fail with an error message complaining about the dependencies of the indexes. It should automatically drop the indexes, instead.

  • Ensure that a partition index can be dropped after a failure to reindex it concurrently (Michael Paquier)

    The index's pg_class.relispartition flag was left in the wrong state in such a case, causing DROP INDEX to fail.

  • Fix handling of equivalence class members for partition-wise joins (Amit Langote)

    This oversight could lead either to failure to use a feasible partition-wise join plan, or to a “could not find pathkey item to sort” planner failure.

  • Fix crash triggered by an EvalPlanQual recheck on a table with a BEFORE UPDATE trigger (Andres Freund)

  • Fix “unexpected relkind” error when a query tries to access a TOAST table (John Hsu, Michael Paquier, Tom Lane)

    The error should say that permission is denied, but this case got broken during code refactoring.

  • Ignore restore_command, recovery_end_command, and recovery_min_apply_delay settings during crash recovery (Fujii Masao)

    Now that these settings can be specified in postgresql.conf, they could be turned on during crash recovery, but honoring them then is undesirable. Ignore these settings until crash recovery is complete.

  • Fix logical replication failure when publisher and subscriber have different ideas about a table's replica identity columns (Jehan-Guillaume de Rorthais, Peter Eisentraut)

    Declaring a column as part of the replica identity on the subscriber, when it does not exist at all on the publisher, led to “negative bitmapset member not allowed” errors.

  • Fix timeout handling in logical replication walreceiver processes (Julien Rouhaud)

    Erroneous logic prevented wal_receiver_timeout from working in logical replication deployments.

  • Fix result of text position() function (also known as strpos()) for an empty search string (Tom Lane)

    Historically, and per the SQL standard, the result should be one in such cases, but 12.0 returned zero.

  • Avoid memory leak while vacuuming a GiST index (Dilip Kumar)

  • Fix libpq to allow trailing whitespace in the string values of integer parameters (Michael Paquier)

    Version 12 tightened libpq's validation of integer parameters, but disallowing trailing whitespace seems undesirable.

  • In libpq, correctly report CONNECTION_BAD connection status after a failure caused by a syntactically invalid connect_timeout parameter value (Lars Kanis)

  • Fix scheduling of parallel restore of a foreign key constraint on a partitioned table (Álvaro Herrera)

    pg_dump failed to emit full dependency information for partitioned tables' foreign keys. This could allow parallel pg_restore to try to recreate a foreign key constraint too soon.

  • In pg_upgrade, reject tables with columns of type sql_identifier, as that has changed representation in version 12 (Tomas Vondra)

  • In pg_rewind with the --dry-run option, avoid updating pg_control (Alexey Kondratov)

    This could lead to failures in subsequent pg_rewind attempts.

  • Put back pqsignal() as an exported libpq symbol (Tom Lane)

    This function was removed on the grounds that no clients should be using it, but that turns out to break usage of current libpq with very old versions of psql, and perhaps other applications.

• ⇑ Upgrade to 12.2 released on 2020-02-13 - docs

  • Fix TRUNCATE ... CASCADE to ensure all relevant partitions are truncated (Jehan-Guillaume de Rorthais)

    If a partition of a partitioned table is truncated with the CASCADE option, and the partitioned table has a foreign-key reference from another table, that table must also be truncated. The need to check this was missed if the referencing table was itself partitioned, possibly allowing rows to survive that violate the foreign-key constraint.

    Hence, if you have foreign key constraints between partitioned tables, and you have done any partition-level TRUNCATE on the referenced table, you should check to see if any foreign key violations exist. The simplest way is to add a new instance of the foreign key constraint (and, once that succeeds, drop it or the original constraint). That may be prohibitive from a locking standpoint, however, in which case you might prefer to manually query for unmatched rows.

  • Fix failure to attach foreign key constraints to sub-partitions (Jehan-Guillaume de Rorthais)

    When adding a partition to a level below the first level of a multi-level partitioned table, foreign key constraints referencing the top partitioned table were not cloned to the new partition, leading to possible constraint violations later. Detaching and re-attaching the new partition is the cheapest way to fix this. However, if there are many partitions to be fixed, adding a new instance of the foreign key constraint might be preferable.

  • Fix possible crash during concurrent update on a partitioned table or inheritance tree (Tom Lane)

  • Ensure that row triggers on partitioned tables are correctly cloned to sub-partitions when appropriate (Álvaro Herrera)

    User-defined triggers (but not triggers for foreign key or deferred unique constraints) might be missed when creating or attaching a partition.

  • Fix logical replication subscriber code to execute per-column UPDATE triggers when appropriate (Peter Eisentraut)

  • Fix possible crash or data corruption when a logical replication subscriber processes a row update (Tom Lane, Tomas Vondra)

    This bug caused visible problems only if the subscriber's table contained columns that were not being copied from the publisher and had pass-by-reference data types.

  • Fix crash in logical replication subscriber after DDL changes on a subscribed relation (Jehan-Guillaume de Rorthais, Vignesh C)

  • Ensure that the effect of pg_replication_slot_advance() on a physical replication slot will persist across restarts (Alexey Kondratov, Michael Paquier)

  • Improve efficiency of logical replication with REPLICA IDENTITY FULL (Konstantin Knizhnik)

    When searching for an existing tuple during an update or delete operation, return the first matching tuple not the last one.

  • Fix base backup to handle database OIDs larger than INT32_MAX (Peter Eisentraut)

  • Ensure parallel plans are always shut down at the correct time (Kyotaro Horiguchi)

    This oversight is known to result in “temporary file leak” warnings from multi-batch parallel hash joins.

  • Improve efficiency of parallel hash join on CPUs with many cores (Gang Deng, Thomas Munro)

  • Avoid crash in parallel CREATE INDEX when there are no free dynamic shared memory slots (Thomas Munro)

    Fall back to a non-parallel index build, instead.

  • Fix crash during recursive page split in GiST index build (Heikki Linnakangas)

  • Fix failure in ALTER TABLE when a column referenced in a GENERATED expression has been added or changed in type earlier in the same ALTER command (Tom Lane)

  • Fix failure to insert default values for “missing” attributes during tuple conversion (Vik Fearing, Andrew Gierth)

    This could result in values incorrectly reading as NULL, when they come from columns that had been added by ALTER TABLE ADD COLUMN with a constant default.

  • Fix unlikely panic in the checkpointer process, caused by opening relation segments that might already have been removed (Thomas Munro)

  • Fix crash after FileClose() failure (Noah Misch)

    This issue could only be observed with data_sync_retry enabled, since otherwise FileClose() failure would be reported as a PANIC.

  • Fix handling of multiple AFTER ROW triggers on a foreign table (Etsuro Fujita)

  • Ensure that the <> operator for type char reports indeterminate-collation errors as such, rather than as “cache lookup failed for collation 0” (Tom Lane)

  • Avoid treating TID scans as sequential scans (Tatsuhito Kasahara)

    A refactoring oversight caused TID scans (selection by CTID) to be counted as sequential scans in the statistics views, and to take whole-table predicate locks as sequential scans do. The latter behavior could cause unnecessary serialization errors in serializable transaction mode.

  • Ensure that walsender processes always show NULL for transaction start time in pg_stat_activity (Álvaro Herrera)

    Previously, the xact_start column would sometimes show the process start time.

  • Reduce spinlock contention when there are many active walsender processes (Pierre Ducroquet)

  • Fix placement of “Subplans Removed” field in EXPLAIN output (Daniel Gustafsson, Tom Lane)

    In non-text output formats, this field was emitted inside the “Plans” sub-group, resulting in syntactically invalid output. Attach it to the parent Append or MergeAppend plan node as intended. This causes the field to change position in text output format too: if there are any InitPlans attached to the same plan node, “Subplans Removed” will now appear before those.

  • Fix EXPLAIN's SETTINGS option to print as empty in non-text output formats (Tom Lane)

    In the non-text output formats, fields are supposed to appear when requested, even if they have empty or zero values.

  • Allow the planner to apply potentially-leaky tests to child-table statistics, if the user can read the corresponding column of the table that's actually named in the query (Dilip Kumar, Amit Langote)

    This change fixes a performance problem for partitioned tables that was created by the fix for CVE-2017-7484. That security fix disallowed applying leaky operators to statistics for columns that the current user doesn't have permission to read directly. However, it's somewhat common to grant permissions only on the parent partitioned table and not bother to do so on individual partitions. In such cases, the user can read the column via the parent, so there's no point in this security restriction; it only results in poorer planner estimates than necessary.

  • Fix planner errors induced by overly-aggressive collapsing of joins to single-row subqueries (Tom Lane)

    This mistake led to errors such as “failed to construct the join relation”.

  • Fix “no = operator for opfamily NNNN” planner error when trying to match a LIKE or regex pattern-match operator to a binary-compatible index opclass (Tom Lane)

  • Fix incorrect estimation for OR clauses when using most-common-value extended statistics (Tomas Vondra)

  • Ignore system columns when applying most-common-value extended statistics (Tomas Vondra)

    This prevents “negative bitmapset member not allowed” planner errors for affected queries.

  • Fix BRIN index logic to support hypothetical BRIN indexes (Julien Rouhaud, Heikki Linnakangas)

    Previously, if an “index adviser” extension tried to get the planner to produce a plan involving a hypothetical BRIN index, that would fail, because the BRIN cost estimation code would always try to physically access the index's metapage. Now it checks to see if the index is only hypothetical, and uses default assumptions about the index parameters if so.

  • Disallow partition key expressions that return pseudo-types, such as record (Tom Lane)

  • Ensure that data types and collations used in XMLTABLE constructs are accounted for when computing dependencies of a view or rule (Tom Lane)

    Previously it was possible to break a view using XMLTABLE by dropping a type, if the type was not otherwise referenced in the view. This fix does not correct the dependencies already recorded for existing views, only for newly-created ones.

  • Prevent unwanted downcasing and truncation of RADIUS authentication parameters (Marcos David)

    The pg_hba.conf parser mistakenly treated these fields as SQL identifiers, which in general they aren't.

  • Fix bugs in handling of non-blocking I/O when using GSSAPI encryption (Tom Lane)

    These errors could result in dropping data (usually leading to subsequent wire-protocol-violation errors) or in a “livelock” situation where a sending process goes to sleep although not all its data has been sent. Moreover, libpq failed to keep separate encryption state for each connection, creating the possibility for failures in applications using multiple encrypted database connections.

  • Avoid crash after an out-of-memory failure in ecpglib (Tom Lane)

  • Cope with changes of the specific type referenced by a PL/pgSQL composite-type variable in more cases (Ashutosh Sharma, Tom Lane)

    Dropping and re-creating the composite type referenced by a PL/pgSQL variable could lead to “could not open relation with OID NNNN” errors.

  • Fix configure's probe for OpenSSL's SSL_clear_options() function so that it works with OpenSSL versions before 1.1.0 (Michael Paquier, Daniel Gustafsson)

    This problem could lead to failure to set the SSL compression option as desired, when PostgreSQL is built against an old version of OpenSSL.

  • Avoid memory leak in sanity checks for “slab” memory contexts (Tomas Vondra)

    This isn't an issue for production builds, since they wouldn't ordinarily have memory context checking enabled; but the leak could be quite severe in a debug build.

  • Fix multiple statistics entries reported by the LWLock statistics mechanism (Fujii Masao)

    The LWLock statistics code (which is not built by default; it requires compiling with -DLWLOCK_STATS) could report multiple entries for the same LWLock and backend process, as a result of faulty hashtable key creation.

  • Fix handling of a corner-case error result from Windows' ReadFile() function (Thomas Munro, Juan José Santamaría Flecha)

    So far as is known, this oversight just resulted in noisy log messages, not any actual query misbehavior.

  • On Windows, work around sharing violations for the postmaster's log file when pg_ctl is used to start the postmaster very shortly after it's been stopped, for example by pg_ctl restart (Alexander Lakhin)

• ⇑ Upgrade to 12.3 released on 2020-05-14 - docs

  • Fix possible failure with GENERATED columns (David Rowley)

    If a GENERATED column's value is an exact copy of another column of the table (and it is a pass-by-reference data type), it was possible to crash or insert corrupted data into the table. While it would be rather pointless for a GENERATED expression to just duplicate another column, an expression using a function that sometimes returns its input unchanged could create the situation.

  • Handle inheritance of generated columns better (Peter Eisentraut)

    When a table column is inherited during CREATE TABLE ... INHERITS, disallow changing any generation properties when the parent column is already marked GENERATED; but allow a child column to be marked GENERATED when its parent is not.

  • Fix cross-column references in CREATE TABLE LIKE INCLUDING GENERATED (Peter Eisentraut)

    CREATE TABLE ... LIKE failed when trying to copy a GENERATED expression that references a physically-later column.

  • Propagate ALTER TABLE ... SET STORAGE to indexes (Peter Eisentraut)

    Non-expression index columns have always copied the attstorage property of their table column at creation. Update them when ALTER TABLE ... SET STORAGE is done, to maintain consistency.

  • Preserve the indisclustered setting of indexes rebuilt by REINDEX CONCURRENTLY (Justin Pryzby)

  • Ensure that when a partition is detached, any triggers cloned from its formerly-parent table are removed (Justin Pryzby)

  • Fix crash when COLLATE is applied to a non-collatable type in a partition bound expression (Dmitry Dolgov)

  • Ensure that unique indexes over partitioned tables match the equality semantics of the partitioning key (Guancheng Luo)

    This would only be an issue with index opclasses that have unusual notions of equality, but it's wrong in theory, so check.

  • Ensure that members of the pg_read_all_stats role can read all statistics views, as expected (Magnus Hagander)

    The functions underlying the pg_stat_progress_* views had not gotten this memo.

  • Repair performance regression in information_schema.triggers view (Tom Lane)

    This patch redefines that view so that an outer WHERE clause constraining the table name can be pushed down into the view, allowing its calculations to be done only for triggers belonging to the table of interest rather than all triggers in the database. In a database with many triggers this would make a significant speed difference for queries of that form. Since things worked that way before v11, this is a potential performance regression. Users who find this to be a problem can fix it by replacing the view definition (or, perhaps, just deleting and reinstalling the whole information_schema schema).

  • Repair performance regression in floating point overflow/underflow detection (Emre Hasegeli)

    Previous refactoring had resulted in isinf() being called extra times in some hot code paths.

  • Ignore file-not-found errors in pg_ls_waldir() and allied functions (Tom Lane)

    This prevents a race condition failure if a file is removed between when we see its directory entry and when we attempt to stat() it.

  • Fix server's connection-startup logic for case where a GSSAPI connection is rejected because support is not compiled in, and the client then tries SSL instead (Andrew Gierth)

    This led to a bogus “unsupported frontend protocol” failure.

  • Fix memory leakage during GSSAPI encryption (Tom Lane)

    Both the backend and libpq would leak memory equivalent to the total amount of data sent during the session, if GSSAPI encryption is in use.

  • Fix query-lifespan memory leak for a set-returning function used in a query's FROM clause (Andres Freund)

  • Avoid leakage of a hashed subplan's hash tables across multiple executions (Andreas Karlsson, Tom Lane)

    This mistake could result in severe memory bloat if a query re-executed a hashed subplan enough times.

  • Improve planner's handling of no-op domain coercions (Tom Lane)

    Fix some cases where a domain coercion that does nothing was not completely removed from expressions.

  • Fix possible undercounting of deleted B-tree index pages in VACUUM VERBOSE output (Peter Geoghegan)

  • Fix wrong bookkeeping for oldest deleted page in a B-tree index (Peter Geoghegan)

    This could cause subtly wrong decisions about when VACUUM can skip an index cleanup scan; although it appears there may be no significant user-visible effects from that.

  • Ensure that TimelineHistoryRead and TimelineHistoryWrite wait states are reported in all code paths that read or write timeline history files (Masahiro Ikeda)

  • Avoid race condition when ANALYZE replaces the catalog tuple for extended statistics data (Dean Rasheed)

  • Remove ill-considered skip of “redundant” anti-wraparound vacuums (Michael Paquier)

    This avoids a corner case where autovacuum could get into a loop of repeatedly trying and then skipping the same vacuum job.

  • Ensure INCLUDE'd columns are always removed from B-tree pivot tuples (Peter Geoghegan)

    This mistake wasted space in some rare cases, but was otherwise harmless.

  • Cope with invalid TOAST indexes that could be left over after a failed REINDEX CONCURRENTLY (Julien Rouhaud)

  • Ensure that valid index dependencies are left behind after a failed REINDEX CONCURRENTLY (Michael Paquier)

    Previously the old index could be left with no pg_depend links at all, so that for example it would not get dropped if the parent table is dropped.

  • Avoid failure if autovacuum tries to access a just-dropped temporary schema (Tom Lane)

    This hazard only arises if a superuser manually drops a temporary schema; which isn't normal practice, but should work.

  • Avoid possible failure after a replication slot copy, due to premature removal of WAL data (Masahiko Sawada, Arseny Sher)

  • Ensure that generated columns are correctly handled during updates issued by logical replication (Peter Eisentraut)

  • Fix crash in psql when attempting to re-establish a failed connection (Michael Paquier)

  • Allow tab-completion of the filename argument to psql's \gx command (Vik Fearing)

  • Ensure that pg_basebackup generates valid tar files (Robert Haas)

    In some cases a partial block of zeroes would be added to the end of the file. While this seems to be harmless with common versions of tar, it's not OK per the POSIX file format spec.

  • Make pg_checksums skip tablespace subdirectories that belong to a different PostgreSQL major version (Michael Banck, Bernd Helmle)

    Such subdirectories don't really belong to our database cluster, and so must not be processed.

  • Ignore temporary copies of pg_internal.init in pg_checksums and related programs (Michael Paquier)

  • Work around failure in contrib/pageinspect's bt_metap() function when an oldest_xact value exceeds 2^31-1 (Peter Geoghegan)

    Such XIDs will now be reported as negative integers, which isn't great but it beats throwing an error. v13 will widen the output argument to int8 to provide saner reporting.

  • On Windows, avoid premature creation of postmaster's log file during pg_ctl start (Alexander Lakhin)

    The previous coding could allow the file to be created with permissions that wouldn't allow the postmaster to write on it.

  • On Windows, set console VT100 compatibility mode in programs that support PG_COLOR colorization (Juan José Santamaría Flecha)

    Without this, the colorization option doesn't actually work.

  • Stop requiring extra parentheses in ereport() calls (Andres Freund, Tom Lane)

  • Use pkg-config, if available, to locate libxml2 during configure (Hugh McMaster, Tom Lane, Peter Eisentraut)

    If pkg-config is not present or lacks knowledge of libxml2, we still query xml2-config as before.

    This change could break build processes that try to make PostgreSQL use a non-default version of libxml2 by putting that version's xml2-config into the PATH. Instead, set XML2_CONFIG to point to the non-default xml2-config. That method will work with either older or newer PostgreSQL releases.

  • Fix Makefile dependencies for libpq and ecpg (Dagfinn Ilmari Mannsåker)

• ⇑ Upgrade to 12.4 released on 2020-08-13 - docs

  • Set a secure search_path in logical replication walsenders and apply workers (Noah Misch)

    A malicious user of either the publisher or subscriber database could potentially cause execution of arbitrary SQL code by the role running replication, which is often a superuser. Some of the risks here are equivalent to those described in CVE-2018-1058, and are mitigated in this patch by ensuring that the replication sender and receiver execute with empty search_path settings. (As with CVE-2018-1058, that change might cause problems for under-qualified names used in replicated tables' DDL.) Other risks are inherent in replicating objects that belong to untrusted roles; the most we can do is document that there is a hazard to consider. (CVE-2020-14349)

  • Fix edge cases in partition pruning (Etsuro Fujita, Dmitry Dolgov)

    When there are multiple partition key columns, generation of pruning tests could misbehave if some columns had no constraining WHERE clauses or multiple constraining clauses. This could lead to server crashes, incorrect query results, or assertion failures.

  • Fix construction of parameterized BitmapAnd and BitmapOr index scans on the inside of partition-wise nestloop joins (Tom Lane)

    A plan in which such a scan needed to use a value from the outside of the join would usually crash at execution.

  • Fix incorrect plan execution when a partitioned table is subject to both static and run-time partition pruning in the same query, and a new partition is added concurrently with the query (Amit Langote, Tom Lane)

  • Fix firing of column-specific UPDATE triggers in logical replication subscribers (Tom Lane)

    The code neglected to account for the possibility of column numbers being different between the publisher and subscriber tables, so that if those were indeed different, wrong decisions might be made about which triggers to fire.

  • Update oldest xmin and LSN values during pg_replication_slot_advance() (Michael Paquier)

    This function previously failed to do that, possibly preventing resource cleanup (such as removal of no-longer-needed WAL segments) after manual advancement of a replication slot.

  • Fix pg_current_logfile() to not include a carriage return (\r) in its result on Windows (Tom Lane)

  • Ensure that pg_read_file() and related functions read until EOF is reached (Joe Conway)

    Previously, if not given a specific data length to read, these functions would stop at whatever file length was reported by stat(). That's unhelpful for pipes and other sorts of virtual files.

  • Forbid numeric NaN values in jsonpath computations (Alexander Korotkov)

    Neither SQL nor JSON have the concept of NaN (not-a-number), but the jsonpath code attempted to allow such values anyway. This necessarily leads to nonstandard behavior, so it seems better to reject such values at the outset.

  • Handle single Inf or NaN inputs correctly in floating-point aggregates (Tom Lane)

    The affected aggregates are corr(), covar_pop(), regr_intercept(), regr_r2(), regr_slope(), regr_sxx(), regr_sxy(), regr_syy(), stddev_pop(), and var_pop(). The correct answer in such cases is NaN, but an algorithmic change introduced in PostgreSQL v12 had caused these aggregates to produce zero instead.

  • Reject time-of-day values greater than 24 hours (Tom Lane)

    The intention of the datetime input code is to allow “24:00:00” or equivalently “23:59:60”, but no larger value. However, the range check was miscoded so that it would accept “23:59:60.nnn” with nonzero fractional-second nnn. In timestamp values this would result in wrapping into the first second of the next day. In time and timetz values, the stored value would actually be more than 24 hours, causing dump/reload failures and possibly other misbehavior.

  • Fix EXPLAIN's accounting for resource usage, particularly buffer accesses, in parallel workers in a plan using Gather Merge nodes (Jehan-Guillaume de Rorthais)

  • Fix REINDEX CONCURRENTLY to preserve the index's replication identity flag (Michael Paquier)

    Previously, reindexing a table's replica identity index caused the setting to be lost, preventing old tuple values from being included in future logical-decoding output.

  • Work around incorrect not-null markings for pg_subscription.subslotname and pg_subscription_rel.srsublsn (Tom Lane)

    The bootstrap catalog data incorrectly marks these two catalog columns as always non-null. There's no easy way to correct that mistake in existing installations (though v13 and later will have the correct markings). The main place that depends on that marking being correct is JIT-enabled tuple deconstruction, so teach it to explicitly ignore the marking for these two columns. Also adjust some C code that accessed srsublsn without checking to see if it's null; a crash from that is improbable but perhaps not impossible.

  • Use the query-specified collation for operators invoked during selectivity estimation (Tom Lane)

    Previously, the collation of the underlying database column was used. But using the query's collation is arguably more correct. More importantly, now that we have nondeterministic collations, there are cases where an operator will fail outright if given a nondeterministic collation. We don't want planning to fail in cases where the query itself would work, so this means that we must use the query's collation when invoking operators for estimation purposes.

  • Remove bogus warning about “leftover placeholder tuple” in BRIN index de-summarization (Álvaro Herrera)

    The case can occur legitimately after a cancelled vacuum, so warning about it is overly noisy.

  • Fix selection of tablespaces for “shared fileset” temporary files (Magnus Hagander, Tom Lane)

    If temp_tablespaces is empty or explicitly names the database's primary tablespace, such files got placed into the pg_default tablespace rather than the database's primary tablespace as expected.

  • Fix corner-case error in masking of SP-GiST index pages during WAL consistency checking (Alexander Korotkov)

    This could cause false failure reports when wal_consistency_checking is enabled.

  • Fix checkpointer process to discard file sync requests when fsync is off (Heikki Linnakangas)

    Such requests are treated as no-ops if fsync is off, but we forgot to remove them from the checkpointer's table of pending actions. This would lead to bloat of that table, as well as possible assertion failures if fsync is later re-enabled.

  • Avoid trouble during cleanup of a non-exclusive backup when JIT compilation has been activated during the backup (Robert Haas)

  • Fix assertion in logical replication subscriber to allow use of REPLICA IDENTITY FULL (Euler Taveira)

    This was just an incorrect assertion, so it has no impact on standard production builds.

  • Ensure that libpq continues to try to read from the database connection socket after a write failure (Tom Lane)

    This is important not only to ensure that we collect any final error message from a dying server process, but because we do not consider the connection lost until we see a read failure. This oversight allowed libpq to continue trying to send COPY data indefinitely after a mid-transfer loss of connection, rather than reporting failure to the application.

  • Fix bugs in libpq's management of GSS encryption state (Tom Lane)

    A connection using GSS encryption could freeze up when attempting to reset it after a server restart, or when moving on to the next one of a list of candidate servers.

  • Fix ecpg crash with bytea and cursor variables (Jehan-Guillaume de Rorthais)

  • Make pg_restore cope with data-offset-less custom-format archive files when it needs to restore data items out of order (David Gilman, Tom Lane)

    pg_dump will produce such files if it cannot seek its output (for example, if the output is piped to something). This fix primarily improves the ability to do a parallel restore from such a file.

  • Fix contrib/amcheck to not complain about deleted index pages that are empty (Alexander Korotkov)

    This state of affairs is normal during WAL replay.

• ⇑ Upgrade to 12.5 released on 2020-11-12 - docs

  • Ensure that ALTER TABLE ONLY ... ENABLE/DISABLE TRIGGER does not recurse to child tables (Álvaro Herrera)

    Previously the ONLY flag was ignored.

  • Avoid unnecessary recursion to partitions in ALTER TABLE SET NOT NULL, when the target column is already marked NOT NULL (Tom Lane)

    This avoids a potential deadlock in parallel pg_restore.

  • Disallow DROP INDEX CONCURRENTLY on a partitioned table (Álvaro Herrera, Michael Paquier)

    This case failed anyway, but with a confusing error message.

  • Allow LOCK TABLE to succeed on a self-referential view (Tom Lane)

    It previously threw an error complaining about infinite recursion, but there seems no need to disallow the case.

  • Retain statistics about an index across REINDEX CONCURRENTLY (Michael Paquier, Fabrízio de Royes Mello)

    Non-concurrent reindexing has always preserved such statistics.

  • Fix incorrect progress reporting from REINDEX CONCURRENTLY (Matthias van de Meent, Michael Paquier)

  • Ensure that GENERATED columns are updated when the column(s) they depend on are updated via a rule or an updatable view (Tom Lane)

    This fix also takes care of possible failure to fire a column-specific trigger in such cases.

  • Recheck default partition constraints while routing an inserted or updated tuple to the correct partition (Amit Langote, Álvaro Herrera)

    This fixes race conditions when partitions are added concurrently with the insertion.

  • Fix failures with collation-dependent partition bound expressions (Tom Lane)

  • Support hashing of text arrays (Peter Eisentraut)

    Array hashing failed if the array element type is collatable. Notably, this prevented using hash partitioning with a text array column as partition key.

  • Fix “cache lookup failed for relation 0” failures in logical replication workers (Tom Lane)

    The real-world impact is small, since the failure is unlikely, and if it does happen the worker would just exit and be restarted.

  • Prevent logical replication workers from sending redundant ping requests (Tom Lane)

  • Fix possible crash when considering partition-wise joins during GEQO planning (Tom Lane)

  • Fix failure of parallel B-tree index scans when the index condition is unsatisfiable (James Hunter)

  • Fix buffered GiST index builds to work when the index has included columns (Pavel Borisov)

  • Fix unportable use of getnameinfo() in pg_hba_file_rules view (Tom Lane)

    On FreeBSD 11, and possibly other platforms, the view's address and netmask columns were always null due to this error.

  • Avoid crash if debug_query_string is NULL when starting a parallel worker (Noah Misch)

  • Avoid failures when a BEFORE ROW UPDATE trigger returns the “old” row of a table having dropped or “missing” columns (Amit Langote, Tom Lane)

    This method of suppressing an update could result in crashes, unexpected CHECK constraint failures, or incorrect RETURNING output, because “missing” columns would read as NULLs for those purposes. (A column is “missing” for this purpose if it was added by ALTER TABLE ADD COLUMN with a non-NULL, but constant, default value.) Dropped columns could cause trouble as well.

  • Fix incorrect handling of template function attributes in JIT code generation (Andres Freund)

    This has been shown to cause crashes on s390x, and very possibly there are other cases on other platforms.

  • Fix edge-case memory leak in index_get_partition() (Justin Pryzby)

  • Fix memory leaks in PL/pgsql's CALL processing (Pavel Stehule, Tom Lane)

  • Ensure that parallel pg_restore processes foreign keys referencing partitioned tables in the correct order (Álvaro Herrera)

    Previously, it might try to restore a foreign key constraint before the required indexes were all in place, leading to an error.

  • Fix recently-added timetz test case so it works when the USA is not observing daylight savings time (Tom Lane)

• ⇑ Upgrade to 12.6 released on 2021-02-11 - docs

  • Fix information leakage in constraint-violation error messages (Heikki Linnakangas)

    If an UPDATE command attempts to move a row to a different partition but finds that it violates some constraint on the new partition, and the columns in that partition are in different physical positions than in the parent table, the error message could reveal the contents of columns that the user does not have SELECT privilege on. (CVE-2021-3393)

  • Fix incorrect detection of concurrent page splits while inserting into a GiST index (Heikki Linnakangas)

    Concurrent insertions could lead to a corrupt index with entries placed in the wrong pages. It's recommended to reindex any GiST index that's been subject to concurrent insertions.

  • Fix CREATE INDEX CONCURRENTLY to wait for concurrent prepared transactions (Andrey Borodin)

    At the point where CREATE INDEX CONCURRENTLY waits for all concurrent transactions to complete so that it can see rows they inserted, it must also wait for all prepared transactions to complete, for the same reason. Its failure to do so meant that rows inserted by prepared transactions might be omitted from the new index, causing queries relying on the index to miss such rows. In installations that have enabled prepared transactions (max_prepared_transactions > 0), it's recommended to reindex any concurrently-built indexes in case this problem occurred when they were built.

  • Avoid crash when a CALL or DO statement that performs a transaction rollback is executed via extended query protocol (Thomas Munro, Tom Lane)

    In PostgreSQL 13, this case reliably caused a null-pointer dereference. In earlier versions the bug seems to have no visible symptoms, but it's not quite clear that it could never cause a problem.

  • Fix partition pruning logic to handle asymmetric hash partition sets (Tom Lane)

    If a hash-partitioned table has unequally-sized partitions (that is, varying modulus values), or it lacks partitions for some remainder values, then the planner's pruning logic could mistakenly conclude that some partitions don't need to be scanned, leading to failure to find rows that the query should find.

  • Avoid incorrect results when WHERE CURRENT OF is applied to a cursor whose plan contains a MergeAppend node (Tom Lane)

    This case is unsupported (in general, a cursor using ORDER BY is not guaranteed to be simply updatable); but the code previously did not reject it, and could silently give false matches.

  • Fix crash when WHERE CURRENT OF is applied to a cursor whose plan contains a custom scan node (David Geier)

  • Fix planner's mishandling of placeholders whose evaluation should be delayed by an outer join (Tom Lane)

    This occurs in particular with trivial subqueries containing lateral references to outer-join outputs. The mistake could result in a malformed plan. The known cases trigger a “failed to assign all NestLoopParams to plan nodes” error, but other symptoms may be possible.

  • Fix planner's handling of placeholders during removal of useless RESULT RTEs (Tom Lane)

    This oversight could lead to “no relation entry for relid N” planner errors.

  • Fix planner's handling of a placeholder that is computed at some join level and used only at that same level (Tom Lane)

    This oversight could lead to “failed to build any N-way joins” planner errors.

  • Be more careful about whether index AMs support mark/restore (Andrew Gierth)

    This prevents errors about missing support functions in rare edge cases.

  • Adjust settings to make it more difficult to run out of DSM slots during heavy usage of parallel queries (Thomas Munro)

  • Fix overestimate of the amount of shared memory needed for parallel queries (Takayuki Tsunakawa)

  • Fix ALTER DEFAULT PRIVILEGES to handle duplicated arguments safely (Michael Paquier)

    Duplicate role or schema names within the same command could lead to “tuple already updated by self” errors or unique-constraint violations.

  • Flush ACL-related caches when pg_authid changes (Noah Misch)

    This change ensures that permissions-related decisions will promptly reflect the results of ALTER ROLE ... [NO] INHERIT.

  • Prevent misprocessing of ambiguous CREATE TABLE LIKE clauses (Tom Lane)

    A LIKE clause is re-examined after initial creation of the new table, to handle importation of indexes and such. It was possible for this re-examination to find a different table of the same name, causing unexpected behavior; one example is where the new table is a temporary table of the same name as the LIKE target.

  • Rearrange order of operations in CREATE TABLE LIKE so that indexes are cloned before building foreign key constraints (Tom Lane)

    This fixes the case where a self-referential foreign key constraint declared in the outer CREATE TABLE depends on an index that's coming from the LIKE clause.

  • Disallow CREATE STATISTICS on system catalogs (Tomas Vondra)

  • Disallow converting an inheritance child table to a view (Tom Lane)

  • Ensure that disk space allocated for a dropped relation is released promptly at commit (Thomas Munro)

    Previously, if the dropped relation spanned multiple 1GB segments, only the first segment was truncated immediately. Other segments were simply unlinked, which doesn't authorize the kernel to release the storage so long as any other backends still have the files open.

  • Prevent dropping a tablespace that is referenced by a partitioned relation, but is not used for any actual storage (Álvaro Herrera)

    Previously this was allowed, but subsequent operations on the partitioned relation would fail.

  • Fix progress reporting for CLUSTER (Matthias van de Meent)

  • Fix handling of backslash-escaped multibyte characters in COPY FROM (Heikki Linnakangas)

    A backslash followed by a multibyte character was not handled correctly. In some client character encodings, this could lead to misinterpreting part of a multibyte character as a field separator or end-of-copy-data marker.

  • Avoid preallocating executor hash tables in EXPLAIN without ANALYZE (Alexey Bashtanov)

  • Fix recently-introduced race conditions in LISTEN/NOTIFY queue handling (Tom Lane)

    A newly-listening backend could attempt to read SLRU pages that were in process of being truncated, possibly causing an error.

    The queue tail pointer could become set to a value that's not equal to the queue position of any backend, resulting in effective disabling of the queue truncation logic. Continued use of NOTIFY then led to queue-fill warnings, and eventually to inability to send any more notifies until the server is restarted.

  • Allow the jsonb concatenation operator to handle all combinations of JSON data types (Tom Lane)

    We can concatenate two JSON objects or two JSON arrays. Handle other cases by wrapping non-array inputs in one-element arrays, then performing an array concatenation. Previously, some combinations of inputs followed this rule but others arbitrarily threw an error.

  • Fix use of uninitialized value while parsing a * quantifier in a BRE-mode regular expression (Tom Lane)

    This error could cause the quantifier to act non-greedy, that is behave like a *? quantifier would do in full regular expressions.

  • Fix numeric power() for the case where the exponent is exactly INT_MIN (-2147483648) (Dean Rasheed)

    Previously, a result with no significant digits was produced.

  • Fix integer-overflow cases in substring() functions (Tom Lane, Pavel Stehule)

    If the specified starting index and length overflow an integer when added together, substring() misbehaved, either throwing a bogus “negative substring length” error for a case that should succeed, or failing to complain that a negative length is negative (and instead returning the whole string, in most cases).

  • Prevent possible data loss from incorrect detection of the wraparound point of an SLRU log (Noah Misch)

    The wraparound point typically falls in the middle of a page, which must be rounded off to a page boundary, and that was not done correctly. No issue could arise unless an installation had gotten to within one page of SLRU overflow, which is unlikely in a properly-functioning system. If this did happen, it would manifest in later “apparent wraparound” or “could not access status of transaction” errors.

  • Fix memory leak in walsender processes while sending new snapshots for logical decoding (Amit Kapila)

  • Fix walsender to accept additional commands after terminating replication (Jeff Davis)

  • Ensure detection of deadlocks between hot standby backends and the startup (WAL-application) process (Fujii Masao)

    The startup process did not run the deadlock detection code, so that in situations where the startup process is last to join a circular wait situation, the deadlock might never be recognized.

  • Fix possible failure to detect recovery conflicts while deleting an index entry that references a HOT chain (Peter Geoghegan)

    The code failed to traverse the HOT chain and might thus compute a too-old XID horizon, which could lead to incorrect conflict processing in hot standby. The practical impact of this bug is limited; in most cases the correct XID horizon would be found anyway from nearby operations.

  • Ensure that a nonempty value of krb_server_keyfile always overrides any setting of KRB5_KTNAME in the server's environment (Tom Lane)

    Previously, which setting took precedence depended on whether the client requests GSS encryption.

  • In server log messages about failing to match connections to pg_hba.conf entries, include details about whether GSS encryption has been activated (Kyotaro Horiguchi, Tom Lane)

    This is relevant data if hostgssenc or hostnogssenc entries exist.

  • Fix assorted issues in server's support for GSS encryption (Tom Lane)

    Remove pointless restriction that only GSS authentication can be used on a GSS-encrypted connection. Add GSS encryption information to connection-authorized log messages. Include GSS-related space when computing the required size of shared memory (this omission could have caused problems with very high max_connections settings). Avoid possible infinite recursion when reporting an unrecoverable GSS encryption error.

  • Ensure that unserviced requests for background workers are cleaned up when the postmaster begins a “smart” or “fast” shutdown sequence (Tom Lane)

    Previously, there was a race condition whereby a child process that had requested a background worker just before shutdown could wait indefinitely, preventing shutdown from completing.

  • Fix portability problem in parsing of recovery_target_xid values (Michael Paquier)

    The target XID is potentially 64 bits wide, but it was parsed with strtoul(), causing misbehavior on platforms where long is 32 bits (such as Windows).

  • Avoid trying to use parallel index build in a standalone backend (Yulin Pei)

  • Allow index AMs to support included columns without necessarily supporting multiple key columns (Tom Lane)

  • Avoid assertion failure during parallel aggregation of an aggregate with a non-strict deserialization function (Andrew Gierth)

    No such aggregate functions exist in core PostgreSQL, but some extensions such as PostGIS provide some. The mistake is harmless anyway in a non-assert build.

  • Avoid assertion failure in pg_get_functiondef() when examining a function with a TRANSFORM option (Tom Lane)

  • Fix data structure misallocation in PL/pgSQL's CALL statement (Tom Lane)

    A CALL in a PL/pgSQL procedure, to another procedure that has OUT parameters, would fail if the called procedure did a COMMIT or ROLLBACK.

  • In libpq, do not skip trying SSL after GSS encryption (Tom Lane)

    If we successfully made a GSS-encrypted connection, but then failed during authentication, we would fall back to an unencrypted connection rather than next trying an SSL-encrypted connection. This could lead to unexpected connection failure, or to silently getting an unencrypted connection where an encrypted one is expected. Fortunately, GSS encryption could only succeed if both client and server hold valid tickets in the same Kerberos infrastructure. It seems unlikely for that to be true in an environment that requires SSL encryption instead.

  • In psql, re-allow including a password in a connection_string argument of a \connect command (Tom Lane)

    This used to work, but a recent bug fix caused the password to be ignored (resulting in prompting for a password).

  • In psql's \d commands, don't truncate the display of column default values (Tom Lane)

    Formerly, they were arbitrarily truncated at 128 characters.

  • Fix assorted bugs in psql's \help command (Kyotaro Horiguchi, Tom Lane)

    \help with two argument words failed to find a command description using only the first word, for example \help reset all should show the help for RESET but did not. Also, \help often failed to invoke the pager when it should. It also leaked memory.

  • Fix pg_dump's dumping of inherited generated columns (Peter Eisentraut)

    The previous behavior resulted in (harmless) errors during restore.

  • In pg_dump, ensure that the restore script runs ALTER PUBLICATION ADD TABLE commands as the owner of the publication, and similarly runs ALTER INDEX ATTACH PARTITION commands as the owner of the partitioned index (Tom Lane)

    Previously, these commands would be run by the role that started the restore script; which will usually work, but in corner cases that role might not have adequate permissions.

  • Fix pg_dump to handle WITH GRANT OPTION in an extension's initial privileges (Noah Misch)

    If an extension's script creates an object and grants privileges on it with grant option, then later the user revokes such privileges, pg_dump would generate incorrect SQL for reproducing the situation. (Few if any extensions do this today.)

  • In pg_rewind, ensure that all WAL is accounted for when rewinding a standby server (Ian Barwick, Heikki Linnakangas)

  • In pgbench, disallow a digit as the first character of a variable name (Fabien Coelho)

    This prevents trying to substitute variables into timestamp literal values, which may contain strings like 12:34.

  • Report the correct database name in connection failure error messages from some client programs (Álvaro Herrera)

    If the database name was defaulted rather than given on the command line, pg_dumpall, pgbench, oid2name, and vacuumlo would produce misleading error messages after a connection failure.

  • Fix memory leak in contrib/auto_explain (Japin Li)

    Memory consumed while producing the EXPLAIN output was not freed until the end of the current transaction (for a top-level statement) or the end of the surrounding statement (for a nested statement). This was particularly a problem with log_nested_statements enabled.

  • In contrib/postgres_fdw, avoid leaking open connections to remote servers when a user mapping or foreign server object is dropped (Bharath Rupireddy)

    Open connections that depend on a dropped user mapping or foreign server can no longer be referenced, but formerly they were kept around anyway for the duration of the local session.

  • In contrib/pgcrypto, check for error returns from OpenSSL's EVP functions (Michael Paquier)

    We do not really expect errors here, but this change silences warnings from static analysis tools.

  • Make contrib/pg_prewarm more robust when the cluster is shut down before prewarming is complete (Tom Lane)

    Previously, autoprewarm would rewrite its status file with only the block numbers that it had managed to load so far, thus perhaps largely disabling the prewarm functionality in the next startup. Instead, suppress status file updates until the initial loading pass is complete.

  • In contrib/pg_trgm's GiST index support, avoid crash in the rare case that picksplit is called on exactly two index items (Andrew Gierth, Alexander Korotkov)

  • Fix miscalculation of timeouts in contrib/pg_prewarm and contrib/postgres_fdw (Alexey Kondratov, Tom Lane)

    The main loop in contrib/pg_prewarm's autoprewarm parent process underestimated its desired sleep time by a factor of 1000, causing it to consume much more CPU than intended. When waiting for a result from a remote server, contrib/postgres_fdw overestimated the desired timeout by a factor of 1000 (though this error had been mitigated by imposing a clamp to 60 seconds).

    Both of these errors stemmed from incorrectly converting seconds-and-microseconds to milliseconds. Introduce a new API TimestampDifferenceMilliseconds() to make it easier to get this right in the future.

  • Improve configure's heuristics for selecting PG_SYSROOT on macOS (Tom Lane)

    The new method is more likely to produce desirable results when Xcode is newer than the underlying operating system. Choosing a sysroot that does not match the OS version may result in nonfunctional executables.

  • While building on macOS, specify -isysroot in link steps as well as compile steps (James Hilliard)

    This likewise improves the results when Xcode is out of sync with the operating system.

  • Fix JIT compilation to be compatible with LLVM 11 and LLVM 12 (Andres Freund)

  • Fix potential mishandling of references to boolean variables in JIT expression compilation (Andres Freund)

    No field reports attributable to this have been seen, but it seems likely that it could cause problems on some architectures.

  • Fix compile failure with ICU 68 and later (Tom Lane)

  • Avoid memcpy() with a NULL source pointer and zero count during partitioned index creation (Álvaro Herrera)

    While such a call is not known to cause problems in itself, some compilers assume that the arguments of memcpy() are never NULL, which could result in incorrect optimization of nearby code.

  • Update time zone data files to tzdata release 2021a for DST law changes in Russia (Volgograd zone) and South Sudan, plus historical corrections for Australia, Bahamas, Belize, Bermuda, Ghana, Israel, Kenya, Nigeria, Palestine, Seychelles, and Vanuatu.

    Notably, the Australia/Currie zone has been corrected to the point where it is identical to Australia/Hobart.

• ⇑ Upgrade to 12.7 released on 2021-05-13 - docs

  • Prevent integer overflows in array subscripting calculations (Tom Lane)

    The array code previously did not complain about cases where an array's lower bound plus length overflows an integer. This resulted in later entries in the array becoming inaccessible (since their subscripts could not be written as integers), but more importantly it confused subsequent assignment operations. This could lead to memory overwrites, with ensuing crashes or unwanted data modifications. (CVE-2021-32027)

  • Fix mishandling of “junk” columns in INSERT ... ON CONFLICT ... UPDATE target lists (Tom Lane)

    If the UPDATE list contains any multi-column sub-selects (which give rise to junk columns in addition to the results proper), the UPDATE path would end up storing tuples that include the values of the extra junk columns. That's fairly harmless in the short run, but if new columns are added to the table then the values would become accessible, possibly leading to malfunctions if they don't match the datatypes of the added columns.

    In addition, in versions supporting cross-partition updates, a cross-partition update triggered by such a case had the reverse problem: the junk columns were removed from the target list, typically causing an immediate crash due to malfunction of the multi-column sub-select mechanism. (CVE-2021-32028)

  • Fix possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (Amit Langote, Etsuro Fujita)

    If an UPDATE for a partitioned table caused a row to be moved to another partition with a physically different row type (for example, one with a different set of dropped columns), computation of RETURNING results for that row could produce errors or wrong answers. No error is observed unless the UPDATE involves other tables being joined to the target table. (CVE-2021-32029)

  • Fix adjustment of constraint deferrability properties in partitioned tables (Álvaro Herrera)

    When applied to a foreign-key constraint of a partitioned table, ALTER TABLE ... ALTER CONSTRAINT failed to adjust the DEFERRABLE and/or INITIALLY DEFERRED markings of the constraints and triggers of leaf partitions. This led to unexpected behavior of such constraints. After updating to this version, any misbehaving partitioned tables can be fixed by executing a new ALTER command to set the desired properties.

    This change also disallows applying such an ALTER directly to the constraints of leaf partitions. The only supported case is for the whole partitioning hierarchy to have identical constraint properties, so such ALTERs must be applied at the partition root.

  • When attaching a child table with ALTER TABLE ... INHERIT, insist that any generated columns in the parent be generated the same way in the child (Peter Eisentraut)

  • Forbid marking an identity column as nullable (Vik Fearing)

    GENERATED ALWAYS AS IDENTITY implies NOT NULL, so don't allow it to be combined with an explicit NULL specification.

  • Allow ALTER ROLE/DATABASE ... SET to set the role, session_authorization, and temp_buffers parameters (Tom Lane)

    Previously, over-eager validity checks might reject these commands, even if the values would have worked when used later. This created a command ordering hazard for dump/reload and upgrade scenarios.

  • Ensure that REINDEX CONCURRENTLY preserves any statistics target that's been set for the index (Michael Paquier)

  • Fix COMMIT AND CHAIN to work correctly when the current transaction has live savepoints (Fujii Masao)

  • Fix bug with coercing the result of a COLLATE expression to a non-collatable type (Tom Lane)

    This led to a parse tree in which the COLLATE appears to be applied to a non-collatable value. While that normally has no real impact (since COLLATE has no effect at runtime), it was possible to construct views that would be rejected during dump/reload.

  • Fix use-after-free bug in saving tuples for AFTER triggers (Amit Langote)

    This could cause crashes in some situations.

  • Disallow calling window functions and procedures via the “fast path” wire protocol message (Tom Lane)

    Only plain functions are supported here. While trying to call an aggregate function failed already, calling a window function would crash, and calling a procedure would work only if the procedure did no transaction control.

  • Extend pg_identify_object_as_address() to support event triggers (Joel Jacobson)

  • Fix to_char()'s handling of Roman-numeral month format codes with negative intervals (Julien Rouhaud)

    Previously, such cases would usually cause a crash.

  • Check that the argument of pg_import_system_collations() is a valid schema OID (Tom Lane)

  • Fix use of uninitialized value while parsing an \{m,n\} quantifier in a BRE-mode regular expression (Tom Lane)

    This error could cause the quantifier to act non-greedy, that is behave like an {m,n}? quantifier would do in full regular expressions.

  • Don't ignore system columns when estimating the number of groups using extended statistics (Tomas Vondra)

    This led to strange estimates for queries such as SELECT ... GROUP BY a, b, ctid.

  • Avoid divide-by-zero when estimating selectivity of a regular expression with a very long fixed prefix (Tom Lane)

    This typically led to a NaN selectivity value, causing assertion failures or strange planner behavior.

  • Fix access-off-the-end-of-the-table error in BRIN index bitmap scans (Tomas Vondra)

    If the page range size used by a BRIN index isn't a power of two, there were corner cases in which a bitmap scan could try to fetch pages past the actual end of the table, leading to “could not open file” errors.

  • Avoid incorrect timeline change while recovering uncommitted two-phase transactions from WAL (Soumyadeep Chakraborty, Jimmy Yih, Kevin Yeap)

    This error could lead to subsequent WAL records being written under the wrong timeline ID, leading to consistency problems, or even complete failure to be able to restart the server, later on.

  • Ensure that locks are released while shutting down a standby server's startup process (Fujii Masao)

    When a standby server is shut down while still in recovery, some locks might be left held. This causes assertion failures in debug builds; it's unclear whether any serious consequence could occur in production builds.

  • Fix crash when a logical replication worker does ALTER SUBSCRIPTION REFRESH (Peter Smith)

    The core code won't do this, but a replica trigger could.

  • Ensure we default to wal_sync_method = fdatasync on recent FreeBSD (Thomas Munro)

    FreeBSD 13 supports open_datasync, which would normally become the default choice. However, it's unclear whether that is actually an improvement for Postgres, so preserve the existing default for now.

  • Pass the correct trigger OID to object post-alter hooks during ALTER CONSTRAINT (Álvaro Herrera)

    When updating trigger properties during ALTER CONSTRAINT, the post-alter hook was told that we are updating a trigger, but the constraint's OID was passed instead of the trigger's.

  • Ensure we finish cleaning up when interrupted while detaching a DSM segment (Thomas Munro)

    This error could result in temporary files not being cleaned up promptly after a parallel query.

  • Fix memory leak while initializing server's SSL parameters (Michael Paquier)

    This is ordinarily insignificant, but if the postmaster is repeatedly sent SIGHUP signals, the leak can build up over time.

  • Fix assorted minor memory leaks in the server (Tom Lane, Andres Freund)

  • Fix failure when a PL/pgSQL DO block makes use of both composite-type variables and transaction control (Tom Lane)

    Previously, such cases led to errors about leaked tuple descriptors.

  • Prevent infinite loop in libpq if a ParameterDescription message with a corrupt length is received (Tom Lane)

  • When initdb prints instructions about how to start the server, make the path shown for pg_ctl use backslash separators on Windows (Nitin Jadhav)

  • Fix psql to restore the previous behavior of \connect service=something (Tom Lane)

    A previous bug fix caused environment variables (such as PGPORT) to override entries in the service file in this context. Restore the previous behavior, in which the priority is the other way around.

  • Fix psql's ON_ERROR_ROLLBACK feature to handle COMMIT AND CHAIN commands correctly (Arthur Nascimento)

    Previously, this case failed with “savepoint "pg_psql_temporary_savepoint" does not exist”.

  • Fix race condition in detection of file modification by psql's \e and related commands (Laurenz Albe)

    A very fast typist could fool the code's file-timestamp-based detection of whether the temporary edit file was changed.

  • Fix pg_dump's dumping of generated columns in partitioned tables (Peter Eisentraut)

    A fix introduced in the previous minor release should not be applied to partitioned tables, only traditionally-inherited tables.

  • Fix missed file version check in pg_restore (Tom Lane)

    When reading a custom-format archive from a non-seekable source, pg_restore neglected to check the archive version. If it was fed a newer archive version than it can support, it would fail messily later on.

  • Add some more checks to pg_upgrade for user tables containing non-upgradable data types (Tom Lane)

    Fix detection of some cases where a non-upgradable data type is embedded within a container type (such as an array or range). Also disallow upgrading when user tables contain columns of system-defined composite types, since those types' OIDs are not stable across versions.

  • Fix incorrect progress-reporting calculation in pg_checksums (Shinya Kato)

  • Fix pg_waldump to count XACT records correctly when generating per-record statistics (Kyotaro Horiguchi)

  • Fix contrib/amcheck to not complain about the tuple flags HEAP_XMAX_LOCK_ONLY and HEAP_KEYS_UPDATED both being set (Julien Rouhaud)

    This is a valid state after SELECT FOR UPDATE.

  • Adjust VPATH build rules to support recent Oracle Developer Studio compiler versions (Noah Misch)

  • Fix testing of PL/Python for Python 3 on Solaris (Noah Misch)

• source repo
• author info
• meta-info