diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2022-05-09 14:29:53 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2022-05-09 14:29:53 -0400 |
| commit | 0ae1d09575bbadd2e7a9ada5721a88c8ee0b6be3 (patch) | |
| tree | 8178c958c10ea461f0736e40e7b635a5938b6fa8 | |
| parent | ab2f783921734a96aa1baf4f3ea165292b62aecf (diff) | |
| download | postgresql-0ae1d09575bbadd2e7a9ada5721a88c8ee0b6be3.tar.gz postgresql-0ae1d09575bbadd2e7a9ada5721a88c8ee0b6be3.zip | |
Last-minute updates for release notes.
Security: CVE-2022-1552
| -rw-r--r-- | doc/src/sgml/release-14.sgml | 83 |
1 files changed, 60 insertions, 23 deletions
diff --git a/doc/src/sgml/release-14.sgml b/doc/src/sgml/release-14.sgml index c5010b768ff..28341326c54 100644 --- a/doc/src/sgml/release-14.sgml +++ b/doc/src/sgml/release-14.sgml @@ -26,7 +26,7 @@ However, if you have any GiST indexes on columns of type <type>ltree</type> (supplied by the <filename>contrib/ltree</filename> extension), you should re-index them after updating. - See the first changelog entry below. + See the second changelog entry below. </para> <para> @@ -42,6 +42,49 @@ <listitem> <!-- +Author: Noah Misch <noah@leadboat.com> +Branch: master [a117cebd6] 2022-05-09 08:35:08 -0700 +Branch: REL_14_STABLE [ab49ce7c3] 2022-05-09 08:35:12 -0700 +Branch: REL_13_STABLE [35edcc0ce] 2022-05-09 08:35:12 -0700 +Branch: REL_12_STABLE [7f098f7b5] 2022-05-09 08:35:12 -0700 +Branch: REL_11_STABLE [48ca2904c] 2022-05-09 08:35:13 -0700 +Branch: REL_10_STABLE [ef792f785] 2022-05-09 08:35:13 -0700 +Author: Noah Misch <noah@leadboat.com> +Branch: master [0abc1a059] 2022-05-09 08:35:08 -0700 +Branch: REL_14_STABLE [677a49478] 2022-05-09 08:35:12 -0700 +Branch: REL_13_STABLE [88743d581] 2022-05-09 08:35:12 -0700 +Branch: REL_12_STABLE [880511cb0] 2022-05-09 08:35:12 -0700 +Branch: REL_11_STABLE [34ff15660] 2022-05-09 08:35:13 -0700 +Branch: REL_10_STABLE [f26d57028] 2022-05-09 08:35:13 -0700 +--> + <para> + Confine additional operations within <quote>security restricted + operation</quote> sandboxes (Sergey Shinderuk, Noah Misch) + </para> + + <para> + Autovacuum, <command>CLUSTER</command>, <command>CREATE + INDEX</command>, <command>REINDEX</command>, <command>REFRESH + MATERIALIZED VIEW</command>, + and <application>pg_amcheck</application> activated + the <quote>security restricted operation</quote> protection + mechanism too late, or even not at all in some code paths. + A user having permission to create non-temporary objects within a + database could define an object that would execute arbitrary SQL + code with superuser permissions the next time that autovacuum + processed the object, or that some superuser ran one of the affected + commands against it. + </para> + + <para> + The <productname>PostgreSQL</productname> Project thanks + Alexander Lakhin for reporting this problem. + (CVE-2022-1552) + </para> + </listitem> + + <listitem> +<!-- Author: Alexander Korotkov <akorotkov@postgresql.org> Branch: master [7e74aafc4] 2022-03-16 11:41:18 +0300 Branch: REL_14_STABLE [7d30f59da] 2022-03-16 11:41:30 +0300 @@ -128,28 +171,6 @@ Branch: REL_14_STABLE [7a8d8219c] 2022-04-19 21:03:27 +0200 <listitem> <!-- -Author: Tom Lane <tgl@sss.pgh.pa.us> -Branch: master [eafdf9de0] 2022-04-20 18:08:23 -0400 -Branch: REL_14_STABLE [e34632947] 2022-04-20 18:08:24 -0400 -Branch: REL_13_STABLE [8275ba773] 2022-04-20 18:08:15 -0400 -Branch: REL_12_STABLE [33fe55c06] 2022-04-20 18:08:15 -0400 -Branch: REL_11_STABLE [e7adbd282] 2022-04-20 18:08:15 -0400 -Branch: REL_10_STABLE [a1e4782a0] 2022-04-20 18:08:15 -0400 ---> - <para> - Disallow infinite endpoints in the timestamp variants - of <function>generate_series()</function> (Tom Lane) - </para> - - <para> - Previously, such a call would run until canceled (or - out-of-disk-space). The numeric variant already threw an error for - an infinite endpoint value, so do likewise for timestamps. - </para> - </listitem> - - <listitem> -<!-- Author: Andres Freund <andres@anarazel.de> Branch: master [43a7dc96e] 2022-03-27 21:46:23 -0700 Branch: REL_14_STABLE [c1a0d7d1c] 2022-03-27 21:44:39 -0700 @@ -189,6 +210,22 @@ Branch: REL_10_STABLE [e6fd4a3da] 2022-03-18 16:01:42 -0400 <listitem> <!-- +Author: Tom Lane <tgl@sss.pgh.pa.us> +Branch: master [fe20afaee] 2022-05-09 14:15:37 -0400 +Branch: REL_14_STABLE [ab2f78392] 2022-05-09 14:15:37 -0400 +Branch: REL_13_STABLE [91a3a74c6] 2022-05-09 14:15:37 -0400 +Branch: REL_12_STABLE [90e52884e] 2022-05-09 14:15:37 -0400 +Branch: REL_11_STABLE [539f8c563] 2022-05-09 14:15:37 -0400 +Branch: REL_10_STABLE [4eabaffca] 2022-05-09 14:15:37 -0400 +--> + <para> + Avoid core dump in parser for a <literal>VALUES</literal> clause with + zero columns (Tom Lane) + </para> + </listitem> + + <listitem> +<!-- Author: Etsuro Fujita <efujita@postgresql.org> Branch: master [5c854e7a2] 2022-04-28 15:15:00 +0900 Branch: REL_14_STABLE [ebb790241] 2022-04-28 15:15:02 +0900 |