diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2020-02-10 12:51:07 -0500 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2020-02-10 12:51:07 -0500 |
| commit | f1a336887e1cc754b4985c82827aa70f847980ba (patch) | |
| tree | 41c4a64fb67b2185591e07f93cfb479b136ab800 | |
| parent | ca902add69291b50fe4fc0d7c2bb57b6da13b3db (diff) | |
| download | postgresql-f1a336887e1cc754b4985c82827aa70f847980ba.tar.gz postgresql-f1a336887e1cc754b4985c82827aa70f847980ba.zip | |
Last-minute updates for release notes.
Security: CVE-2020-1720
| -rw-r--r-- | doc/src/sgml/release-11.sgml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/doc/src/sgml/release-11.sgml b/doc/src/sgml/release-11.sgml index e91a4b922c8..aa78b396c5c 100644 --- a/doc/src/sgml/release-11.sgml +++ b/doc/src/sgml/release-11.sgml @@ -36,6 +36,30 @@ <listitem> <!-- Author: Alvaro Herrera <alvherre@alvh.no-ip.org> +Branch: master [b048f558d] 2020-02-10 11:47:09 -0300 +Branch: REL_12_STABLE [2ad125322] 2020-02-10 11:47:09 -0300 +Branch: REL_11_STABLE [bdd19e48a] 2020-02-10 11:47:09 -0300 +Branch: REL_10_STABLE [ac1a998ed] 2020-02-10 11:47:09 -0300 +Branch: REL9_6_STABLE [e8b8eb937] 2020-02-10 12:06:25 -0300 +--> + <para> + Add missing permissions checks for <command>ALTER ... DEPENDS ON + EXTENSION</command> (Álvaro Herrera) + </para> + + <para> + Marking an object as dependent on an extension did not have any + privilege check whatsoever. This oversight allowed any user to mark + routines, triggers, materialized views, or indexes as droppable by + anyone able to drop an extension. Require that the calling user own + the specified object (and hence have privilege to drop it). + (CVE-2020-1720) + </para> + </listitem> + + <listitem> +<!-- +Author: Alvaro Herrera <alvherre@alvh.no-ip.org> Branch: master [1fa846f1c] 2020-01-02 17:04:24 -0300 Branch: REL_12_STABLE [d73214839] 2020-01-02 17:04:24 -0300 Branch: REL_11_STABLE [adc9cb6f2] 2020-01-02 17:04:24 -0300 @@ -925,6 +949,24 @@ Branch: REL9_4_STABLE [56c06999d] 2019-11-13 11:35:37 -0500 <listitem> <!-- +Author: Alvaro Herrera <alvherre@alvh.no-ip.org> +Branch: master [8fa8e0115] 2020-02-10 12:14:58 -0300 +Branch: REL_12_STABLE [87d014da9] 2020-02-10 12:14:58 -0300 +Branch: REL_11_STABLE [ca902add6] 2020-02-10 12:14:58 -0300 +Branch: REL_10_STABLE [163161723] 2020-02-10 12:14:58 -0300 +Branch: REL9_6_STABLE [5575fc208] 2020-02-10 12:14:58 -0300 +Branch: REL9_5_STABLE [1b2ae4bcd] 2020-02-10 12:16:40 -0300 +Branch: REL9_4_STABLE [6f1e443a6] 2020-02-10 12:14:58 -0300 +--> + <para> + Apply more thorough syntax checking + to <application>createuser</application>'s + <option>--connection-limit</option> option (Álvaro Herrera) + </para> + </listitem> + + <listitem> +<!-- Author: Tom Lane <tgl@sss.pgh.pa.us> Branch: master [4ba4bfaf2] 2019-12-26 15:19:39 -0500 Branch: REL_12_STABLE [883c27a1c] 2019-12-26 15:19:39 -0500 |