diff options
| -rw-r--r-- | doc/src/sgml/release-16.sgml | 181 |
1 files changed, 180 insertions, 1 deletions
diff --git a/doc/src/sgml/release-16.sgml b/doc/src/sgml/release-16.sgml index c6d90bb2afc..90a3464fc92 100644 --- a/doc/src/sgml/release-16.sgml +++ b/doc/src/sgml/release-16.sgml @@ -26,7 +26,7 @@ However, if you have ever detached a partition from a partitioned table that has a foreign-key reference to another partitioned table, and not dropped the former partition, then you may have catalog and/or - data corruption to repair, as detailed in the first changelog entry + data corruption to repair, as detailed in the fifth changelog entry below. </para> @@ -43,6 +43,185 @@ <listitem> <!-- +Author: Nathan Bossart <nathan@postgresql.org> +Branch: master [cd7ab5753] 2024-11-11 09:00:00 -0600 +Branch: REL_17_STABLE [edcda9bb4] 2024-11-11 09:00:00 -0600 +Branch: REL_16_STABLE [562289460] 2024-11-11 09:00:00 -0600 +Branch: REL_15_STABLE [6db5ea8de] 2024-11-11 09:00:00 -0600 +Branch: REL_14_STABLE [4e51030af] 2024-11-11 09:00:00 -0600 +Branch: REL_13_STABLE [952ff31e2] 2024-11-11 09:00:00 -0600 +Branch: REL_12_STABLE [448525e8a] 2024-11-11 09:00:00 -0600 +--> + <para> + Ensure cached plans are marked as dependent on the calling role when + RLS applies to a non-top-level table reference (Nathan Bossart) + <ulink url="&commit_baseurl;562289460">§</ulink> + </para> + + <para> + If a CTE, subquery, sublink, security invoker view, or coercion + projection in a query references a table with row-level security + policies, we neglected to mark the resulting plan as potentially + dependent on which role is executing it. This could lead to later + query executions in the same session using the wrong plan, and then + returning or hiding rows that should have been hidden or returned + instead. + </para> + + <para> + The <productname>PostgreSQL</productname> Project thanks + Wolfgang Walther for reporting this problem. + (CVE-2024-10976) + </para> + </listitem> + + <listitem> +<!-- +Author: Michael Paquier <michael@paquier.xyz> +Branch: master [bf8835ea9] 2024-11-11 10:19:52 +0900 +Branch: REL_17_STABLE [a5cc4c667] 2024-11-11 10:19:56 +0900 +Branch: REL_16_STABLE [67d28bd02] 2024-11-11 10:19:58 +0900 +Branch: REL_15_STABLE [d2c3e31c1] 2024-11-11 10:19:59 +0900 +Branch: REL_14_STABLE [e6c945476] 2024-11-11 10:20:01 +0900 +Branch: REL_13_STABLE [7b49707b7] 2024-11-11 10:20:02 +0900 +Branch: REL_12_STABLE [2a951ef0a] 2024-11-11 10:20:03 +0900 +--> + <para> + Make <application>libpq</application> discard error messages + received during SSL or GSS protocol negotiation (Jacob Champion) + <ulink url="&commit_baseurl;67d28bd02">§</ulink> + </para> + + <para> + An error message received before encryption negotiation is completed + might have been injected by a man-in-the-middle, rather than being + real server output. Reporting it opens the door to various security + hazards; for example, the message might spoof a query result that a + careless user could mistake for correct output. The best answer + seems to be to discard such data and rely only + on <application>libpq</application>'s own report of the connection + failure. + </para> + + <para> + The <productname>PostgreSQL</productname> Project thanks + Jacob Champion for reporting this problem. + (CVE-2024-10977) + </para> + </listitem> + + <listitem> +<!-- +Author: Tom Lane <tgl@sss.pgh.pa.us> +Branch: master [5a2fed911] 2024-11-11 10:29:54 -0500 +Branch: REL_17_STABLE [cd82afdda] 2024-11-11 10:29:54 -0500 +Branch: REL_16_STABLE [ae340d031] 2024-11-11 10:29:54 -0500 +Branch: REL_15_STABLE [a5d2e6205] 2024-11-11 10:29:54 -0500 +Branch: REL_14_STABLE [2a68808e2] 2024-11-11 10:29:54 -0500 +Branch: REL_13_STABLE [76123ded6] 2024-11-11 10:29:54 -0500 +Branch: REL_12_STABLE [4c9d96f74] 2024-11-11 10:29:54 -0500 +Branch: master [73c9f91a1] 2024-11-11 17:05:53 -0500 +Branch: REL_17_STABLE [f4f5d27d8] 2024-11-11 17:05:53 -0500 +Branch: REL_16_STABLE [95f5a5237] 2024-11-11 17:05:53 -0500 +Branch: REL_15_STABLE [109a32380] 2024-11-11 17:05:53 -0500 +Branch: REL_14_STABLE [00b94e8e2] 2024-11-11 17:05:53 -0500 +Branch: REL_13_STABLE [dc7378793] 2024-11-11 17:05:53 -0500 +Branch: REL_12_STABLE [0edad8654] 2024-11-11 17:05:53 -0500 +--> + <para> + Fix unintended interactions between <command>SET SESSION + AUTHORIZATION</command> and <command>SET ROLE</command> (Tom Lane) + <ulink url="&commit_baseurl;ae340d031">§</ulink> + <ulink url="&commit_baseurl;95f5a5237">§</ulink> + </para> + + <para> + The SQL standard mandates that <command>SET SESSION + AUTHORIZATION</command> have a side-effect of doing <command>SET + ROLE NONE</command>. Our implementation of that was flawed, + creating more interaction between the two settings than intended. + Notably, rolling back a transaction that had done <command>SET + SESSION AUTHORIZATION</command> would revert <literal>ROLE</literal> + to <literal>NONE</literal> even if that had not been the previous + state, so that the effective user ID might now be different from + what it had been before the transaction. Transiently + setting <varname>session_authorization</varname> in a + function <literal>SET</literal> clause had a similar effect. + A related bug was that if a parallel worker + inspected <literal>current_setting('role')</literal>, it + saw <literal>none</literal> even when it should see something else. + </para> + + <para> + The <productname>PostgreSQL</productname> Project thanks + Tom Lane for reporting this problem. + (CVE-2024-10978) + </para> + </listitem> + + <listitem> +<!-- +Author: Noah Misch <noah@leadboat.com> +Branch: master [b7e3a52a8] 2024-11-11 06:23:43 -0800 +Branch: REL_17_STABLE [3ebcfa54d] 2024-11-11 06:23:46 -0800 +Branch: REL_16_STABLE [8fe3e697a] 2024-11-11 06:23:47 -0800 +Branch: REL_15_STABLE [e530835c6] 2024-11-11 06:23:47 -0800 +Branch: REL_14_STABLE [d15ec27c9] 2024-11-11 06:23:47 -0800 +Branch: REL_13_STABLE [e428cd058] 2024-11-11 06:23:48 -0800 +Branch: REL_12_STABLE [2ab12d860] 2024-11-11 06:23:48 -0800 +Author: Tom Lane <tgl@sss.pgh.pa.us> +Branch: REL_14_STABLE [f89bd92c9] 2024-11-11 10:42:32 -0500 +Branch: REL_13_STABLE [6bccd7b03] 2024-11-11 10:42:32 -0500 +Branch: REL_12_STABLE [b1e58defb] 2024-11-11 10:42:32 -0500 +Branch: master [a34c33fd2] 2024-11-11 12:20:08 -0500 +Branch: REL_17_STABLE [4cd4f3b97] 2024-11-11 12:20:08 -0500 +Branch: REL_16_STABLE [88269df4d] 2024-11-11 12:20:08 -0500 +Branch: REL_16_STABLE [168579e23] 2024-11-11 12:27:06 -0500 +Author: Noah Misch <noah@leadboat.com> +Branch: REL_16_STABLE [c335264c9] 2024-11-11 10:55:18 -0800 +Branch: REL_15_STABLE [16ed4f4d0] 2024-11-11 10:56:05 -0800 +Branch: REL_14_STABLE [c1fff7b1b] 2024-11-11 10:56:09 -0800 +Branch: REL_13_STABLE [9f97c31c2] 2024-11-11 10:56:12 -0800 +Branch: REL_12_STABLE [1e457468f] 2024-11-11 10:56:14 -0800 +Author: Tom Lane <tgl@sss.pgh.pa.us> +Branch: master [c4252c9ef] 2024-11-11 13:57:21 -0500 +Branch: REL_17_STABLE [8d19f3fea] 2024-11-11 13:57:21 -0500 +Branch: REL_16_STABLE [64df88700] 2024-11-11 13:57:40 -0500 +Branch: REL_15_STABLE [c834b375a] 2024-11-11 13:57:41 -0500 +Branch: REL_14_STABLE [256e34653] 2024-11-11 13:57:41 -0500 +Branch: REL_13_STABLE [0bd9560d9] 2024-11-11 13:57:41 -0500 +Branch: REL_12_STABLE [9fc1c3a02] 2024-11-11 13:57:41 -0500 +--> + <para> + Prevent trusted PL/Perl code from changing environment variables + (Andrew Dunstan, Noah Misch) + <ulink url="&commit_baseurl;8fe3e697a">§</ulink> + <ulink url="&commit_baseurl;88269df4d">§</ulink> + <ulink url="&commit_baseurl;168579e23">§</ulink> + <ulink url="&commit_baseurl;c335264c9">§</ulink> + <ulink url="&commit_baseurl;64df88700">§</ulink> + </para> + + <para> + The ability to manipulate process environment variables such + as <literal>PATH</literal> gives an attacker opportunities to + execute arbitrary code. Therefore, <quote>trusted</quote> PLs must + not offer the ability to do that. To fix <literal>plperl</literal>, + replace <varname>%ENV</varname> with a tied hash that rejects any + modification attempt with a warning. + Untrusted <literal>plperlu</literal> retains the ability to change + the environment. + </para> + + <para> + The <productname>PostgreSQL</productname> Project thanks + Coby Abrams for reporting this problem. + (CVE-2024-10979) + </para> + </listitem> + + <listitem> +<!-- Author: Álvaro Herrera <alvherre@alvh.no-ip.org> Branch: master [53af9491a] 2024-10-22 16:01:18 +0200 Branch: REL_17_STABLE [5914a22f6] 2024-10-22 16:01:18 +0200 |