Release 13.3Release date:2021-05-13
This release contains a variety of fixes from 13.2.
For information about new features in major release 13, see
.
Migration to Version 13.3
A dump/restore is not required for those running 13.X.
However, if you are upgrading from a version earlier than 13.2,
see .
Changes
Prevent integer overflows in array subscripting calculations
(Tom Lane)
The array code previously did not complain about cases where an
array's lower bound plus length overflows an integer. This resulted
in later entries in the array becoming inaccessible (since their
subscripts could not be written as integers), but more importantly
it confused subsequent assignment operations. This could lead to
memory overwrites, with ensuing crashes or unwanted data
modifications.
(CVE-2021-32027)
Fix mishandling of junk columns in INSERT
... ON CONFLICT ... UPDATE target lists (Tom Lane)
If the UPDATE list contains any multi-column
sub-selects (which give rise to junk columns in addition to the
results proper), the UPDATE path would end up
storing tuples that include the values of the extra junk columns.
That's fairly harmless in the short run, but if new columns are
added to the table then the values would become accessible, possibly
leading to malfunctions if they don't match the datatypes of the
added columns.
In addition, in versions supporting cross-partition updates,
a cross-partition update triggered by such a case had the reverse
problem: the junk columns were removed from the target list,
typically causing an immediate crash due to malfunction of the
multi-column sub-select mechanism.
(CVE-2021-32028)
Fix possibly-incorrect computation of UPDATE
... RETURNING outputs for joined cross-partition updates
(Amit Langote, Etsuro Fujita)
If an UPDATE for a partitioned table caused a row
to be moved to another partition with a physically different row
type (for example, one with a different set of dropped columns),
computation of RETURNING results for that row
could produce errors or wrong answers. No error is observed unless
the UPDATE involves other tables being joined to
the target table.
(CVE-2021-32029)
Fix adjustment of constraint deferrability properties in
partitioned tables (Álvaro Herrera)
When applied to a foreign-key constraint of a partitioned table,
ALTER TABLE ... ALTER CONSTRAINT failed to
adjust the DEFERRABLE and/or
INITIALLY DEFERRED markings of the constraints
and triggers of leaf partitions. This led to unexpected behavior of
such constraints. After updating to this version, any misbehaving
partitioned tables can be fixed by executing a
new ALTER command to set the desired properties.
This change also disallows applying such an ALTER
directly to the constraints of leaf partitions. The only supported
case is for the whole partitioning hierarchy to have identical
constraint properties, so such ALTERs must be
applied at the partition root.
When attaching a child table with ALTER TABLE
... INHERIT, insist that any generated columns in the
parent be generated the same way in the child (Peter Eisentraut)
Forbid marking an identity column as nullable (Vik Fearing)
GENERATED ... AS IDENTITY implies NOT
NULL, so don't allow it to be combined with an
explicit NULL specification.
Allow ALTER ROLE/DATABASE ... SET to set
the role, session_authorization,
and temp_buffers parameters (Tom Lane)
Previously, over-eager validity checks might reject these commands,
even if the values would have worked when used later. This created
a command ordering hazard for dump/reload and upgrade scenarios.
Ensure that REINDEX CONCURRENTLY preserves any
statistics target that's been set for the index (Michael Paquier)
Fix COMMIT AND CHAIN to work correctly when the
current transaction has live savepoints (Fujii Masao)
Fix list-manipulation bug in WITH RECURSIVE
processing (Michael Paquier, Tom Lane)
Sufficiently deep nesting of WITH constructs
(at least seven levels) triggered core dumps or incorrect complaints
of faulty WITH nesting.
Fix bug with coercing the result of a COLLATE
expression to a non-collatable type (Tom Lane)
This led to a parse tree in which the COLLATE
appears to be applied to a non-collatable value. While that
normally has no real impact (since COLLATE has no
effect at runtime), it was possible to construct views that would be
rejected during dump/reload.
Fix use-after-free bug in saving tuples for AFTER
triggers (Amit Langote)
This could cause crashes in some situations.
Disallow calling window functions and procedures via
the fast path wire protocol message (Tom Lane)
Only plain functions are supported here. While trying to call
an aggregate function failed already, calling a window function
would crash, and calling a procedure would work only if the
procedure did no transaction control.
Extend pg_identify_object_as_address()
to support event triggers (Joel Jacobson)
Fix to_char()'s handling of Roman-numeral month
format codes with negative intervals (Julien Rouhaud)
Previously, such cases would usually cause a crash.
Check that the argument
of pg_import_system_collations() is a valid
schema OID (Tom Lane)
Fix use of uninitialized value while parsing an
\{m,n\}
quantifier in a BRE-mode regular expression (Tom Lane)
This error could cause the quantifier to act non-greedy, that is
behave like an
{m,n}?
quantifier would do in full regular expressions.
Fix could not find pathkey item to sort planner
errors in some situations where the sort key involves an aggregate
or window function (James Coleman, Tom Lane)
Don't ignore system columns when estimating the number of groups
using extended statistics (Tomas Vondra)
This led to strange estimates for queries such as SELECT
... GROUP BY a, b, ctid.
Avoid divide-by-zero when estimating selectivity of a regular
expression with a very long fixed prefix (Tom Lane)
This typically led to a NaN selectivity value,
causing assertion failures or strange planner behavior.
Fix access-off-the-end-of-the-table error in BRIN index bitmap scans
(Tomas Vondra)
If the page range size used by a BRIN index isn't a power of two,
there were corner cases in which a bitmap scan could try to fetch
pages past the actual end of the table, leading to could not
open file errors.
Fix potentially wrong answers from GIN tsvector index
searches, when there are many matching tuples (Tom Lane)
If the number of index matches became large enough to make the
bitmap holding them become lossy (a threshold that depends
on work_mem), the code could get confused about
whether rechecks are required, allowing rows to be returned that
don't actually match the query.
Fix concurrency issues with WAL segment recycling on Windows
(Michael Paquier)
This reverts a change that caused intermittent could not
rename file ...: Permission denied log messages. While
there were not serious consequences, the log spam was annoying.
Avoid incorrect timeline change while recovering uncommitted
two-phase transactions from WAL (Soumyadeep Chakraborty, Jimmy Yih,
Kevin Yeap)
This error could lead to subsequent WAL records being written under
the wrong timeline ID, leading to consistency problems, or even
complete failure to be able to restart the server, later on.
Ensure that locks are released while shutting down a standby
server's startup process (Fujii Masao)
When a standby server is shut down while still in recovery, some
locks might be left held. This causes assertion failures in debug
builds; it's unclear whether any serious consequence could occur
in production builds.
Fix crash when a logical replication worker does ALTER
SUBSCRIPTION REFRESH (Peter Smith)
The core code won't do this, but a replica trigger could.
Ensure we default to wal_sync_method
= fdatasync on recent FreeBSD (Thomas Munro)
FreeBSD 13 supports open_datasync, which would
normally become the default choice. However, it's unclear whether
that is actually an improvement for Postgres, so preserve the
existing default for now.
Disable the vacuum_cleanup_index_scale_factor
parameter and storage option (Peter Geoghegan)
The notion of tracking stale index statistics proved
to interact badly with
the autovacuum_vacuum_insert_threshold parameter,
resulting in unnecessary full-index scans and consequent degradation
of autovacuum performance. The latter mechanism seems superior, so
remove the stale-statistics logic. The control parameter for that,
vacuum_cleanup_index_scale_factor, will be
removed entirely in v14. In v13, it remains present to avoid
breaking existing configuration files, but it no longer does
anything.
Pass the correct trigger OID to object post-alter hooks
during ALTER CONSTRAINT (Álvaro Herrera)
When updating trigger properties during ALTER
CONSTRAINT, the post-alter hook was told that we are
updating a trigger, but the constraint's OID was passed instead of
the trigger's.
Ensure we finish cleaning up when interrupted while detaching a DSM
segment (Thomas Munro)
This error could result in temporary files not being cleaned up
promptly after a parallel query.
Fix assorted minor memory leaks in the server (Tom Lane, Andres Freund)
Fix uninitialized variable in walreceiver's statistics in shared
memory (Fujii Masao)
This error was harmless on most platforms, but could cause issues
on platforms lacking atomic variables and/or spinlock support.
Reduce the overhead of dtrace probes for LWLock operations, when
dtrace support is compiled in but not active (Peter Eisentraut)
Fix failure when a PL/pgSQL DO block makes use of
both composite-type variables and transaction control (Tom Lane)
Previously, such cases led to errors about leaked tuple descriptors.
Prevent infinite loop in libpq
if a ParameterDescription message with a corrupt length is received
(Tom Lane)
When initdb prints instructions about how
to start the server, make the path shown
for pg_ctl use backslash separators on
Windows (Nitin Jadhav)
Fix psql to restore the previous behavior
of \connect
service=something (Tom Lane)
A previous bug fix caused environment variables (such
as PGPORT) to override entries in the service
file in this context. Restore the previous behavior, in which the
priority is the other way around.
Fix psql's ON_ERROR_ROLLBACK
feature to handle COMMIT AND CHAIN commands
correctly (Arthur Nascimento)
Previously, this case failed with savepoint
"pg_psql_temporary_savepoint" does not exist.
In psql, avoid repeated could not
print result table failures after the first such error
(Álvaro Herrera)
Fix race condition in detection of file modification by
psql's \e and related
commands (Laurenz Albe)
A very fast typist could fool the code's file-timestamp-based
detection of whether the temporary edit file was changed.
Fix pg_dump's dumping of
generated columns in partitioned tables (Peter Eisentraut)
A fix introduced in the previous minor release should not be applied
to partitioned tables, only traditionally-inherited tables.
Fix missed file version check
in pg_restore (Tom Lane)
When reading a custom-format archive from a non-seekable source,
pg_restore neglected to check the
archive version. If it was fed a newer archive version than it
can support, it would fail messily later on.
Add some more checks to pg_upgrade for
user tables containing non-upgradable data types (Tom Lane)
Fix detection of some cases where a non-upgradable data type is
embedded within a container type (such as an array or range).
Also disallow upgrading when user tables contain columns of
system-defined composite types, since those types' OIDs are not
stable across versions.
Fix incorrect progress-reporting calculation
in pg_checksums (Shinya Kato)
Fix pg_waldump to
count XACT records correctly when generating
per-record statistics (Kyotaro Horiguchi)
Fix contrib/amcheck to not complain about the
tuple flags HEAP_XMAX_LOCK_ONLY
and HEAP_KEYS_UPDATED both being set
(Julien Rouhaud)
This is a valid state after SELECT FOR UPDATE.
Adjust VPATH build rules to support recent Oracle Developer Studio
compiler versions (Noah Misch)
Fix testing of PL/Python for Python 3 on Solaris (Noah Misch)
Release 13.2Release date:2021-02-11
This release contains a variety of fixes from 13.1.
For information about new features in major release 13, see
.
Migration to Version 13.2
A dump/restore is not required for those running 13.X.
However, see the first changelog item below concerning a possible
need to update stored views. Also see the third and fourth changelog
items, which describe cases in which reindexing indexes after the
upgrade may be advisable.
Changes
Fix failure to check per-column SELECT privileges
in some join queries (Tom Lane)
In some cases involving joins, the parser failed to record all the
columns read by a query in the column-usage bitmaps that are used
for permissions checking. Although the executor would still insist
on some sort of SELECT privilege to run the
query, this meant that a user having SELECT
privilege on only one column of a table could nonetheless read all
its columns through a suitably crafted query.
A stored view that is subject to this problem will have incomplete
column-usage bitmaps, and thus permissions will still not be
enforced properly on the view after updating. In installations that
depend on column-level permissions for security, it is recommended
to CREATE OR REPLACE all user-defined views to
cause them to be re-parsed.
The PostgreSQL Project thanks
Sven Klemm for reporting this problem.
(CVE-2021-20229)
Fix information leakage in constraint-violation error messages
(Heikki Linnakangas)
If an UPDATE command attempts to move a row to a
different partition but finds that it violates some constraint on
the new partition, and the columns in that partition are in
different physical positions than in the parent table, the error
message could reveal the contents of columns that the user does not
have SELECT privilege on.
(CVE-2021-3393)
Fix incorrect detection of concurrent page splits while inserting
into a GiST index (Heikki Linnakangas)
Concurrent insertions could lead to a corrupt index with entries
placed in the wrong pages. It's recommended to reindex any GiST
index that's been subject to concurrent insertions.
Fix CREATE INDEX CONCURRENTLY to wait for
concurrent prepared transactions (Andrey Borodin)
At the point where CREATE INDEX CONCURRENTLY
waits for all concurrent transactions to complete so that it can see
rows they inserted, it must also wait for all prepared transactions
to complete, for the same reason. Its failure to do so meant that
rows inserted by prepared transactions might be omitted from the new
index, causing queries relying on the index to miss such rows.
In installations that have enabled prepared transactions
(max_prepared_transactions > 0),
it's recommended to reindex any concurrently-built indexes in
case this problem occurred when they were built.
Avoid crash when trying to rescan an aggregation plan node
that has both hashed and sorted grouping sets
(Jeff Davis)
Fix possible incorrect query results when a hash aggregation node
spills some tuples to disk (Tom Lane)
It was possible for aggregation grouping values to be replaced
by nulls when the tuples are read back in, leading to wrong answers.
Fix edge case in incremental sort (Neil Chen)
If the last tuple of a sort batch chanced to be the first tuple of
the next group of already-sorted tuples, the code did the wrong
thing. This could lead to retrieved too many tuples in a
bounded sort error messages, or to silently-wrong sorting
results.
Avoid crash when a CALL or DO
statement that performs a transaction rollback is executed via
extended query protocol (Thomas Munro, Tom Lane)
In PostgreSQL 13, this case reliably
caused a null-pointer dereference. In earlier versions the bug
seems to have no visible symptoms, but it's not quite clear that
it could never cause a problem.
Avoid unnecessary errors with BEFORE UPDATE
triggers on partitioned tables (Álvaro Herrera)
A BEFORE UPDATE FOR EACH ROW trigger that
modified the row in any way prevented UPDATE from
moving the row to another partition when needed; but there is no
longer any reason for this restriction.
Fix partition pruning logic to handle asymmetric hash partition sets
(Tom Lane)
If a hash-partitioned table has unequally-sized partitions (that is,
varying modulus values), or it lacks partitions for some remainder
values, then the planner's pruning logic could mistakenly conclude
that some partitions don't need to be scanned, leading to failure to
find rows that the query should find.
Avoid incorrect results when WHERE CURRENT OF is
applied to a cursor whose plan contains a MergeAppend node (Tom
Lane)
This case is unsupported (in general, a cursor using ORDER
BY is not guaranteed to be simply updatable); but the code
previously did not reject it, and could silently give false matches.
Fix crash when WHERE CURRENT OF is applied to a
cursor whose plan contains a custom scan node (David Geier)
Fix planner's mishandling of placeholders whose evaluation should be
delayed by an outer join (Tom Lane)
This occurs in particular with trivial subqueries containing lateral
references to outer-join outputs. The mistake could result in a
malformed plan. The known cases trigger a failed to assign
all NestLoopParams to plan nodes error, but other symptoms
may be possible.
Fix planner's handling of placeholders during removal of useless
RESULT RTEs (Tom Lane)
This oversight could lead to no relation entry for
relid N planner errors.
Fix planner's handling of a placeholder that is computed at some
join level and used only at that same level (Tom Lane)
This oversight could lead to failed to build
any N-way joins planner errors.
Consider unsorted subpaths when planning a Gather Merge operation
(James Coleman)
It's possible to use such a path by adding an explicit Sort node,
and in some cases that gives rise to a superior plan.
Do not consider ORDER BY expressions involving
parallel-restricted functions or set-returning functions when trying
to parallelize sorts (James Coleman)
Such cases cannot safely be pushed into worker processes, but the
incremental sort feature accidentally made us consider them.
Be more careful about whether index AMs support mark/restore
(Andrew Gierth)
This prevents errors about missing support functions in rare edge
cases.
Fix overestimate of the amount of shared memory needed for parallel
queries (Takayuki Tsunakawa)
Fix ALTER DEFAULT PRIVILEGES to handle duplicated
arguments safely (Michael Paquier)
Duplicate role or schema names within the same command could lead
to tuple already updated by self errors or
unique-constraint violations.
Flush ACL-related caches when pg_authid
changes (Noah Misch)
This change ensures that permissions-related decisions will promptly
reflect the results of ALTER ROLE ... [NO] INHERIT.
Fix failure to detect snapshot too old conditions
in tables rewritten in the current transaction (Kyotaro Horiguchi,
Noah Misch)
This is only a hazard when wal_level is set
to minimal and the rewrite is performed
by ALTER TABLE SET TABLESPACE.
Fix spurious failure of CREATE PUBLICATION
when applied to a table created or rewritten in the current
transaction (Kyotaro Horiguchi)
This is only a hazard when wal_level is set
to minimal.
Prevent misprocessing of ambiguous CREATE TABLE
LIKE clauses (Tom Lane)
A LIKE clause is re-examined after initial
creation of the new table, to handle importation of indexes and
such. It was possible for this re-examination to find a different
table of the same name, causing unexpected behavior; one example is
where the new table is a temporary table of the same name as
the LIKE target.
Rearrange order of operations in CREATE TABLE
LIKE so that indexes are cloned before building foreign
key constraints (Tom Lane)
This fixes the case where a self-referential foreign key constraint
declared in the outer CREATE TABLE depends on an
index that's coming from the LIKE clause.
Disallow CREATE STATISTICS on system catalogs
(Tomas Vondra)
Disallow converting an inheritance child table to a view
(Tom Lane)
Ensure that disk space allocated for a dropped relation is released
promptly at commit (Thomas Munro)
Previously, if the dropped relation spanned multiple 1GB segments,
only the first segment was truncated immediately. Other segments
were simply unlinked, which doesn't authorize the kernel to release
the storage so long as any other backends still have the files open.
Prevent dropping a tablespace that is referenced by a partitioned
relation, but is not used for any actual storage (Álvaro
Herrera)
Previously this was allowed, but subsequent operations on the
partitioned relation would fail.
Fix progress reporting for CLUSTER (Matthias van
de Meent)
Fix handling of backslash-escaped multibyte characters
in COPY FROM (Heikki Linnakangas)
A backslash followed by a multibyte character was not handled
correctly. In some client character encodings, this could lead to
misinterpreting part of a multibyte character as a field separator
or end-of-copy-data marker.
Avoid preallocating executor hash tables
in EXPLAIN without ANALYZE
(Alexey Bashtanov)
Fix recently-introduced race condition
in LISTEN/NOTIFY queue
handling (Tom Lane)
A newly-listening backend could attempt to read SLRU pages that
were in process of being truncated, possibly causing an error.
Allow the jsonb concatenation operator to handle all
combinations of JSON data types (Tom Lane)
We can concatenate two JSON objects or two JSON arrays. Handle
other cases by wrapping non-array inputs in one-element arrays,
then performing an array concatenation. Previously, some
combinations of inputs followed this rule but others arbitrarily
threw an error.
Fix use of uninitialized value while parsing a *
quantifier in a BRE-mode regular expression (Tom Lane)
This error could cause the quantifier to act non-greedy, that is
behave like a *? quantifier would do in full
regular expressions.
Fix numeric power() for the case where the
exponent is exactly INT_MIN (-2147483648)
(Dean Rasheed)
Previously, a result with no significant digits was produced.
Fix integer-overflow cases in substring()
functions (Tom Lane, Pavel Stehule)
If the specified starting index and length overflow an integer when
added together, substring() misbehaved, either
throwing a bogus negative substring length error for
a case that should succeed, or failing to complain that a negative
length is negative (and instead returning the whole string, in most
cases).
Prevent possible data loss from incorrect detection of the
wraparound point of an SLRU log
(Noah Misch)
The wraparound point typically falls in the middle of a page, which
must be rounded off to a page boundary, and that was not done
correctly. No issue could arise unless an installation had gotten
to within one page of SLRU overflow, which is unlikely in a
properly-functioning system. If this did happen, it would manifest
in later apparent wraparound or could not
access status of transaction errors.
Fix WAL-reading logic to handle timeline switches correctly (Kyotaro
Horiguchi, Fujii Masao)
Previously, if WAL archiving is enabled, a standby could fail to
follow a primary running on a newer timeline, with errors
like requested WAL segment has already been removed.
Fix memory leak in walsender processes while sending new snapshots
for logical decoding (Amit Kapila)
Fix relation cache leak in walsender processes while sending row
changes via the root of a partitioned relation during logical
replication (Amit Langote, Mark Zhao)
Fix walsender to accept additional commands after
terminating replication (Jeff Davis)
Ensure detection of deadlocks between hot standby backends and the
startup (WAL-application) process (Fujii Masao)
The startup process did not run the deadlock detection code, so that
in situations where the startup process is last to join a circular
wait situation, the deadlock might never be recognized.
Fix possible failure to detect recovery conflicts while deleting an
index entry that references a HOT chain (Peter Geoghegan)
The code failed to traverse the HOT chain and might thus compute a
too-old XID horizon, which could lead to incorrect conflict
processing in hot standby. The practical impact of this bug is
limited; in most cases the correct XID horizon would be found anyway
from nearby operations.
Ensure that a nonempty value
of krb_server_keyfile always overrides any
setting of KRB5_KTNAME in the server's
environment (Tom Lane)
Previously, which setting took precedence depended on whether the
client requests GSS encryption.
In server log messages about failing to match connections
to pg_hba.conf entries, include details about
whether GSS encryption has been activated (Kyotaro Horiguchi, Tom
Lane)
This is relevant data if hostgssenc
or hostnogssenc entries exist.
Fix assorted issues in server's support for GSS encryption (Tom Lane)
Remove pointless restriction that only GSS authentication
can be used on a GSS-encrypted connection.
Add GSS encryption information to connection-authorized log messages.
Include GSS-related space when computing the required size of
shared memory (this omission could have caused problems with very
high max_connections settings).
Avoid possible infinite recursion when reporting an unrecoverable
GSS encryption error.
Ensure that unserviced requests for background workers are cleaned
up when the postmaster begins a smart
or fast shutdown sequence (Tom Lane)
Previously, there was a race condition whereby a child process that
had requested a background worker just before shutdown could wait
indefinitely, preventing shutdown from completing.
Fix portability problem in parsing
of recovery_target_xid values (Michael Paquier)
The target XID is potentially 64 bits wide, but it was parsed
with strtoul(), causing misbehavior on
platforms where long is 32 bits (such as Windows).
Avoid trying to use parallel index build in a standalone backend
(Yulin Pei)
Allow index AMs to support included columns without necessarily
supporting multiple key columns (Tom Lane)
While taking a base backup, avoid executing any SHA256 code if a
backup manifest is not needed (Michael Paquier)
When using OpenSSL operating in FIPS mode, SHA256 hashing is
rejected, leading to an error. This change makes it possible to
take a base backup on such a platform, so long
as is specified.
Avoid assertion failure during parallel aggregation of an
aggregate with a non-strict deserialization function (Andrew Gierth)
No such aggregate functions exist in
core PostgreSQL, but some extensions
such as PostGIS provide some. The mistake is harmless anyway in a
non-assert build.
Avoid assertion failure in pg_get_functiondef()
when examining a function with a TRANSFORM option
(Tom Lane)
Fix data structure misallocation in
PL/pgSQL's CALL statement (Tom Lane)
A CALL in a PL/pgSQL procedure, to another
procedure that has OUT parameters, would fail if the called
procedure did a COMMIT
or ROLLBACK.
In libpq, do not skip trying SSL after
GSS encryption (Tom Lane)
If we successfully made a GSS-encrypted connection, but then failed
during authentication, we would fall back to an unencrypted
connection rather than next trying an SSL-encrypted connection.
This could lead to unexpected connection failure, or to silently
getting an unencrypted connection where an encrypted one is
expected. Fortunately, GSS encryption could only succeed if both
client and server hold valid tickets in the same Kerberos
infrastructure. It seems unlikely for that to be true in an
environment that requires SSL encryption instead.
Make libpq's
PQconndefaults() function report the correct
default value for channel_binding
(Daniele Varrazzo)
In psql, re-allow including a password
in a connection_string argument of a
\connect command (Tom Lane)
This used to work, but a recent bug fix caused the password to be
ignored (resulting in prompting for a password).
In psql's \d commands,
don't truncate the display of column default values (Tom Lane)
Formerly, they were arbitrarily truncated at 128 characters.
Fix assorted bugs
in psql's \help
command (Kyotaro Horiguchi, Tom Lane)
\help with two argument words failed to find a
command description using only the first word, for
example \help reset all should show the help
for RESET but did not.
Also, \help often failed to invoke the pager when
it should. It also leaked memory.
Fix pg_dump's dumping of inherited
generated columns (Peter Eisentraut)
The previous behavior resulted in (harmless) errors during restore.
In pg_dump, ensure that the restore
script runs ALTER PUBLICATION ADD TABLE commands
as the owner of the publication, and similarly runs ALTER
INDEX ATTACH PARTITION commands as the owner of the
partitioned index (Tom Lane)
Previously, these commands would be run by the role that started the
restore script; which will usually work, but in corner cases that
role might not have adequate permissions.
Fix pg_dump to handle WITH
GRANT OPTION in an extension's initial privileges
(Noah Misch)
If an extension's script creates an object and grants privileges
on it with grant option, then later the user revokes such
privileges, pg_dump would generate
incorrect SQL for reproducing the situation. (Few if any extensions
do this today.)
In pg_rewind, ensure that all WAL is
accounted for when rewinding a standby server
(Ian Barwick, Heikki Linnakangas)
In pgbench, disallow a digit as the first
character of a variable name (Fabien Coelho)
This prevents trying to substitute variables into timestamp literal
values, which may contain strings like 12:34.
Report the correct database name in connection failure error
messages from some client programs (Álvaro Herrera)
If the database name was defaulted rather than given on the command
line, pg_dumpall,
pgbench, oid2name,
and vacuumlo would produce misleading
error messages after a connection failure.
Fix memory leak in contrib/auto_explain
(Japin Li)
Memory consumed while producing the EXPLAIN
output was not freed until the end of the current transaction (for a
top-level statement) or the end of the surrounding statement (for a
nested statement). This was particularly a problem
with log_nested_statements enabled.
In contrib/postgres_fdw, avoid leaking open
connections to remote servers when a user mapping or foreign server
object is dropped (Bharath Rupireddy)
Open connections that depend on a dropped user mapping or foreign
server can no longer be referenced, but formerly they were kept
around anyway for the duration of the local session.
Fix faulty assertion in contrib/postgres_fdw
(Etsuro Fujita)
In contrib/pgcrypto, check for error returns
from OpenSSL's EVP functions (Michael Paquier)
We do not really expect errors here, but this change silences
warnings from static analysis tools.
Make contrib/pg_prewarm more robust when the
cluster is shut down before prewarming is complete (Tom Lane)
Previously, autoprewarm would rewrite its status file with only the
block numbers that it had managed to load so far, thus perhaps
largely disabling the prewarm functionality in the next startup.
Instead, suppress status file updates until the initial loading pass
is complete.
In contrib/pg_trgm's GiST index support, avoid
crash in the rare case that picksplit is called on exactly two index
items (Andrew Gierth, Alexander Korotkov)
Fix miscalculation of timeouts
in contrib/pg_prewarm
and contrib/postgres_fdw
(Alexey Kondratov, Tom Lane)
The main loop in contrib/pg_prewarm's
autoprewarm parent process underestimated its desired sleep time by
a factor of 1000, causing it to consume much more CPU than intended.
When waiting for a result from a remote
server, contrib/postgres_fdw overestimated the
desired timeout by a factor of 1000 (though this error had been
mitigated by imposing a clamp to 60 seconds).
Both of these errors stemmed from incorrectly converting
seconds-and-microseconds to milliseconds. Introduce a new
API TimestampDifferenceMilliseconds()
to make it easier to get this right in the future.
Improve configure's heuristics for
selecting PG_SYSROOT on macOS (Tom Lane)
The new method is more likely to produce desirable results when
Xcode is newer than the underlying operating system. Choosing
a sysroot that does not match the OS version may result in
nonfunctional executables.
While building on macOS, specify in
link steps as well as compile steps (James Hilliard)
This likewise improves the results when Xcode is out of sync with
the operating system.
Fix JIT compilation to be compatible with LLVM 11 and LLVM 12
(Andres Freund)
Fix potential mishandling of references to boolean variables in
JIT expression compilation (Andres Freund)
No field reports attributable to this have been seen, but it seems
likely that it could cause problems on some architectures.
Fix compile failure with ICU 68 and later (Tom Lane)
Avoid memcpy() with a NULL source pointer and
zero count during partitioned index creation (Álvaro Herrera)
While such a call is not known to cause problems in itself, some
compilers assume that the arguments of memcpy()
are never NULL, which could result in incorrect optimization of
nearby code.
Update time zone data files to tzdata
release 2021a for DST law changes in Russia (Volgograd zone) and
South Sudan, plus historical corrections for Australia, Bahamas,
Belize, Bermuda, Ghana, Israel, Kenya, Nigeria, Palestine,
Seychelles, and Vanuatu.
Notably, the Australia/Currie zone has been corrected to the point
where it is identical to Australia/Hobart.
Release 13.1Release date:2020-11-12
This release contains a variety of fixes from 13.0.
For information about new features in major release 13, see
.
Migration to Version 13.1
A dump/restore is not required for those running 13.X.
Changes
Block DECLARE CURSOR ... WITH HOLD and firing of
deferred triggers within index expressions and materialized view
queries (Noah Misch)
This is essentially a leak in the security restricted
operation sandbox mechanism. An attacker having permission
to create non-temporary SQL objects could parlay this leak to
execute arbitrary SQL code as a superuser.
The PostgreSQL Project thanks
Etienne Stalmans for reporting this problem.
(CVE-2020-25695)
Fix usage of complex connection-string parameters
in pg_dump,
pg_restore,
clusterdb,
reindexdb,
and vacuumdb (Tom Lane)
The parameter
of pg_dump
and pg_restore, or
the parameter of the other
programs mentioned, can be a connection string
containing multiple connection parameters rather than just a
database name. In cases where these programs need to initiate
additional connections, such as parallel processing or processing of
multiple databases, the connection string was forgotten and just the
basic connection parameters (database name, host, port, and
username) were used for the additional connections. This could lead
to connection failures if the connection string included any other
essential information, such as non-default SSL or GSS parameters.
Worse, the connection might succeed but not be encrypted as
intended, or be vulnerable to man-in-the-middle attacks that the
intended connection parameters would have prevented.
(CVE-2020-25694)
When psql's \connect
command re-uses connection parameters, ensure that all
non-overridden parameters from a previous connection string are
re-used (Tom Lane)
This avoids cases where reconnection might fail due to omission of
relevant parameters, such as non-default SSL or GSS options.
Worse, the reconnection might succeed but not be encrypted as
intended, or be vulnerable to man-in-the-middle attacks that the
intended connection parameters would have prevented.
This is largely the same problem as just cited
for pg_dump et al,
although psql's behavior is more complex
since the user may intentionally override some connection
parameters.
(CVE-2020-25694)
Prevent psql's \gset
command from modifying specially-treated variables (Noah Misch)
\gset without a prefix would overwrite whatever
variables the server told it to. Thus, a compromised server could
set specially-treated variables such as PROMPT1,
giving the ability to execute arbitrary shell code in the user's
session.
The PostgreSQL Project thanks
Nick Cleaton for reporting this problem.
(CVE-2020-25696)
Fix unintended breakage of the replication protocol
(Álvaro Herrera)
A walsender reports two command-completion events
for START_REPLICATION. This was undocumented and
apparently unintentional; so we failed to notice that a late 13.0
change removed the duplicate event. However it turns out that
walreceivers require the extra event in some code paths. The most
practical fix is to decree that the extra event is part of the
protocol and resume generating it.
Ensure that SLRU directories are properly fsync'd during checkpoints
(Thomas Munro)
This prevents possible data loss in a subsequent operating system
crash.
Fix ALTER ROLE for users with
the BYPASSRLS attribute (Tom Lane, Stephen Frost)
The BYPASSRLS attribute is only allowed to be
changed by superusers, but other ALTER ROLE
operations, such as password changes, should be allowed with only
ordinary permission checks. The previous coding erroneously
restricted all changes on such a role to superusers.
Disallow ALTER TABLE ONLY ... DROP EXPRESSION when
there are child tables (Peter Eisentraut)
The current implementation cannot handle this case correctly, so just
forbid it for now.
Ensure that ALTER TABLE ONLY ... ENABLE/DISABLE
TRIGGER does not recurse to child tables
(Álvaro Herrera)
Previously the ONLY flag was ignored.
Allow LOCK TABLE to succeed on a self-referential
view (Tom Lane)
It previously threw an error complaining about infinite recursion,
but there seems no need to disallow the case.
Retain statistics about an index across REINDEX
CONCURRENTLY (Michael Paquier, Fabrízio de Royes Mello)
Non-concurrent reindexing has always preserved such statistics.
Fix incorrect progress reporting from REINDEX
CONCURRENTLY (Matthias van de Meent, Michael Paquier)
Ensure that GENERATED columns are updated when
the column(s) they depend on are updated via a rule or an updatable
view (Tom Lane)
This fix also takes care of possible failure to fire a
column-specific trigger in such cases.
Fix failures with collation-dependent partition bound expressions
(Tom Lane)
Support hashing of text arrays (Peter Eisentraut)
Array hashing failed if the array element type is collatable.
Notably, this prevented using hash partitioning with a text array
column as partition key.
Prevent internal overflows in cross-type datetime
comparisons (Nikita Glukhov, Alexander Korotkov, Tom Lane)
Previously, comparing a date to a timestamp would fail if the date
is past the valid range for timestamps. There were also corner
cases involving overflow of close-to-the-limit timestamp values
during timezone rotation.
Fix off-by-one conversion of negative years to BC dates
in to_date()
and to_timestamp() (Dar Alathar-Yemen, Tom Lane)
Also, arrange for the combination of a negative year and an
explicit BC marker to cancel out and produce AD.
Allow the jsonpath.datetime()
method to accept ISO 8601-format timestamps (Nikita Glukhov)
This is not required by SQL, but it seems appropriate since
our to_json() functions generate that timestamp
format for Javascript compatibility.
Ensure that standby servers will archive WAL timeline history files
when archive_mode is set
to always (Grigory Smolkin, Fujii Masao)
This oversight could lead to failure of subsequent PITR recovery
attempts.
Fix edge cases in detecting premature death of the postmaster on
platforms that use kqueue() (Thomas Munro)
Avoid generating an incorrect incremental-sort plan when the sort key
is a volatile expression (James Coleman)
Fix possible crash when considering partition-wise joins
during GEQO planning (Tom Lane)
Fix possible infinite loop or corrupted output data in TOAST
decompression (Tom Lane)
Fix counting of the number of entries in B-tree indexes during
cleanup-only VACUUMs (Peter Geoghegan)
Ensure that data is detoasted before being inserted into a BRIN
index (Tomas Vondra)
Index entries are not supposed to contain out-of-line TOAST
pointers, but BRIN didn't get that memo. This could lead to errors
like missing chunk number 0 for toast value NNN.
(If you are faced with such an error from an existing
index, REINDEX should be enough to fix it.)
Fix buffered GiST index builds to work when the index has included
columns (Pavel Borisov)
Fix unportable use of getnameinfo()
in pg_hba_file_rules view (Tom Lane)
On FreeBSD 11, and possibly other platforms, the
view's address
and netmask columns were always null due
to this error.
Avoid crash if debug_query_string is NULL
when starting a parallel worker (Noah Misch)
Avoid failures when a BEFORE ROW UPDATE trigger
returns the old row of a table having dropped
or missing columns (Amit Langote, Tom Lane)
This method of suppressing an update could result in crashes,
unexpected CHECK constraint failures, or
incorrect RETURNING output,
because missing columns would read as NULLs for those
purposes. (A column is missing for this purpose if
it was added by ALTER TABLE ADD COLUMN with a
non-NULL, but constant, default value.) Dropped columns could cause
trouble as well.
Fix EXPLAIN's output for incremental sort plans
to have correct tag nesting in XML output mode (Daniel Gustafsson)
Avoid unnecessary failure when transferring very large payloads
through shared memory queues (Markus Wanner)
Fix omission of result data type coercion in some cases in
SQL-language functions (Tom Lane)
This could lead to wrong results or crashes, depending on the data
types involved.
Fix incorrect handling of template function attributes in JIT code
generation (Andres Freund)
This has been shown to cause crashes on s390x,
and very possibly there are other cases on other platforms.
Improve code generated for compare_exchange and fetch_add operations
on PPC (Noah Misch)
Fix relation cache memory leaks with RLS policies (Tom Lane)
Fix edge-case memory leak
in index_get_partition() (Justin Pryzby)
Fix small memory leak when SIGHUP processing decides that a new GUC
variable value cannot be applied without a restart (Tom Lane)
Fix memory leaks
in PL/pgsql's CALL
processing (Pavel Stehule, Tom Lane)
In libpq for Windows,
call WSAStartup() once per process
and WSACleanup() not at all (Tom Lane,
Alexander Lakhin)
Previously, libpq
invoked WSAStartup() at connection start
and WSACleanup() at connection cleanup.
However, it appears that calling WSACleanup()
can interfere with other program operations; notably, we have
observed rare failures to emit expected output to stdout. There
appear to be no ill effects from omitting the call, so do that.
(This also eliminates a performance issue from repeated DLL loads and
unloads when a program performs a series of database connections.)
Fix ecpg library's per-thread
initialization logic for Windows (Tom Lane, Alexander Lakhin)
Multi-threaded ecpg applications could
suffer rare misbehavior due to incorrect locking.
Fix ecpg's mis-processing
of B'...' and X'...' literals
(Shenhao Wang)
On Windows, make psql read the output of
a backtick command in text mode, not binary mode (Tom Lane)
This ensures proper handling of newlines.
Ensure that pg_dump collects per-column
information about extension configuration tables (Fabrízio de
Royes Mello, Tom Lane)
Failure to do this led to crashes when
specifying , or underspecified (though
usually correct) COPY commands when
using COPY to reload the tables' data.
Make pg_upgrade check for pre-existence
of tablespace directories in the target cluster (Bruce Momjian)
Fix potential memory leak in contrib/pgcrypto
(Michael Paquier)
Add check for an unlikely failure case
in contrib/pgcrypto (Daniel Gustafsson)
Fix recently-added timetz test case so it works when
the USA is not observing daylight savings time (Tom Lane)
Update time zone data files to tzdata
release 2020d for DST law changes in Fiji, Morocco, Palestine, the
Canadian Yukon, Macquarie Island, and Casey Station (Antarctica);
plus historical corrections for France, Hungary, Monaco, and
Palestine.
Sync our copy of the timezone library with IANA tzcode release 2020d
(Tom Lane)
This absorbs upstream's change of zic's
default output option from fat
to slim. That's just cosmetic for our purposes, as
we continue to select the fat mode in pre-v13
branches. This change also ensures
that strftime() does not
change errno unless it fails.
Release 13Release date:2020-09-24OverviewPostgreSQL 13 contains many new features and
enhancements, including:
Space savings and performance gains from de-duplication of B-tree
index entries
Improved performance for queries that use aggregates or partitioned
tables
Better query planning when using extended statistics
Parallelized vacuuming of indexes
Incremental sorting
The above items and other new features
of PostgreSQL 13 are explained in more
detail in the sections below.
Migration to Version 13
A dump/restore using or use of or logical replication is required for those
wishing to migrate data from any previous release. See for general information on migrating to new major
releases.
Version 13 contains a number of changes that may affect compatibility
with previous releases. Observe the following incompatibilities:
Change SIMILAR
TO ... ESCAPE NULL to return NULL
(Tom Lane)
This new behavior matches the SQL specification.
Previously a null ESCAPE value was taken to mean
using the default escape string (a backslash character). This also
applies to substring(text
FROM pattern
ESCAPE text). The previous
behavior has been retained in old views by keeping the original
function unchanged.
Make json[b]_to_tsvector()
fully check the spelling of its string option
(Dominik Czarnota)
Change the way non-default values affect concurrency
(Thomas Munro)
Previously, this value was adjusted before setting the number of
concurrent requests. The value is now used directly. Conversion of
old values to new ones can be done using:
SELECT round(sum(OLDVALUE / n::float)) AS newvalue FROM generate_series(1, OLDVALUE) s(n);
Prevent display of auxiliary processes in and
system views (Euler Taveira)
Queries that join these views to and wish to see auxiliary processes
will need to use left joins.
Rename various wait
events to improve consistency (Fujii Masao, Tom Lane)
Fix ALTER FOREIGN
TABLE ... RENAME COLUMN to return a more appropriate
command tag (Fujii Masao)
Previously it returned ALTER TABLE; now it returns
ALTER FOREIGN TABLE.
Fix ALTER
MATERIALIZED VIEW ... RENAME COLUMN to return a more
appropriate command tag (Fujii Masao)
Previously it returned ALTER TABLE; now it returns
ALTER MATERIALIZED VIEW.
Rename configuration parameter wal_keep_segments
to (Fujii Masao)
This determines how much WAL to retain for standby servers.
It is specified in megabytes, rather than number of files as with
the old parameter. If you
previously used wal_keep_segments,
the following formula will give you an approximately equivalent setting:
wal_keep_size = wal_keep_segments * wal_segment_size (typically 16MB)
Remove support for defining operator
classes using pre-PostgreSQL
8.0 syntax (Daniel Gustafsson)
Remove support for defining foreign key
constraints using pre-PostgreSQL
7.3 syntax (Daniel Gustafsson)
Remove support for "opaque" pseudo-types used by
pre-PostgreSQL 7.3 servers (Daniel
Gustafsson)
Remove support for upgrading unpackaged (pre-9.1) extensions (Tom Lane)
The FROM option
of CREATE
EXTENSION is no longer supported. Any installations
still using unpackaged extensions should upgrade them to a packaged
version before updating to PostgreSQL 13.
Remove support for posixrules files in the
timezone database (Tom Lane)
IANA's timezone group has deprecated this feature, meaning that it
will gradually disappear from systems' timezone databases over the
next few years. Rather than have a behavioral change appear
unexpectedly with a timezone data update, we have
removed PostgreSQL's support for this
feature as of version 13. This affects only the behavior
of POSIX-style time
zone specifications that lack an explicit daylight savings
transition rule; formerly the transition rule could be determined
by installing a custom posixrules file, but
now it is hard-wired. The recommended fix for any affected
installations is to start using a geographical time zone name.
In , when an lquery pattern
contains adjacent asterisks with braces,
e.g., *{2}.*{3}, properly interpret that
as *{5} (Nikita Glukhov)
Fix 's bt_metap()
to return more appropriate data types that are less likely to overflow
(Peter Geoghegan)
Changes
Below you will find a detailed account of the changes between
PostgreSQL 13 and the previous major
release.
Server<link linkend="ddl-partitioning">Partitioning</link>
Allow pruning of
partitions to happen in more cases
(Yuzuko Hosoya, Amit Langote, Álvaro Herrera)
Allow partitionwise
joins to happen in more cases (Ashutosh Bapat, Etsuro Fujita,
Amit Langote, Tom Lane)
For example, partitionwise joins can now happen between partitioned
tables even when their partition bounds do not match exactly.
Support row-level BEFORE triggers on partitioned tables (Álvaro
Herrera)
However, such a trigger is not allowed to change which partition
is the destination.
Allow partitioned tables to be logically replicated via publications (Amit Langote)
Previously, partitions had to be replicated individually. Now a
partitioned table can be published explicitly, causing all its
partitions to be published automatically. Addition/removal of a
partition causes it to be likewise added to or removed from the
publication.
The CREATE
PUBLICATION option
publish_via_partition_root controls whether changes
to partitions are published as their own changes or their parent's.
Allow logical replication into partitioned tables on subscribers
(Amit Langote)
Previously, subscribers could only receive rows into non-partitioned
tables.
Allow whole-row variables (that
is, table.*) to be
used in partitioning expressions (Amit Langote)
Indexes
More efficiently store duplicates in B-tree indexes
(Anastasia Lubennikova, Peter Geoghegan)
This allows efficient B-tree indexing of low-cardinality columns
by storing duplicate keys only once. Users upgrading with pg_upgrade
will need to use REINDEX to make an
existing index use this feature.
Allow GiST and SP-GiST indexes on box
columns to support ORDER BY box
<-> point queries (Nikita
Glukhov)
Allow GIN indexes to
more efficiently handle ! (NOT) clauses
in tsquery searches (Nikita
Glukhov, Alexander Korotkov, Tom Lane, Julien Rouhaud)
Allow index operator classes
to take parameters (Nikita Glukhov)
Allow CREATE INDEX to specify the GiST signature
length and maximum number of integer ranges (Nikita Glukhov)
Indexes created on four and eight-byte integer
array, tsvector,
, , and columns can now control these GiST index parameters,
rather than using the defaults.
Prevent indexes that use non-default collations from being added as a table's unique or primary
key constraint (Tom Lane)
The index's collation must match that of the underlying column,
but ALTER TABLE previously failed to check
this.
Optimizer
Improve the optimizer's selectivity estimation for
containment/match operators (Tom Lane)
Allow setting the statistics target
for extended statistics
(Tomas Vondra)
This is controlled with the new command option ALTER
STATISTICS ... SET STATISTICS. Previously this was computed
based on more general statistics target settings.
Allow use of multiple extended statistics objects in a single query
(Tomas Vondra)
Allow use of extended statistics objects for OR clauses and IN/ANY constant
lists (Pierre Ducroquet, Tomas Vondra)
Allow functions in FROM clauses to be pulled up
(inlined) if they evaluate to constants (Alexander Kuzmenkov,
Aleksandr Parfenov)
General Performance
Implement incremental
sorting (James Coleman, Alexander Korotkov, Tomas Vondra)
If an intermediate query result is known to be sorted by
one or more leading keys of a required sort ordering, the
additional sorting can be done considering only the remaining
keys, if the rows are sorted in batches that have equal leading
keys.
If necessary, this can be controlled using .
Improve the performance of sorting inet values (Brandur Leach)
Allow hash aggregation
to use disk storage for large aggregation result sets (Jeff Davis)
Previously, hash aggregation was avoided if it was expected to use
more than memory. Now, a hash
aggregation plan can be chosen despite that. The hash table will
be spilled to disk if it exceeds work_mem times
.
This behavior is normally preferable to the old behavior, in which
once hash aggregation had been chosen, the hash table would be
kept in memory no matter how large it got — which could be
very large if the planner had misestimated. If necessary,
behavior similar to that can be obtained by
increasing hash_mem_multiplier.
Allow inserts, not only updates and deletes, to trigger vacuuming
activity in autovacuum
(Laurenz Albe, Darafei Praliaskouski)
Previously, insert-only activity would trigger auto-analyze but
not auto-vacuum, on the grounds that there could not be any dead
tuples to remove. However, a vacuum scan has other useful
side-effects such as setting page-all-visible bits, which improves
the efficiency of index-only scans. Also, allowing an insert-only
table to receive periodic vacuuming helps to spread out the work
of freezing old tuples, so that there is not
suddenly a large amount of freezing work to do when the entire
table reaches the anti-wraparound threshold all at once.
If necessary, this behavior can be adjusted with the new
parameters
and , or
the equivalent table storage options.
Add parameter to
control I/O concurrency for maintenance operations (Thomas Munro)
Allow WAL writes to be skipped during a transaction
that creates or rewrites a relation, if is minimal (Kyotaro
Horiguchi)
Relations larger than
will have their files fsync'ed rather than generating
WAL. Previously this was done only for
COPY operations, but the implementation had a bug
that could cause data loss during crash recovery.
Improve performance when replaying DROP DATABASE
commands when many tablespaces are in use (Fujii Masao)
Improve performance for truncation
of very large relations (Kirk Jamison)
Improve retrieval of the leading bytes of TOAST'ed values
(Binguo Bao, Andrey Borodin)
Previously, compressed out-of-line TOAST values
were fully fetched even when it's known that only some leading
bytes are needed. Now, only enough data to produce the result is
fetched.
Improve performance of LISTEN/NOTIFY
(Martijn van Oosterhout, Tom Lane)
Speed up conversions of integers to text (David Fetter)
Reduce memory usage for query strings and extension scripts that
contain many SQL statements (Amit Langote)
Monitoring
Allow EXPLAIN,
, autovacuum, and to track WAL usage
statistics (Kirill Bychik, Julien Rouhaud)
Allow a sample of SQL statements, rather than all statements, to
be logged (Adrien Nayrat)
A fraction of
those statements taking more than
duration will be
logged.
Add the backend type to csvlog and optionally log output (Peter Eisentraut)
Improve control of prepared statement parameter logging (Alexey
Bashtanov, Álvaro Herrera)
The GUC setting controls the maximum length
of parameter values output during logging of non-error statements,
while does
the same for logging of statements with errors. Previously,
prepared statement parameters were never logged during errors.
Allow function call backtraces to be logged after errors (Peter
Eisentraut, Álvaro Herrera)
The new parameter specifies
which C functions should generate backtraces on error.
Make vacuum buffer counters 64-bits
wide to avoid overflow (Álvaro Herrera)
System Views
Add leader_pid to to report a parallel worker's
leader process (Julien Rouhaud)
Add system view pg_stat_progress_basebackup
to report the progress of streaming base backups (Fujii Masao)
Add system view pg_stat_progress_analyze
to report ANALYZE progress
(Álvaro Herrera, Tatsuro Yamada, Vinayak Pokale)
Add system view pg_shmem_allocations
to display shared memory usage (Andres Freund, Robert Haas)
Add system view pg_stat_slru
to monitor internal SLRU caches
(Tomas Vondra)
Allow to be set as
high as 1MB (Vyacheslav Makarov)
The previous maximum was 100kB.
<link linkend="wait-event-table">Wait Events</link>
Report a wait event while creating a DSM segment
with posix_fallocate() (Thomas Munro)
Add wait event VacuumDelay to report on cost-based vacuum delay
(Justin Pryzby)
Add wait events for WAL archive and recovery pause
(Fujii Masao)
The new events are BackupWaitWalArchive and RecoveryPause.
Add wait events RecoveryConflictSnapshot and
RecoveryConflictTablespace to monitor recovery conflicts (Masahiko
Sawada)
Improve performance of wait events on BSD-based
systems (Thomas Munro)
<acronym>Authentication</acronym>
Allow only superusers to view the setting (Insung Moon)
This was changed as a security precaution.
Change the server's default minimum TLS version
for encrypted connections from 1.0 to 1.2 (Peter Eisentraut)
This choice can be controlled by
.
Server Configuration
Tighten rules on which utility commands are allowed in
read-only transaction mode (Robert Haas)
This change also increases the number of utility commands that can
run in parallel queries.
Allow to be changed
after server start (Peter Eisentraut)
Disallow non-superusers from modifying system tables when is set (Peter Eisentraut)
Previously, if
was set at server start, non-superusers could issue
INSERT/UPDATE/DELETE
commands on system tables.
Enable support
for Unix-domain
sockets on Windows (Peter Eisentraut)
Streaming Replication and Recovery
Allow streaming replication configuration settings to be changed by
reload (Sergei Kornilov)
Previously, a server restart was required to change
and .
Allow WAL receivers to use a temporary
replication slot when a permanent one is not specified (Peter
Eisentraut, Sergei Kornilov)
This behavior can be enabled using .
Allow WAL storage for replication slots to be limited by
(Kyotaro Horiguchi)
Replication slots that would require exceeding this value are
marked invalid.
Allow standby promotion
to cancel any requested pause (Fujii Masao)
Previously, promotion could not happen while the standby was in
paused state.
Generate an error if recovery does not reach the specified recovery target
(Leif Gunnar Erlandsen, Peter Eisentraut)
Previously, a standby would promote itself upon reaching the end
of WAL, even if the target was not reached.
Allow control over how much memory is used by logical decoding before
it is spilled to disk (Tomas Vondra, Dilip Kumar, Amit Kapila)
This is controlled by .
Allow recovery to continue even if invalid
pages are referenced by WAL (Fujii Masao)
This is enabled using .
Utility Commands
Allow VACUUM
to process a table's indexes in parallel (Masahiko Sawada, Amit Kapila)
The new PARALLEL option controls this.
Allow FETCH FIRST
to use WITH TIES to return any additional rows
that match the last result row (Surafel Temesgen)
Report planning-time buffer usage in EXPLAIN's
BUFFER output (Julien Rouhaud)
Make CREATE TABLE
LIKE propagate a CHECK
constraint's NO INHERIT property to the created
table (Ildar Musin, Chris Travers)
When using LOCK
TABLE on a partitioned table, do not check permissions
on the child tables (Amit Langote)
Allow OVERRIDING USER
VALUE on inserts into identity columns (Dean Rasheed)
Add ALTER
TABLE ... DROP EXPRESSION
to allow removing the GENERATED
property from a column (Peter Eisentraut)
Fix bugs in multi-step ALTER TABLE commands (Tom
Lane)
IF NOT EXISTS clauses now work as expected, in
that derived actions (such as index creation) do not execute if the
column already exists. Also, certain cases of combining related
actions into one ALTER TABLE now work when they
did not before.
Add ALTER VIEW
syntax to rename view columns (Fujii Masao)
Renaming view columns was already possible, but one had to
write ALTER TABLE RENAME COLUMN, which is
confusing.
Add ALTER TYPE
options to modify a base type's TOAST properties
and support functions (Tomas Vondra, Tom Lane)
Add CREATE
DATABASELOCALE option (Peter
Eisentraut)
This combines the existing options LC_COLLATE and
LC_CTYPE into a single option.
Allow DROP
DATABASE to disconnect sessions using the target
database, allowing the drop to succeed (Pavel Stehule, Amit Kapila)
This is enabled by the FORCE option.
Add structure member tg_updatedcols
to allow C-language update triggers to know which column(s) were updated
(Peter Eisentraut)
Data Types
Add polymorphic data types for use by functions requiring compatible
arguments (Pavel Stehule)
The new data types are anycompatible,
anycompatiblearray, anycompatiblenonarray,
and anycompatiblerange.
Add SQL data type xid8 to expose
FullTransactionId (Thomas Munro)
The existing xid data type is only four bytes so it
does not provide the transaction epoch.
Add data
type regcollation
and associated functions, to represent OIDs of collation objects
(Julien Rouhaud)
Use the glibc version in some cases as a collation version identifier (Thomas Munro)
If the glibc version changes, a warning will be issued about
possible corruption of collation-dependent indexes.
Add support for collation versions on Windows (Thomas Munro)
Allow ROW
expressions to have their members extracted with suffix
notation (Tom Lane)
For example, (ROW(4, 5.0)).f1 now returns 4.
Functions
Add alternate version of jsonb_set()
with improved NULL handling (Andrew Dunstan)
The new function, jsonb_set_lax(), handles a
NULL new value by either setting the specified
key to a JSON null, deleting the key, raising an
exception, or returning the jsonb value unmodified, as
requested.
Add jsonpath .datetime()
method (Nikita Glukhov, Teodor Sigaev, Oleg Bartunov, Alexander
Korotkov)
This function allows JSON values to be converted
to timestamps, which can then be processed in jsonpath
expressions. This change also adds jsonpath functions
that support time-zone-aware output.
Add SQL functions NORMALIZE()
to normalize Unicode strings, and IS
NORMALIZED to check for normalization (Peter
Eisentraut)
Add min() and
max() aggregates for pg_lsn (Fabrízio
de Royes Mello)
These are particularly useful in monitoring queries.
Allow Unicode
escapes,
e.g., E'\unnnn'
or U&'\nnnn', to
specify any character available in the database encoding, even when
the database encoding is not UTF-8 (Tom Lane)
Allow to_date()
and to_timestamp() to recognize non-English
month/day names (Juan José Santamaría Flecha, Tom Lane)
The names recognized are the same as those output by to_char()
with the same format patterns.
Add datetime format patterns FF1
– FF6 to specify input or output of
1 to 6 fractional-second digits (Alexander
Korotkov, Nikita Glukhov, Teodor Sigaev, Oleg Bartunov)
These patterns can be used by to_char(),
to_timestamp(), and jsonpath's
.datetime().
Add SSSSS datetime format pattern as an
SQL-standard alias for SSSS
(Nikita Glukhov, Alexander Korotkov)
Add function gen_random_uuid()
to generate version-4 UUIDs (Peter Eisentraut)
Previously UUID generation functions were only
available in the external modules and .
Add greatest-common-denominator
(gcd)
and least-common-multiple (lcm) functions (Vik
Fearing)
Improve the performance and accuracy of the numeric
type's square root
(sqrt) and natural log
(ln) functions (Dean Rasheed)
Add function min_scale()
that returns the number of digits to the right of the decimal point
that are required to represent a numeric value with
full accuracy (Pavel Stehule)
Add function trim_scale()
to reduce the scale of a numeric value by removing
trailing zeros (Pavel Stehule)
Add commutators of distance
operators (Nikita Glukhov)
For example, previously only point<->line was supported,
now line<->point
works too.
Create xid8 versions of all transaction ID functions
(Thomas Munro)
The old xid-based functions still exist, for backward
compatibility.
Allow get_bit()
and set_bit() to set bits beyond the first
256MB of a bytea value (Movead Li)
Allow advisory-lock
functions to be used in some parallel operations (Tom Lane)
Add the ability to remove an object's dependency on an extension
(Álvaro Herrera)
The object can be a function, materialized view, index, or trigger.
The syntax is ALTER .. NO DEPENDS ON.
<link linkend="plpgsql">PL/pgSQL</link>
Improve performance of simple PL/pgSQL expressions (Tom Lane,
Amit Langote)
Improve performance of PL/pgSQL functions that use immutable
expressions (Konstantin Knizhnik)
Client Interfaces
Allow libpq clients to require channel binding for encrypted
connections (Jeff Davis)
Using the libpq connection parameter channel_binding
forces the other end of the TLS connection to prove
it knows the user's password. This prevents man-in-the-middle attacks.
Add libpq connection parameters to control the minimum and maximum
TLS version allowed for an encrypted connection
(Daniel Gustafsson)
The settings are and .
By default, the minimum TLS version is 1.2
(this represents a behavioral change from previous releases).
Allow use of passwords to unlock client certificates (Craig
Ringer, Andrew Dunstan)
This is enabled by libpq's
connection parameter.
Allow libpq to use DER-encoded client
certificates (Craig Ringer, Andrew Dunstan)
Fix ecpg's EXEC SQL
elif directive to work correctly (Tom Lane)
Previously it behaved the same as endif followed
by ifdef, so that a successful previous branch
of the same if construct did not prevent
expansion of the elif branch or following
branches.
Client Applications<xref linkend="app-psql"/>
Add transaction status (%x)
to psql's default
prompts (Vik Fearing)
Allow the secondary psql prompt to be
blank but the same width as the primary prompt (Thomas Munro)
This is accomplished by setting PROMPT2
to %w.
Allow psql's
\g
and \gx commands to
change \pset output
options for the duration of that single command (Tom Lane)
This feature allows syntax like \g (expand=on),
which is equivalent to \gx.
Add psql commands to display operator
classes and operator families (Sergey Cherkashin, Nikita Glukhov,
Alexander Korotkov)
The new commands are \dAc,
\dAf, \dAo,
and \dAp.
Show table persistence in psql's \dt+
and related commands (David Fetter)
In verbose mode, the table/index/view shows if the object is permanent,
temporary, or unlogged.
Improve output of psql's \d
for TOAST tables (Justin Pryzby)
Fix redisplay after psql's \e
command (Tom Lane)
When exiting the editor, if the query doesn't end with a semicolon
or \g, the query buffer contents will now be
displayed.
Add \warn
command to psql (David Fetter)
This is like \echo except that the text is sent
to stderr instead of stdout.
Add the PostgreSQL home page to command-line
output (Peter Eisentraut)
<link linkend="pgbench"><application>pgbench</application></link>
Allow pgbench to partition its accounts table
(Fabien Coelho)
This allows performance testing of partitioning.
Add pgbench command \aset, which behaves
like \gset, but for multiple queries (Fabien
Coelho)
Allow pgbench to generate its initial data server-side, rather
than client-side (Fabien Coelho)
Allow pgbench to show script contents using option
(Fabien Coelho)
Server Applications
Generate backup manifests for base backups, and verify them (Robert
Haas)
A new tool pg_verifybackup
can verify backups.
Have pg_basebackup
estimate the total backup size by default (Fujii Masao)
This computation allows pg_stat_progress_basebackup
to show progress. If that is not needed, it can be disabled by
using the option. Previously,
this computation happened only if the
option was used.
Add an option to pg_rewind
to configure standbys (Paul Guo, Jimmy Yih, Ashwin Agrawal)
This matches pg_basebackup's
option.
Allow pg_rewind to use the target
cluster's to retrieve needed
WAL (Alexey Kondratov)
This is enabled using the
/ option.
Have pg_rewind automatically run crash
recovery before rewinding (Paul Guo, Jimmy Yih, Ashwin Agrawal)
This can be disabled by using .
Increase the PREPARE
TRANSACTION-related information reported by
pg_waldump (Fujii Masao)
Add pg_waldump
option to suppress non-error output (Andres
Freund, Robert Haas)
Add pg_dump
option to dump data from
foreign servers (Luis Carril)
Allow vacuum commands run by vacuumdb to operate in parallel mode
(Masahiko Sawada)
This is enabled with the new option.
Allow reindexdb to operate in
parallel (Julien Rouhaud)
Parallel mode is enabled with the new option.
Allow dropdb to disconnect
sessions using the target database, allowing the drop to succeed
(Pavel Stehule)
This is enabled with the option.
Remove and
from createuser (Alexander
Lakhin)
The long-supported preferred options for this are called
and .
Use the directory of the pg_upgrade
program as the default setting when
running pg_upgrade (Daniel Gustafsson)
Documentation
Add a glossary to the documentation
(Corey Huinker, Jürgen Purtz, Roger Harkavy, Álvaro
Herrera)
Reformat tables containing function
and operator information for better clarity (Tom Lane)
Upgrade to use DocBook 4.5
(Peter Eisentraut)
Source Code
Add support for building on Visual Studio 2019 (Haribabu Kommi)
Add build support for MSYS2 (Peter Eisentraut)
Add compare_exchange and fetch_add assembly language code for Power
PC compilers (Noah Misch)
Update Snowball
stemmer dictionaries used by full text search (Panagiotis
Mavrogiorgos)
This adds Greek stemming and improves Danish and French stemming.
Remove support for Windows 2000 (Michael Paquier)
Remove support for non-ELF BSD
systems (Peter Eisentraut)
Remove support for Python versions
2.5.X and earlier (Peter Eisentraut)
Remove support for OpenSSL 0.9.8
and 1.0.0 (Michael Paquier)
Remove configure options
and (Peter Eisentraut)
These were needed for compatibility with some version-zero C
functions, but those are no longer supported.
Pass the query string to planner hook functions (Pascal Legrand,
Julien Rouhaud)
Add TRUNCATE
command hook (Yuli Khodorkovskiy)
Add TLS init hook (Andrew Dunstan)
Allow building with no predefined Unix-domain socket directory
(Peter Eisentraut)
Reduce the probability of SysV resource key collision on Unix platforms
(Tom Lane)
Use operating system functions to reliably erase memory that contains
sensitive information (Peter Eisentraut)
For example, this is used for clearing passwords stored in memory.
Add headerscheck script to test C header-file
compatibility (Tom Lane)
Implement internal lists as arrays, rather than a chain of cells
(Tom Lane)
This improves performance for queries that access many objects.
Change the API for TS_execute() (Tom Lane,
Pavel Borisov)
TS_execute callbacks must now provide ternary
(yes/no/maybe) logic. Calculating NOT queries accurately is now
the default.
Additional Modules
Allow extensions to be
specified as trusted (Tom Lane)
Such extensions can be installed in a database by users with
database-level CREATE privileges, even if they
are not superusers. This change also removes
the pg_pltemplate system catalog.
Allow non-superusers to connect to
foreign servers without using a password (Craig Ringer)
Specifically, allow a superuser to set
password_required to false for
a user mapping. Care
must still be taken to prevent non-superusers from using superuser
credentials to connect to the foreign server.
Allow postgres_fdw to use certificate
authentication (Craig Ringer)
Different users can use different certificates.
Allow to control access to the
TRUNCATE command (Yuli Khodorkovskiy)
Add extension bool_plperl
which transforms SQL booleans to/from PL/Perl
booleans (Ivan Panchenko)
Have treat SELECT
... FOR UPDATE commands as distinct from those
without FOR UPDATE (Andrew Gierth, Vik Fearing)
Allow pg_stat_statements to optionally
track the planning time of statements (Julien Rouhaud, Pascal Legrand,
Thomas Munro, Fujii Masao)
Previously only execution time was tracked.
Overhaul 's lquery syntax to treat
NOT (!) more logically (Filip Rembialkowski,
Tom Lane, Nikita Glukhov)
Also allow non-* queries to use a numeric range ({}) of matches.
Add support for binary I/O of , lquery, and
ltxtquery types (Nino Floris)
Add an option to to ignore the sign
of integers (Jeff Janes)
Add function
pg_file_sync() to allow fsync'ing a file
(Fujii Masao)
Add functions to output
t_infomask/t_infomask2
values in human-readable format (Craig Ringer, Sawada Masahiko,
Michael Paquier)
Add B-tree index de-duplication processing columns to pageinspect output
(Peter Geoghegan)
Acknowledgments
The following individuals (in alphabetical order) have contributed to this
release as patch authors, committers, reviewers, testers, or reporters of
issues.
Abhijit Menon-SenAdam LeeAdam ScottAdé HeywardAdrien NayratAhsan HadiAlastair McKinleyAleksandr ParfenovAlex AktsipetrovAlex MacyAlex ShulginAlexander KorotkovAlexander KukushkinAlexander KuzmenkovAlexander LakhinAlexey BashtanovAlexey KondratovÁlvaro HerreraAmit KapilaAmit KhandekarAmit LangoteAmul SulAnastasia LubennikovaAndreas Joseph KroghAndreas KarlssonAndreas KunertAndreas SeltenreichAndrei ZubkovAndres FreundAndrew BilleAndrew DunstanAndrew GierthAndrey BorodinAndrey KlychkovAndrey LepikhovAnna AkentevaAnna EndoAnthony NowocienAnton VlasovAntonin HouskaAnts AasmaArne RolandArnold MüllerArseny SherArthur NascimentoArthur ZakirovAshutosh BapatAshutosh SharmaAshwin AgrawalAsif RehmanAsim PraveenAtsushi TorikoshiAugustinas JokubauskasAustin DrenskiBasil BourqueBeena EmersonBen CornettBenjie GillamBenoît LobréauBernd HelmleBharath RupireddyBhargav KamineniBinguo BaoBrad DeJongBrandur LeachBrent BatesBrian WilliamsBruce MomjianCameron EzellCary HuangChapman FlackCharles OffenbacherChen HuajunChenyang LuChris BandyChris TraversChristoph BergChristophe CourtoisCorey HuinkerCraig RingerCuiping LinDagfinn Ilmari MannsåkerDaniel FioriDaniel GustafssonDaniel VéritéDaniel WestermannDarafei PraliaskouskiDaryl WaycottDave CramerDavid ChristensenDavid FetterDavid G. JohnstonDavid GilmanDavid HarperDavid RowleyDavid SteeleDavid ZhangDavinder SinghDean RasheedDenis StuchalinDent JohnDidier GautheronDilip KumarDmitry BelyavskyDmitry DolgovDmitry IvanovDmitry TelptDmitry UspenskiyDominik CzarnotaDongming LiuEd MorleyEdmund HornerEmre HasegeliEric GillumErik RijkersErwin BrandstetterEthan WaldoEtsuro FujitaEugen KonkovEuler TaveiraFabien CoelhoFabrízio de Royes MelloFelix LechnerFilip JanusFilip RembialkowskiFrank GagnepainGeorgios KokolatosGilles DaroldGreg NancarrowGrigory SmolkinGuancheng LuoGuillaume LelargeHadi MoshayediHaiying TangHamid AkhtarHans BuschmannHao WuHaribabu KommiHaruka TakatsukaHeath LordHeikki LinnakangasHimanshu UpadhyayaHironobu SuzukiHugh McMasterHugh RanalliHugh WangIan BarwickIbrar AhmedIldar MusinInsung MoonIreneusz PlutaIsaac MorlandIvan KartyshovIvan PanchenkoIvan Sergio BorgonovoJaime CasanovaJames ColemanJames GrayJames HunterJames InformJames LucasJan MusslerJaroslav SivyJeevan ChalkeJeevan LadheJeff DavisJeff JanesJehan-Guillaume de RorthaisJeremy EvansJeremy SchneiderJeremy SmithJerry SieversJesper PedersenJesse KinkeadJesse ZhangJian ZhangJie ZhangJim NasbyJimmy YihJobin AugustineJoe ConwayJohn HsuJohn NaylorJon JensenJonathan KatzJorge Gustavo RochaJosef ŠimánekJoseph NahmiasJuan José Santamaría FlechaJulian BackesJulien RouhaudJürgen PurtzJustin KingJustin PryzbyKarl O. PincKeisuke KurodaKeith FiskeKelly MinKen TanzerKirill BychikKirk JamisonKonstantin KnizhnikKuntal GhoshKyle KingsburyKyotaro HoriguchiLars KanisLaurenz AlbeLeif Gunnar ErlandsenLi JapinLiudmila MantrovaLucas ViecelliLuis M. CarrilLukáš SobotkaMaciek SakrejdaMagnus HaganderMahadevan RamachandranMahendra Singh ThalorManuel RiggerMarc MunroMarcos DavidMarina PolyakovaMark DilgerMark WongMarko TiikkajaMarkus WinandMarti RaudseppMartijn van OosterhoutMasahiko SawadaMasahiro IkedaMasao FujiiMateusz GuzikMatt JibsonMatteo BeccatiMaxence AhloucheMelanie PlagemanMichael BanckMichael LuoMichael MeskesMichael PaquierMichail NikolaevMike PalmiottoMithun CyMovead LiNathan BossartNazli Ugur KoyluogluNeha SharmaNicola ContuNicolás AlvarezNikhil SontakkeNikita GlukhovNikolay ShaplovNino FlorisNoah MischNoriyoshi ShinodaOleg BartunovOleg SamoilovOleksii KliukinOndrej JirmanPanagiotis MavrogiorgosPascal LegrandPatrick McHardyPaul GuoPaul JungwirthPaul RamseyPaul SivashPaul SpencerPavan DeolaseePavel BorisovPavel LuzanovPavel StehulePavel SuderevskyPeifeng QiuPengzhou TangPeter BillenPeter EisentrautPeter GeogheganPeter SmithPetr FedorovPetr JelínekPhil BayerPhilip SemanchukPhilippe BeaudoinPierre DucroquetPierre GiraudPiotr Gabriel KosinskiPiotr WlodarczykPrabhat SahuQuan ZongliangQuentin RameauRafael CastroRafia SabihRaj MohiteRajkumar RaghuwanshiRamanarayana MRanier VilelaRares SalcudeanRaúl Marín RodríguezRaymond MartinReijo SuhonenRichard GuoRobert FordRobert HaasRobert KahlertRobert TreatRobin AbbiRobins TharakanRoger HarkavyRoman PeshkurovRui DeSousaRui Hai JiangRushabh LathiaRyan LambertRyohei TakahashiScott RibeSean FarrellSehrope SarkuniSergei AgalakovSergei KornilovSergey CherkashinShawn DebnathShawn WangShay RojanskyShenhao WangSimon RiggsSlawomir ChodnickiSoumyadeep ChakrabortyStéphane LorekStephen FrostSteve RogersonSteven WinfieldSurafel TemesgenSuraj KharageTakanori AsabaTakao FujiiTakayuki TsunakawaTakuma HoshiaiTatsuhito KasaharaTatsuo IshiiTatsuro YamadaTaylor VeselyTeodor SigaevTham NguyenThibaut MadelaineThom BrownThomas KellererThomas MunroTiago AnastacioTim ClarkeTim MöhlmannTom EllisTom GottfriedTom LaneTomas VondraTuomas LeikolaTushar AhujaVictor WagnerVictor YegorovVignesh CVik FearingVinay BanakarVladimir LeskovVladimir SitnikovVyacheslav MakarovVyacheslav ShablistyyWill LeinweberWilliam CrowellWyatt AltYang XiaoYaroslav SchekinYi HuangYigong HuYoann La CancelleraYoshikazu ImaiYu KimuraYugo NagataYuli KhodorkovskiyYusuke EgashiraYuya WatariYuzuko HosoyaZhenHua Cai