From 960aed7f0dceb85a092ac7cb771012f03c5b0491 Mon Sep 17 00:00:00 2001 From: "Jonathan S. Katz" Date: Wed, 17 Feb 2021 12:23:51 -0500 Subject: [PATCH] Edits to the 2020-02-11 update release --- .../current/20210211securityrelease.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/update_releases/current/20210211securityrelease.md b/update_releases/current/20210211securityrelease.md index 3564707..cd9091d 100644 --- a/update_releases/current/20210211securityrelease.md +++ b/update_releases/current/20210211securityrelease.md @@ -3,18 +3,17 @@ versions of our database system, including 13.2, 12.6, 11.11, 10.16, 9.6.21, and 9.5.25. This release closes two security vulnerabilities and fixes over 80 bugs reported over the last three months. -Additionally, this is the **final release** of PostgreSQL 9.5. If you are +Additionally, this is the **final release of PostgreSQL 9.5**. If you are running PostgreSQL 9.5 in a production environment, we suggest that you make plans to upgrade. For the full list of changes, please review the -[release notes](https://www.postgresql.org/docs/current/release.html). +[release notes](https://www.postgresql.org/docs/release/). Security Issues --------------- -* CVE-2021-3393: Partition constraint violation errors leak values of denied -columns +### CVE-2021-3393: Partition constraint violation errors leak values of denied columns Versions Affected: 11 - 13. @@ -25,7 +24,7 @@ exploit are more rare. The PostgreSQL project thanks Heikki Linnakangas for reporting this problem. -* CVE-2021-20229: Single-column SELECT privilege enables reading all columns +### CVE-2021-20229: Single-column SELECT privilege enables reading all columns Versions Affected: 13. @@ -42,8 +41,8 @@ The PostgreSQL project thanks Sven Klemm for reporting this problem. Bug Fixes and Improvements -------------------------- -This update also fixes over 80 bugs that were reported in the last several -months. Some of these issues only affect version 13, but may also apply to other +This update fixes over 80 bugs that were reported in the last several months. +Some of these issues only affect version 13, but could also apply to other supported versions. Some of these fixes include: @@ -52,7 +51,8 @@ Some of these fixes include: corrupt index with entries placed in the wrong pages. You should `REINDEX` any affected GiST indexes. * Fix `CREATE INDEX CONCURRENTLY` to ensure rows from concurrent prepared -transactions are included in the index. +transactions are included in the index. Installations that have enabled prepared +transactions should `REINDEX` any concurrently-built indexes. * Fix for possible incorrect query results when a hash aggregation is spilled to disk. * Fix edge case in incremental sort that could lead to sorting results @@ -61,7 +61,7 @@ incorrectly or a "retrieved too many tuples in a bounded sort" error. rollback is executed via extended query protocol, such as from prepared statements. * Fix a failure when a PL/pgSQL procedure used `CALL` on another procedure that -has `OUT` parameters did not call execute a `COMMIT` or `ROLLBACK`. +has `OUT` parameters that executed a `COMMIT` or `ROLLBACK`. * Remove errors from `BEFORE UPDATE` triggers on partitioned tables for restrictions that no longer apply. * Several fixes for queries with joins that could lead to error messages such as @@ -106,7 +106,7 @@ Notably, the Australia/Currie zone has been corrected to the point where it is identical to Australia/Hobart. For the full list of changes available, please review the -[release notes](https://www.postgresql.org/docs/current/release.html). +[release notes](https://www.postgresql.org/docs/release/). PostgreSQL 9.5 is EOL --------------------- @@ -130,7 +130,7 @@ post-update steps; please see the release notes for earlier versions for details. For more details, please see the -[release notes](https://www.postgresql.org/docs/current/release.html). +[release notes](https://www.postgresql.org/docs/release/). **NOTE**: PostgreSQL 9.6 will stop receiving fixes on November 11, 2021. Please see our [versioning policy](https://www.postgresql.org/support/versioning/) for -- 2.39.5