PostgreSQL 13.3, 12.7, 11.12, 10.17 and 9.6.22 have been released!

In this paper, from ：https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/

First episode ：https://pgfans.cn/a?id=1076

PostgreSQL 13.3、12.7、11.12、10.17 and 9.6.22 Released ！

Published in 2021-05-13 by PostgreSQL Global Development Group

PostgreSQL The global development team has released updates to all supported versions of our database system , Include 13.3、12.7、11.12、10.17 and 9.6.22. This version closes three security vulnerabilities , And fixed... Reported in the past three months 45 More than one error .

Complete list of changes , Please check the release notes .

safety problem

CVE-2021-32027： Integer overflow in array subscript calculation results in buffer overflow
The affected version ：9.6-13
Security teams usually don't test unsupported versions , But this problem is very old .
Modifying some SQL Array value , The lack of boundary checking allows authenticated database users to write arbitrary bytes to a wide area of server memory .
PostgreSQL Project thanks Tom Lane Report this problem .

CVE-2021-32028： Memory exposure in INSERT … ON CONFLICT … DO UPDATE
The affected version ：9.6-13
Security teams usually don't test unsupported versions . This feature first appeared in 9.5 in .
INSERT … ON CONFLICT … DO UPDATE An attacker can use commands on a specific destination table to read arbitrary bytes of server memory . In the default configuration , Any authenticated database user can create necessary objects and complete this attack at will . Missing on all databases CREATE and TEMPORARY Privilege , and CREATE Users without privileges on all architectures cannot use this attack at will .
PostgreSQL Project thanks Andres Freund Report this problem .

CVE-2021-32029： The memory in the partition table is exposed UPDATE … RETURNING
The affected version ：11-13
Use UPDATE … RETURNING Special partition table , An attacker can read arbitrary bytes of server memory . In the default configuration , Any authenticated database user can create necessary objects and complete this attack at will . Missing on all databases CREATE and TEMPORARY Privileges and CREATE Users who do not have privileges on all architectures usually cannot use this attack at will .
PostgreSQL Project thanks Tom Lane Report this problem .

Bug fixes and improvements

This update fixes... Reported in the past few months 45 More than one error . Some of these issues only affect the version 13, However, it may also apply to other supported versions .

Some of these fixes include ：

• Fix potential UPDATE … RETURNING Incorrect calculation of the output of the cross partition update of the connection .
• ALTER TABLE … ALTERCONSTRAINT Fix when used on foreign key constraints on partitioned tables . This command will not be able to adjust the constraints of leaf partition and the of trigger DEFERRABLE and / or INITIALLY DEFERRED attribute , Which leads to unexpected behavior . After updating to this version , You can perform ALTER TABLE … ALTERCONSTRAINT Command to fix all partition table exceptions .
• Make sure to associate the sub table with ALTER TABLE … INHERIT When the parent table is generated together , Generate columns in the same way in the parent table .
• Do not mark the identity column as NULL.
• allow ALTER ROLE … SET/ALTER DATABASE …SET Set up characters ,session_authorization and temp_buffers Parameters .
• Make sure REINDEX CONCURRENTLY Keep any statistical target set of the index .
• Solved the problem of saving records in... In some cases AFTER Problems in triggers that can cause crashes .
• Repair to_char() The way Roman month format codes are processed at negative intervals .
• correct {m,n} stay BRE The problem of using uninitialized values when parsing quantifiers in pattern regular expressions .
• Repair the “ Cannot find path key item to sort ” Scheduler error , This error occurs in some cases when the sort key involves aggregation or window functions .
• Repair the BRIN Index bitmap scanning may cause “ Can't open file ” Wrong question .
• tsvector When there are many matching records , Repair comes from GIN Potential wrong answers to index search .
• Repair COMMIT AND CHAIN The functions on the server and psql.
• from WAL When recovering uncommitted two-phase transactions in , Please avoid wrong timeline changes , Because this may cause consistency problems and failure to restart the server .
• Make sure you're in the newer FreeBSD Distribution version wal_sync_method Put it fdatasync The default setting is .
• Ban vacuum_cleanup_index_scale_factor Parameters and storage options .
• Fix multiple memory leaks in the server , Including the use of SSL / TLS A memory leak during parameter initialization .
• Restore previous behavior \connect service=XYZ Come on psql, That is, environment variables are prohibited （ for example PGPORT Overwrite item from service file ）.
• How to fix pg_dump Process the generated columns in the partitioned table .
• towards pg_upgrade Add additional checks to user tables that contain non upgradeable data types .
• stay Windows On ,initdb Now print about how to pg_ctl Instructions for starting the server with a backslash separator .
• Repair pg_waldump The correct count when generating statistics for each record XACT The problem of recording .

A complete list of available changes , Please check out Release notes .

PostgreSQL 9.6 Stop production notice

PostgreSQL 9.6 Will be in 2021 year 11 month 11 Stop receiving repair on the day . If you are running in a production environment PostgreSQL 9.6, We recommend that you plan to upgrade to a newer supported version of PostgreSQL. Please refer to our version control policy for more information .

Updating

all PostgreSQL Updates are cumulative . Like other minor versions , There is no need for users to dump and reload their databases or use pg_upgrade This updated version ; You can simply close PostgreSQL And update its binary .

Users who skip one or more updates may need to run other post update steps ; For more information , Please refer to the release notes for earlier versions .

For more details , See the release notes .

link

download

Release notes

Security

Version policy

stay Twitter Focus on @postgresql

Learn more about PostgreSQL Hot news 、 news information 、 Wonderful activities , Please visit China PostgreSQL Official website ：www.postgresqlchina.com

Solve more PostgreSQL Related knowledge 、 technology 、 Work problems , Please visit China PostgreSQL Official Q & a community ：www.pgfans.cn

Download more PostgreSQL Related information 、 Tools 、 Plug in problems , Please visit China PostgreSQL Official download site ：www.postgreshub.cn