Last-minute updates for release notes.

author Tom Lane

Mon, 28 Mar 2016 15:32:17 +0000 (11:32 -0400)

committer Tom Lane

Mon, 28 Mar 2016 15:32:17 +0000 (11:32 -0400)
author Tom Lane
Mon, 28 Mar 2016 15:32:17 +0000 (11:32 -0400)
committer Tom Lane
Mon, 28 Mar 2016 15:32:17 +0000 (11:32 -0400)
diff --git a/doc/src/sgml/release-9.5.sgml b/doc/src/sgml/release-9.5.sgml

index a7f9c43219e0290bc344229ac95debbe334fa88b..d64655b007a34896ab60451041b0d9ecae3b3f55 100644 (file)
--- a/doc/src/sgml/release-9.5.sgml
+++ b/doc/src/sgml/release-9.5.sgml
@@ -77,6 +77,49 @@ Branch: REL9_5_STABLE [8aa6e9780] 2016-03-23 16:04:35 -0400
       
      
  
+
+
+    
+     
+      Maintain row-security status properly in cached plans (Stephen Frost)
+     
+
+     
+      In a session that performs queries as more than one role, the plan
+      cache might incorrectly re-use a plan that was generated for another
+      role ID, thus possibly applying the wrong set of policies when
+      row-level security (RLS) is in use.
+      (CVE-2016-2193)
+     
+    
+
+
+
+    
+     
+      Add must-be-superuser checks to some
+      new contrib/pageinspect functions (Andreas Seltenreich)
+     
+
+     
+      Most functions in the pageinspect extension that
+      inspect bytea values disallow calls by non-superusers,
+      but brin_page_type() and brin_metapage_info()
+      failed to do so.  Passing contrived bytea values to them might
+      crash the server or disclose a few bytes of server memory.  Add the
+      missing permissions checks to prevent misuse.
+      (CVE-2016-3065)
+     
+    
+
author	Tom Lane
	Mon, 28 Mar 2016 15:32:17 +0000 (11:32 -0400)
committer	Tom Lane
	Mon, 28 Mar 2016 15:32:17 +0000 (11:32 -0400)