Last-minute updates for release notes.

Security: CVE-2023-2454, CVE-2023-2455

diff --git a/doc/src/sgml/release-14.sgml b/doc/src/sgml/release-14.sgml
index b009e51f9784c2692a8d6a9c268ede675d5b339c..acc374d6c526d875e7b75d59cb1a271c3dd89855 100644 (file)
--- a/doc/src/sgml/release-14.sgml
+++ b/doc/src/sgml/release-14.sgml
@@ -35,6 +35,76 @@
 
     
 
+     
+      Prevent CREATE SCHEMA from defeating changes
+      in search_path (Alexander Lakhin)
+     
+
+     
+      Within a CREATE SCHEMA command, objects in the
+      prevailing search_path, as well as those in the
+      newly-created schema, would be visible even within a called
+      function or script that attempted to set a
+      secure search_path.  This could allow any user
+      having permission to create a schema to hijack the privileges of a
+      security definer function or extension script.
+     
+
+     
+      The PostgreSQL Project thanks
+      Alexander Lakhin for reporting this problem.
+      (CVE-2023-2454)
+     
+    
+
+    
+
+     
+      Enforce row-level security policies correctly after inlining a
+      set-returning function (Stephen Frost, Tom Lane)
+     
+
+     
+      If a set-returning SQL-language function refers to a table having
+      row-level security policies, and it can be inlined into a calling
+      query, those RLS policies would not get enforced properly in some
+      cases involving re-using a cached plan under a different role.
+      This could allow a user to see or modify rows that should have been
+      invisible.
+     
+
+     
+      The PostgreSQL Project thanks
+      Wolfgang Walther for reporting this problem.
+      (CVE-2023-2455)
+     
+    
+
+    
+