Last-minute updates for release notes.

Security: CVE-2020-1720

diff --git a/doc/src/sgml/release-10.sgml b/doc/src/sgml/release-10.sgml
index e4d60b3dd721e5af64440da76021b60e552f7925..9556e38e32223955e09a2525fd9a883ca6aace6c 100644 (file)
--- a/doc/src/sgml/release-10.sgml
+++ b/doc/src/sgml/release-10.sgml
@@ -35,6 +35,30 @@
 
     
 
+     
+      Add missing permissions checks for ALTER ... DEPENDS ON
+      EXTENSION (Álvaro Herrera)
+     
+
+     
+      Marking an object as dependent on an extension did not have any
+      privilege check whatsoever.  This oversight allowed any user to mark
+      routines, triggers, materialized views, or indexes as droppable by
+      anyone able to drop an extension.  Require that the calling user own
+      the specified object (and hence have privilege to drop it).
+      (CVE-2020-1720)
+     
+    
+
+    
+
+     
+      Apply more thorough syntax checking
+      to createuser's
+      --connection-limit option (Álvaro Herrera)
+     
+    
+
+    
+