However, if you use BRIN indexes, it may be advisable to reindex them;
- see the first changelog entry below.
+ see the third changelog entry below.
+ Disallow substituting a schema or owner name into an extension script
+ if the name contains a quote, backslash, or dollar sign (Noah Misch)
+
+
+ This restriction guards against SQL-injection hazards for trusted
+ extensions.
+
+
+ The
PostgreSQL Project thanks Micah Gate,
+ Valerie Woolard, Tim Carey-Smith, and Christoph Berg for reporting
+ this problem.
+ (CVE-2023-39417)
+
+
+
+
+
+ Fix MERGE to enforce row security policies
+ properly (Dean Rasheed)
+
+
+ When MERGE performs an UPDATE
+ action, it should enforce any UPDATE or
+ SELECT RLS policies defined on the target table,
+ to be consistent with the way that a plain UPDATE
+ with a WHERE clause works. Instead it was
+ enforcing INSERT RLS policies for both
+ INSERT and UPDATE actions.
+
+
+ In addition, when MERGE performs a DO
+ NOTHING action, it applied the target table's
+ DELETE RLS policies to existing rows, even though
+ those rows are not being deleted. While it's not a security
+ problem, this could result in unwanted errors.
+
+
+ The
PostgreSQL Project thanks
+ Dean Rasheed for reporting this problem.
+ (CVE-2023-39418)
+
+
+
+
+
+ Don't Memoize lateral joins with volatile join conditions
+ (Richard Guo)
+
+
+ Applying Memoize to a sub-plan that contains volatile filter
+ conditions is likely to lead to wrong answers. The check to avoid
+ doing this missed some cases that can arise when
+ using LATERAL.
+
+
+
+
+
projects / postgresql.git / commitdiff