-
+
Release date
- 2009-??-??, ITEMS CURRENT AS OF 2009-04-08
+ 2009-??-??, ITEMS CURRENT AS OF 2009-05-11
+
+ Change default setting for max_prepared_transactions to
+ zero (previously it was 5) (Tom)
+
+
+
Make debug_print_parse, debug_print_rewritten,
Authentication and security
-
- Report appropriate error message for combination of MD5
- authentication and db_user_namespace enabled (Bruce)
-
-
-
Remove support for the (insecure) crypt authentication method
commercial CAs.
+
+
+ Report appropriate error message for combination of MD5
+ authentication and db_user_namespace enabled (Bruce)
+
+
- Parse pg_hba.conf fully when it is loaded,
- so that errors are reported immediately (Magnus)
+ Change all authentication options to use name=value
+ syntax (Magnus)
- Previously, most errors in the file wouldn't be detected until clients
- tried to connect, so an erroneous file could render the system
- unusable. With the new behavior, if an error is detected during
- reload then the bad file is rejected and the postmaster continues
- to use its old copy.
-
-
-
-
- Show all parsing errors in pg_hba.conf instead of
- aborting after the first one (Selena Deckelmann)
+ This makes incompatible changes to the ldap,
+ pam and ident authentication methods. All
+ pg_hba.conf entries with these methods need to be
+ rewritten using the new format.
-
- Change all authentication options to use name=value
- syntax (Magnus)
-
-
- This makes incompatible changes to the ldap,
- pam and ident authentication methods. All
- pg_hba.conf entries with these methods need to be
- rewritten using the new format.
-
-
-
Allow a usermap parameter for all external authentication methods
+
+ Parse pg_hba.conf fully when it is loaded,
+ so that errors are reported immediately (Magnus)
+
+
+ Previously, most errors in the file wouldn't be detected until clients
+ tried to connect, so an erroneous file could render the system
+ unusable. With the new behavior, if an error is detected during
+ reload then the bad file is rejected and the postmaster continues
+ to use its old copy.
+
+
+
+
+ Show all parsing errors in pg_hba.conf instead of
+ aborting after the first one (Selena Deckelmann)
+
+
+
Support ident authentication over Unix-domain sockets
+
+ Reject \000 in string literals and COPY data
+ (Tom)
+
+
+ Previously, this was accepted but had the effect of terminating
+ the string contents.
+
+
+
Improve the parser's ability to report error locations (Tom)
Improve checks that the database encoding, collation
(LC_COLLATE), and character classes
- (LC_CTYPE) match (Heikki)
+ (LC_CTYPE) match (Heikki, Tom)
+
+
+ Note in particular that a new database's encoding and locale
+ settings can be changed only when copying from template0.
+ This prevents possibly copying data that doesn't match the settings.
+
+ Make EXIT without a label always exit the innermost
+ loop (Tom)
+
+
+ Formerly, if there were a BEGIN block more closely nested
+ than any loop, it would exit that block instead. The new behavior
+ matches Oracle(TM) and is also what was previously stated by our own
+ documentation.
+
+
+
+
+ Make processing of string literals and nested block comments
+ match the main SQL parser's processing (Tom)
+
+
+
Avoid memory leakage when the same function is called at varying
+
+ Add a function type column to \df's output, and add
+ options to list only selected types of functions (David Fetter)
+
+
+
Make \df not hide functions that take or return
- Make Kerberos use the same method to determine the username of the
- client as all other authentication methods (Magnus)
+ Make Kerberos connections use the same method to determine the
+ username of the client as all other authentication methods (Magnus)
and the name of the server when making
SSL connections. If a root certificate is not available to use for
verification,
SSL connections will fail. The- sslmode parameter is used to enable the certificate
- verification and set the level.
-
-
+ sslmode parameter is used to enable certificate
+ verification and set the level of checking.
The default is still not to do any verification, allowing connections
- to SSL enabled servers without requiring a root certificate on the
+ to SSL-enabled servers without requiring a root certificate on the
client.
+
+ Recover better if dynamically-loaded code executes exit()
+ (Tom)
+
+
+
Add a hook to let plug-ins monitor the executor (Itagaki
+
+ Make contrib/pgbench use table names
+ pgbench_accounts, pgbench_branches,
+ pgbench_history, and pgbench_tellers,
+ rather than just accounts, branches,
+ history, and tellers (Tom)
+
+
+ This is to reduce the risk of accidentally destroying real data
+
+
+
Fix contrib/pgstattuple to handle tables and
projects / postgresql.git / commitdiff