-
+
Release date
- 2009-??-??, ITEMS CURRENT AS OF 2009-04-08
+ 2009-??-??, ITEMS CURRENT AS OF 2009-05-11
+
+ Change default setting for max_prepared_transactions> to
+ zero (previously it was 5) (Tom)
+
+
+
Make debug_print_parse>, debug_print_rewritten>,
Authentication and security
-
- Report appropriate error message for combination of MD5>
- authentication and db_user_namespace> enabled (Bruce)
-
-
-
Remove support for the (insecure) crypt> authentication method
commercial CAs.
+
+
+ Report appropriate error message for combination of MD5>
+ authentication and db_user_namespace> enabled (Bruce)
+
+
- Parse pg_hba.conf> fully when it is loaded,
- so that errors are reported immediately (Magnus)
+ Change all authentication options to use name=value>
+ syntax (Magnus)
- Previously, most errors in the file wouldn't be detected until clients
- tried to connect, so an erroneous file could render the system
- unusable. With the new behavior, if an error is detected during
- reload then the bad file is rejected and the postmaster continues
- to use its old copy.
-
-
-
-
- Show all parsing errors in pg_hba.conf> instead of
- aborting after the first one (Selena Deckelmann)
+ This makes incompatible changes to the ldap>,
+ pam> and ident> authentication methods. All
+ pg_hba.conf> entries with these methods need to be
+ rewritten using the new format.
-
- Change all authentication options to use name=value>
- syntax (Magnus)
-
-
- This makes incompatible changes to the ldap>,
- pam> and ident> authentication methods. All
- pg_hba.conf> entries with these methods need to be
- rewritten using the new format.
-
-
-
Allow a usermap parameter for all external authentication methods
+
+ Parse pg_hba.conf> fully when it is loaded,
+ so that errors are reported immediately (Magnus)
+
+
+ Previously, most errors in the file wouldn't be detected until clients
+ tried to connect, so an erroneous file could render the system
+ unusable. With the new behavior, if an error is detected during
+ reload then the bad file is rejected and the postmaster continues
+ to use its old copy.
+
+
+
+
+ Show all parsing errors in pg_hba.conf> instead of
+ aborting after the first one (Selena Deckelmann)
+
+
+
Support ident> authentication over Unix-domain sockets
+
+ Reject \000> in string literals and COPY> data
+ (Tom)
+
+
+ Previously, this was accepted but had the effect of terminating
+ the string contents.
+
+
+
Improve the parser's ability to report error locations (Tom)
Improve checks that the database encoding, collation
(LC_COLLATE>), and character classes
- (LC_CTYPE>) match (Heikki)
+ (LC_CTYPE>) match (Heikki, Tom)
+
+
+ Note in particular that a new database's encoding and locale
+ settings can be changed only when copying from template0>.
+ This prevents possibly copying data that doesn't match the settings.
+
+ Make EXIT> without a label always exit the innermost
+ loop (Tom)
+
+
+ Formerly, if there were a BEGIN> block more closely nested
+ than any loop, it would exit that block instead. The new behavior
+ matches Oracle(TM) and is also what was previously stated by our own
+ documentation.
+
+
+
+
+ Make processing of string literals and nested block comments
+ match the main SQL parser's processing (Tom)
+
+
+
Avoid memory leakage when the same function is called at varying
+
+ Add a function type column to \df>'s output, and add
+ options to list only selected types of functions (David Fetter)
+
+
+
Make \df> not hide functions that take or return
- Make Kerberos use the same method to determine the username of the
- client as all other authentication methods (Magnus)
+ Make Kerberos connections use the same method to determine the
+ username of the client as all other authentication methods (Magnus)
and the name of the server when making
SSL>
connections. If a root certificate is not available to use for
verification,
SSL> connections will fail. The
- sslmode> parameter is used to enable the certificate
- verification and set the level.
-
-
+ sslmode> parameter is used to enable certificate
+ verification and set the level of checking.
The default is still not to do any verification, allowing connections
- to SSL enabled servers without requiring a root certificate on the
+ to SSL-enabled servers without requiring a root certificate on the
client.
+
+ Recover better if dynamically-loaded code executes exit()>
+ (Tom)
+
+
+
Add a hook to let plug-ins monitor the executor (Itagaki
+
+ Make contrib/pgbench> use table names
+ pgbench_accounts>, pgbench_branches>,
+ pgbench_history>, and pgbench_tellers>,
+ rather than just accounts>, branches>,
+ history>, and tellers> (Tom)
+
+
+ This is to reduce the risk of accidentally destroying real data
+
+
+
Fix contrib/pgstattuple> to handle tables and