1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
8
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
10
HREF="mailto:pgsql-docs@postgresql.org"><LINK
12
TITLE="PostgreSQL 9.3beta1 Documentation"
13
HREF="index.html"><LINK
16
HREF="release.html"><LINK
18
TITLE="Release 8.0.16"
19
HREF="release-8-0-16.html"><LINK
21
TITLE="Release 8.0.14"
22
HREF="release-8-0-14.html"><LINK
25
HREF="stylesheet.css"><META
26
HTTP-EQUIV="Content-Type"
27
CONTENT="text/html; charset=ISO-8859-1"><META
29
CONTENT="2013-05-06T21:00:50"></HEAD
35
SUMMARY="Header navigation table"
47
>PostgreSQL 9.3beta1 Documentation</A
56
TITLE="Release 8.0.16"
57
HREF="release-8-0-16.html"
74
>Appendix E. Release Notes</TD
80
TITLE="Release 8.0.14"
81
HREF="release-8-0-14.html"
96
>E.132. Release 8.0.15</A
109
> This release contains a variety of fixes from 8.0.14,
110
including fixes for significant security issues.
111
For information about new features in the 8.0 major release, see
113
HREF="release-8-0.html"
118
> This is the last 8.0.X release for which the <SPAN
122
community will produce binary packages for <SPAN
126
Windows users are encouraged to move to 8.2.X or later,
127
since there are Windows-specific fixes in 8.2.X that
128
are impractical to back-port. 8.0.X will continue to
129
be supported on other platforms.
137
>E.132.1. Migration to Version 8.0.15</A
140
> A dump/restore is not required for those running 8.0.X. However,
141
if you are upgrading from a version earlier than 8.0.6, see the release
158
> Prevent functions in indexes from executing with the privileges of
168
> Functions used in index expressions and partial-index
169
predicates are evaluated whenever a new table entry is made. It has
170
long been understood that this poses a risk of trojan-horse code
171
execution if one modifies a table owned by an untrustworthy user.
172
(Note that triggers, defaults, check constraints, etc. pose the
173
same type of risk.) But functions in indexes pose extra danger
174
because they will be executed by routine maintenance operations
178
>, which are commonly performed
179
automatically under a superuser account. For example, a nefarious user
180
can execute code with superuser privileges by setting up a
181
trojan-horse index definition and waiting for the next routine vacuum.
182
The fix arranges for standard maintenance operations
196
>) to execute as the table owner rather than
197
the calling user, using the same privilege-switching mechanism already
200
>SECURITY DEFINER</TT
201
> functions. To prevent bypassing
202
this security measure, execution of <TT
209
> is now forbidden within a
212
>SECURITY DEFINER</TT
213
> context. (CVE-2007-6600)
218
> Repair assorted bugs in the regular-expression package (Tom, Will Drewry)
221
> Suitably crafted regular-expression patterns could cause crashes,
222
infinite or near-infinite looping, and/or massive memory consumption,
223
all of which pose denial-of-service hazards for applications that
224
accept regex search patterns from untrustworthy sources.
225
(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)
230
> Require non-superusers who use <TT
234
password authentication, as a security measure (Joe)
237
> The fix that appeared for this in 8.0.14 was incomplete, as it plugged
238
the hole for only some <TT
241
> functions. (CVE-2007-6601,
247
> Update time zone data files to <SPAN
251
(in particular, recent Argentina changes) (Tom)
256
> Fix planner failure in some cases of <TT
258
>WHERE false AND var IN
265
> Preserve the tablespace of indexes that are
268
>ALTER TABLE ... ALTER COLUMN TYPE</TT
274
> Make archive recovery always start a new WAL timeline, rather than only
275
when a recovery stop time was used (Simon)
278
> This avoids a corner-case risk of trying to overwrite an existing
279
archived copy of the last WAL segment, and seems simpler and cleaner
280
than the original definition.
290
>maintenance_work_mem</TT
292
when the table is too small for it to be useful (Alvaro)
297
> Fix potential crash in <CODE
300
> when using a multibyte
301
database encoding (Tom)
306
> Fix PL/Perl to cope when platform's Perl defines type <TT
319
> While this could theoretically happen anywhere, no standard build of
320
Perl did things this way ... until <SPAN
328
> Fix PL/Python to not crash on long exception messages (Alvaro)
336
> to correctly handle inheritance child tables
337
that have default expressions different from their parent's (Tom)
345
> parser fixes (Michael)
352
>contrib/tablefunc</TT
357
NULL rowid as a category in its own right, rather than crashing (Joe)
369
escape backslashes correctly (Teodor, Bruce)
377
> on huge input strings (Teodor)
382
> Require a specific version of <SPAN
386
when re-generating the <TT
392
> This affects developers and packagers only. The change was made
393
to prevent accidental use of untested combinations of
401
You can remove the version check if you really want to use a
406
your responsibility whether the result works or not.
417
SUMMARY="Footer navigation table"
428
HREF="release-8-0-16.html"
446
HREF="release-8-0-14.html"
b'\\ No newline at end of file'