E.287. Release 7.3.19
Release date: 2007-04-23
This release contains fixes from 7.3.18, including a security fix.
E.287.1. Migration to Version 7.3.19
A dump/restore is not required for those running 7.3.X. However, if you are upgrading from a version earlier than 7.3.13, see Section E.293 .
E.287.2. Changes
-
Support explicit placement of the temporary-table schema within
search_path
, and disable searching it for functions and operators (Tom)This is needed to allow a security-definer function to set a truly secure value of
search_path
. Without it, an unprivileged SQL user can use temporary objects to execute code with the privileges of the security-definer function (CVE-2007-2138). SeeCREATE FUNCTION
for more information. -
Fix potential-data-corruption bug in how
VACUUM FULL
handlesUPDATE
chains (Tom, Pavan Deolasee)