E.219. Release 8.1.7
Release date: 2007-02-05
This release contains a variety of fixes from 8.1.6, including a security fix. For information about new features in the 8.1 major release, see Section E.226 .
E.219.1. Migration to Version 8.1.7
A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see Section E.224 .
E.219.2. Changes
-
Remove security vulnerabilities that allowed connected users to read backend memory (Tom)
The vulnerabilities involve suppressing the normal check that a SQL function returns the data type it's declared to, and changing the data type of a table column (CVE-2007-0555, CVE-2007-0556). These errors can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access.
-
Fix rare bug wherein btree index page splits could fail due to choosing an infeasible split point (Heikki Linnakangas)
-
Improve
VACUUM
performance for databases with many tables (Tom) -
Fix autovacuum to avoid leaving non-permanent transaction IDs in non-connectable databases (Alvaro)
This bug affects the 8.1 branch only.
-
Fix for rare Assert() crash triggered by
UNION
(Tom) -
Tighten security of multi-byte character processing for UTF8 sequences over three bytes long (Tom)
-
Fix bogus " permission denied " failures occurring on Windows due to attempts to fsync already-deleted files (Magnus, Tom)
-
Fix possible crashes when an already-in-use PL/pgSQL function is updated (Tom)