Release 8.3.23
PostgreSQL 9.6.5 Documentation | |||
---|---|---|---|
Prev | Up | Appendix E. Release Notes | Next |
Release date: 2013-02-07
This release contains a variety of fixes from 8.3.22. For information about new features in the 8.3 major release, see Section E.171 .
This is expected to be the last PostgreSQL release in the 8.3.X series. Users are encouraged to update to a newer release branch soon.
E.148.1. Migration to Version 8.3.23
A dump/restore is not required for those running 8.3.X.
However, if you are upgrading from a version earlier than 8.3.17, see Section E.154 .
E.148.2. Changes
-
Prevent execution of
enum_recv
from SQL (Tom Lane)The function was misdeclared, allowing a simple SQL command to crash the server. In principle an attacker might be able to use it to examine the contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) for reporting this issue. (CVE-2013-0255)
-
Fix SQL grammar to allow subscripting or field selection from a sub-SELECT result (Tom Lane)
-
Protect against race conditions when scanning pg_tablespace (Stephen Frost, Tom Lane)
CREATE DATABASE and DROP DATABASE could misbehave if there were concurrent updates of pg_tablespace entries.
-
Prevent DROP OWNED from trying to drop whole databases or tablespaces (Álvaro Herrera)
For safety, ownership of these objects must be reassigned, not dropped.
-
Prevent misbehavior when a RowExpr or XmlExpr is parse-analyzed twice (Andres Freund, Tom Lane)
This mistake could be user-visible in contexts such as CREATE TABLE LIKE INCLUDING INDEXES .
-
Improve defenses against integer overflow in hashtable sizing calculations (Jeff Davis)
-
Ensure that non-ASCII prompt strings are translated to the correct code page on Windows (Alexander Law, Noah Misch)
This bug affected psql and some other client programs.
-
Fix possible crash in psql 's \? command when not connected to a database (Meng Qingzhong)
-
Fix one-byte buffer overrun in libpq 's
PQprintTuples
(Xi Wang)This ancient function is not used anywhere by PostgreSQL itself, but it might still be used by some client code.
-
Rearrange configure's tests for supplied functions so it is not fooled by bogus exports from libedit/libreadline (Christoph Berg)
-
Ensure Windows build number increases over time (Magnus Hagander)
-
Make pgxs build executables with the right .exe suffix when cross-compiling for Windows (Zoltan Boszormenyi)
-
Add new timezone abbreviation FET (Tom Lane)
This is now used in some eastern-European time zones.