![]() ![]() Lower the minimum values of the *_freeze_max_age parameters (Andres Freund) - This is mainly to make tests of related behavior less time-consuming, but it may also be of value for installations with limited disk space. In the older branches, just change the default value of ssl_renegotiation_limit to zero (disabled). Renegotiation will be removed entirely in 9.5 and later. Disable SSL renegotiation by default (Michael Paquier, Andres Freund) - While use of SSL renegotiation is a good idea in theory, we have seen too many bugs in practice, both in the underlying OpenSSL library and in our usage of it. Avoid O(N^2) behavior when inserting many tuples into a SPI query result (Neil Conway) - Improve LISTEN startup time when there are many unread notifications (Matt Newell) - Fix performance problem when a session alters large numbers of foreign key constraints (Jan Wieck, Tom Lane) - This was seen primarily when restoring pg_dump output for databases with many thousands of tables. In addition to fixing the bug, install some guards so that any similar future mistake will be more obvious. Subsequent sessions detected this, then deemed the init file to be broken and silently ignored it, resulting in a significant degradation in session startup time. ![]() Fix possible deadlock during WAL insertion when commit_delay is set (Heikki Linnakangas) - Ensure all relations referred to by an updatable view are properly locked during an update statement (Dean Rasheed) - Fix insertion of relations into the relation cache "init file" (Tom Lane) - An oversight in a patch in the most recent minor releases caused pg_trigger_tgrelid_tgname_index to be omitted from the init file. (CVE-2015-5288) - Fix subtransaction cleanup after a portal (cursor) belonging to an outer subtransaction fails (Tom Lane, Michael Paquier) - A function executed in an outer-subtransaction cursor could cause an assertion failure or crash by referencing a relation created within an inner subtransaction. We have not ruled out the viability of attacks that arrange for presence of confidential information in the disclosed bytes, but they seem unlikely. (CVE-2015-5289) - Fix contrib/pgcrypto to detect and report too-short crypt() salts (Josh Kupershmidt) - Certain invalid salt arguments crashed the server or disclosed a few bytes of server memory. CHANGES: - Guard against stack overflows in json parsing (Oskari Saarenmaa) - If an application constructs PostgreSQL json or jsonb values from arbitrary user input, the application's users can reliably crash the PostgreSQL server, causing momentary denial of service. However, if you are upgrading from a version earlier than 9.4.4, see Section E.2. A dump/restore is not required for those running 9.4.X. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |