PostgreSQL 开发组发布了对数据库系统的所有支持版本的更新,包括 9.6.3、9.5.7、9.4.13、9.3.17 和 9.2.21。 此版本修复了三个重要安全问题,以及过去三个月报告的其他一些错误。 已关闭的三个安全漏洞: CVE-2017-7484: selectivity estimators bypass SELECT privilege checks CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable CVE-2017-7486: pg_user_mappings view discloses foreign server passwords 其他更新和修复: Fix to ensure consistent behavior for RLS policies Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse to child tables when the constraint is marked NO INHERIT Fix incorrect support for certain box operators in SP-GiST which could yield incorrect results Fixes for handling query cancellation Skip tablespace privilege checks when ALTER TABLE ... ALTER COLUMN TYPE rebuilds an existing index Fix possibly-invalid initial snapshot during logical decoding Fix possible corruption of init forks of unlogged indexes Several fixes to postmaster, including checks for when running as a Windows service Several planner fixes, among others assorted minor fixes in planning of parallel queries Avoid possible crashes in walsender and some index-only scans on GiST index Fix cancelling of pg_stop_backup() when attempting to stop a non-exclusive backup Updates to ecpg to support COMMIT PREPARED and ROLLBACK PREPARED Several fixes for pg_dump/pg_restore, among others to handle privileges for procedural languages and when using --clean option Several fixes for contrib modules, such as dblink, pg_trgm and postgres_fdw Fixes to MSVC builds, such as using correct daylight-savings rules for POSIX-style time zone names and supporting Tcl 8.6 Several performance improvements Fix cursor_to_xml() to produce valid output with tableforest = false Fix roundoff problems in float8_timestamptz() and make_interval() Fix pgbench to handle the combination of --connect and --rate options correctly Fixes to commandline tools such as pg_upgrade and pg_basebackup Several fixes to VACUUM and CLUSTER 下载地址: https://www.postgresql.org/download/ PostgreSQL 9.6.3, 9.5.7, 9.4.12, 9.3.17 和 9.2.21 发布下载地址
