PostgreSQL 9.5 Beta 1 及各版本安全更新发布

jopen 6年前

PostgreSQL 9.5 Beta 1 发布,主要更新内容如下:

  • significant adjustments to Row Level Security (RLS) semantics

  • deadlock with LWLock improvements

  • index corruption issue with BRIN indexes

  • couldn't connect using PGSSLMODE=require on Windows

  • various problems with commit timestamp tracking

  • hash join memory leak

  • inconsistent behavior of jsonb_set with array append


下载:Downloads Page

同时还发布了对所有支持版本的更新,包括9.4.5, 9.3.10, 9.2.14, 9.1.19 和 9.0.23,主要安全更新如下:

CVE-2015-5289: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service.

CVE-2015-5288: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory.  No working exploit for this issue has been developed.