In v14 and later with non-default settings of vacuum_defer_cleanup_age, it was possible to compute a very large vacuum cleanup horizon xid, leading to vacuum removing rows that are still live. This led at least to an unhelpful error message (pointing to the token before the string, rather than the actual trouble spot), and could even result in a crash in v14 and later.įix data corruption due to vacuum_defer_cleanup_age being larger than the current 64-bit xid (Andres Freund) Most cases in which a syntax error is detected in a string literal within a JSON value failed to set the error cursor appropriately. When using the deletion feature, the function might fetch the byte just after the input string, creating a small risk of crash.įix error cursor setting for parse errors in JSON string literals (Tom Lane) With bad luck this could have resulted in a server crash.Īvoid buffer overread in translate() function (Daniil Anisimov) However, if row-level security was enabled on the table then this stopped being true.Īvoid possible crash when array_position() or array_positions() is passed an empty array (Tom Lane)įix possible out-of-bounds fetch in to_char() (Tom Lane) The documentation is quite clear that COPY TO copies rows from only the named table, not any inheritance children it may have. Disallow it rather than trying to fix all the cases.Įnsure that COPY TO from an RLS-enabled parent table does not copy any rows from child tables (Antonin Houska) Since the removal of OID as a system column, there is no plausible use-case for this, and various bits of code no longer support it. (Perhaps that will be allowed someday, but it hasn't happened yet the locking implications of rewriting many tables are daunting.) We overlooked the possibility that an index might contain a composite type that doesn't also appear in its table.ĭisallow system columns as elements of foreign keys (Tom Lane) Other variants of ENABLE/DISABLE TRIGGER would process them, but only after improperly enforcing a superuserness check.ĭisallow altering composite types that are stored in indexes (Tom Lane)ĪLTER TYPE disallows non-binary-compatible modifications of composite types if they are stored in any table columns. ENABLE/DISABLE TRIGGER USER skipped cloned triggers, mistaking them for system triggers. However some code paths expected the schema name to be present and would fail.įix enabling/disabling of cloned triggers in partitioned tables (Tom Lane)ĪLTER TABLE. The SQL standard allows writing CREATE SCHEMA AUTHORIZATION owner_name, with the schema name defaulting to owner_name. (CVE-2023-2455)Īvoid crash when the new schema name is omitted in CREATE SCHEMA (Michael Paquier) The PostgreSQL Project thanks Wolfgang Walther for reporting this problem. This could allow a user to see or modify rows that should have been invisible. If a set-returning SQL-language function refers to a table having row-level security policies, and it can be inlined into a calling query, those RLS policies would not get enforced properly in some cases involving re-using a cached plan under a different role. (CVE-2023-2454)Įnforce row-level security policies correctly after inlining a set-returning function (Stephen Frost, Tom Lane) The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. This could allow any user having permission to create a schema to hijack the privileges of a security definer function or extension script. Within a CREATE SCHEMA command, objects in the prevailing search_path, as well as those in the newly-created schema, would be visible even within a called function or script that attempted to set a secure search_path. Prevent CREATE SCHEMA from defeating changes in search_path (Alexander Lakhin)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |