corrective updates for all supported PostgreSQL branches: , , , , ΠΈ . Release 9.4.26 is final - preparing updates for the 9.4 branch . Updates for branch 9.5 will be formed until February 2021, 9.6 until November 2021, 10 until November 2022, 11 until November 2023, 12 until November 2024.
The new versions fix 75 bugs and fix the vulnerability
(CVE-2020-1720) caused by a missing authorization check when running the "ALTER ... DEPENDS ON EXTENSION" command. Under certain circumstances, the vulnerability allows an unprivileged user to remove any function, procedure, materialized view, index, or trigger. The attack is possible if the administrator has installed any extension, and the user can issue a CREATE command, or the owner of the extension can be persuaded to issue a DROP EXTENSION command.
Additionally, we can note the emergence of a new application , which allows data to be replicated between multiple PostgreSQL servers. The program supports logical replication through translation and playback on another host of a stream of SQL commands executed on the main server, leading to data changes. The code is written in Go and licensed under Apache 2.0. The main differences from the built-in logical replication mechanism:
- Support for any type of target tables (views, fdw (Foreign Data Wrapper), sharded tables, distributed citus tables);
- Ability to redefine table names (replication from one table to another);
- Support for bidirectional replication through the transfer of only local changes, ignoring replications coming from outside;
- Availability of a conflict resolution system based on the LWW (last-writer-win) algorithm;
- The ability to store information about the progress of replication and unused replicas in a separate table that can be used for recovery after the resumption of work of a temporarily unavailable receiving node.
Source: opennet.ru