Tuesday, October 5

PostgreSQL 9.0.1 released fixing security, an infinite loop, and other issues

The source of PostgreSQL 9.0.1 can be downloaded now. Note that at the time of writing, it had not been formally announced.

The Release Notes include the following items:

Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl (Tom Lane)

This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity [...]

Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433).


Prevent infinite loop in ProcessIncomingNotify() after unlistening (Jeff Davis)


Prevent show_session_authorization() from crashing within autovacuum processes (Tom Lane)


No comments:

Post a Comment