Recientemente PostgreSQL developers announced the release of fixes versions 9 to 12 the new versions being 12.2, 11.7, 10.12, 9.6.17, 9.5.21 and 9.4.26. Of which this last (9.4.26) is the last update that is prepared for the 9.4 branches. While the updates for version 9.5 will be formed until February 2021, 9.6 until November 2021, PostgreSQL 10 until November 2022, PostgreSQL 11 until November 2023 and PostgreSQL 12 until November 2024.
With the release of new corrective versions developers mention 75 bugs fixed and vulnerability fixed (CVE-2020-1720) due to the lack of authorization verification when executing the command «ALTER… DEPENDS ON EXTENSION».
About vulnerability
In certain circumstances, the vulnerability allows an unprivileged user to remove any function, procedure, materialized view, index, or trigger. An attack is possible if the administrator has installed some extension and the user can run the CREATE command or the extension owner can be persuaded to run the DROP EXTENSION command.
In addition, you can see the appearance of a new pgcat application, which allows data to be replicated between multiple PostgreSQL servers. The program supports logical replication through the translation and replay on another host of an SQL script executed on the main server that leads to data changes.
Other changes
Some changes that affect only version 12 are also highlighted:
- Support for any type of target tables (views, fdw (Foreign Data Wrapper), segmented tables, distributed citus tables).
- Ability to redefine table names (replication from one table to another).
- Support for bidirectional replication through the transfer of only local changes, ignoring replicas coming from outside.
- The presence of a conflict resolution system based on the LWW (last-writer-win) algorithm.
- The ability to save information about replication progress and unapplied replicas in a separate table, which can be used to restore after temporarily inaccessible receiving node resumption.
Y of the corrections, the following stand out, of which the majority affect version 12 but they are also present in some previous versions:
- Fixed bug when adding foreign key constraints to subpartitioned table (aka multi-level partitioned table). If this functionality has already been used, it can be solved by detaching and reattaching the affected partition, or by dropping and re-adding the foreign key constraint to the primary table. You can find more information on how to perform these steps in the ALTER TABLE documentation.
- Fixed performance issue for partitioned tables introduced by fix for CVE-2017-7484 that now allows the scheduler to use statistics on a child table for a column that the user has access to in the parent table when the query contains a leaky operator.
- Various other fixes and changes to partitioned tables, including disregarding partition key expressions that return pseudo-types, such as RECORD.
- Fix for logical replication subscribers to run UPDATE triggers per column.
- Fix for various crashes and crashes for logical replication publishers and subscribers.
- Improved the efficiency of logical replication with REPLICA IDENTITY FULL.
- Various fixes for walsender processes.
- Hashes performance is improved with very large internal relationships.
- Various fixes for parallel query plans.
- Multiple fixes for query planner bugs, including one that affects single row subquery joins.
- Included several fixes for MCV extend statistics, including one for incorrect estimation of OR clauses.
- Improved the efficiency of parallel hash junction on CPUs with many cores.
If you want to know more about the release of these corrective versions, you can check the details in the following link.
Regarding the update to the new corrective version corresponding to the version on which you are, you do not need to execute a pg_upgrade, you just need to update the binaries of your installation.