PostgreSQL 数据库发布了更新,包括 10.1、9.6.6、9.5.10、9.4.15、9.3.20 和 9.2.24。本次更新修复了三个安全问题,此外,还修复了在 BRIN 索引、逻辑复制中发现的问题,以及过去三个月中报告的其他错误。
已修复的三个安全漏洞:
-
CVE-2017-12172:启动脚本允许数据库管理员修改拥有 root 权限(root-owned)的文件
-
CVE-2017-15098:JSON 函数中的内存泄露
-
CVE-2017-15099:INSERT … ON CONFLICT DO UPDATE 无法强制执行 SELECT 权限
Bug 修复和改进:
-
Fix a race condition in BRIN indexing that could cause some rows to not be included in the indexing.
-
Fix crash when logical decoding is invoked from a PL language function.
-
Several fixes for logical replication.
-
Restored behavior for CTEs attached to INSERT/UPDATE/DELETE statements to pre-version 10.
-
Prevent low-probability crash in processing of nested trigger firings.
-
Do not evaluate an aggregate function's argument expressions when the conditions in the FILTER clause evaluate to FALSE. This complies with SQL-standard behavior.
-
Fix incorrect query results when multiple GROUPING SETS columns contain the same simple variable.
完整更新内容请查看发布主页。