opendbteam workspace

opendbteam workspace
opendbteam workspace

Friday, August 12, 2016

[ANNOUNCE] 2016-08-11 #postgresql #Security Update Release


The PostgreSQL Global Development Group has released an update to all supported 
versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and 
9.1.23. This release fixes two security issues. It also patches a number of 
other bugs reported over the last three months.  Users who rely on security 
isolation between database users should update as soon as possible.  Other 
users should plan to update at the next convenient 
downtime. 

Security Issues 
--------------- 

Two security holes have been closed by this release: 

* CVE-2016-5423: certain nested CASE expressions can cause the server to crash. 
* CVE-2016-5424: database and role names with embedded special characters 
  can allow code injection during administrative operations like pg_dumpall. 

The fix for the second issue also adds an option, -reuse-previous, to 
psql's \connect command.  pg_dumpall will also refuse to handle database and 
role names containing line breaks after the update.  For more information on 
these issues and how they affect backwards-compatibility, see the Release 
Notes. 

Bug Fixes and Improvements 
-------------------------- 

This update also fixes a number of bugs reported in the last few months. Some 
of these issues affect only version 9.5, but many affect all supported 
versions: 

* Fix misbehaviors of IS NULL/IS NOT NULL with composite values 
* Fix three areas where INSERT ... ON CONFLICT failed to work properly 
  with other SQL features. 
* Make INET and CIDR data types properly reject bad IPv6 values 
* Prevent crash in "point ## lseg" operator for NaN input 
* Avoid possible crash in pg_get_expr() 
* Fix several one-byte buffer over-reads in to_number() 
* Don't needlessly plan query if WITH NO DATA is specified 
* Avoid crash-unsafe state in expensive heap_update() paths 
* Fix hint bit update during WAL replay of row locking operations 
* Avoid unnecessary "could not serialize access" with FOR KEY SHARE 
* Avoid crash in postgres -C when the specified variable is a null string 
* Fix two issues with logical decoding and subtransactions 
* Ensure that backends see up-to-date statistics for shared catalogs 
* Prevent possible failure when vacuuming multixact IDs in an upgraded database 
* When a manual ANALYZE specifies columns, don't reset changes_since_analyze 
* Fix ANALYZE's overestimation of n_distinct for columns with nulls 
* Fix bug in b-tree mark/restore processing 
* Fix building of large (bigger than shared_buffers) hash indexes 
* Prevent infinite loop in GiST index build with NaN values 
* Fix possible crash during a nearest-neighbor indexscan 
* Fix "PANIC: failed to add BRIN tuple" error 
* Prevent possible crash during background worker shutdown 
* Many fixes for issues in parallel pg_dump and pg_restore 
* Make pg_basebackup accept -Z 0 as no compression 
* Make regression tests safe for Danish and Welsh locales 

The libpq client library has also been updated to support future two-part 
PostgreSQL version numbers. This update also contains tzdata release 2016f, 
with updates for Kemerovo, Novosibirsk, Azerbaijan, Belarus, and Morocco. 

EOL Warning for Version 9.1 
-------------------------- 

PostgreSQL version 9.1 will be End-of-Life in September 2016.  The project 
expects to only release one more update for that version.  We urge users to 
start planning an upgrade to a later version of PostgreSQL as soon as possible. 
See our Versioning Policy for more information. 

Updating 
-------- 

All PostgreSQL update releases are cumulative. As with other minor releases, 
users are not required to dump and reload their database or use pg_upgrade in 
order to apply this update release; you may simply shut down PostgreSQL and 
update its binaries.  Users who have skipped one or more update releases may 
need to run additional, post-update steps; please see the release notes for 
earlier versions for details. 

Links: 

-- 
Devrim Gündüz 

Thursday, August 11, 2016

#pgBadger 8.2 was released today #postgresql #postgres

pgBadger is a PostgreSQL performance analyzer, built for speed with 
fully detailed reports based on your PostgreSQL log files. 

pgBadger 8.2 was released today, this is a maintenance release that 
fix some minor bugs. There is also some performances improvement, up 
to 20% on huge files and some new interesting features: 

* Multiprocessing can be used with pgbouncer log files. 
* pgBouncer and PostgreSQL log files can be used together in 
incremental mode. 
* With default or same prefix, stderr and syslog file can be 
parsed together, csvlog format can always be used. 
* Use a modal dialog window to download graphs as png images. 
* Add pl/pgSQL function information to queries when available. 

Here are the complete list of changes: 

- Fix report of database system messages. 
- Fix multi line statement concatenation after an error. 
- Fix box size for report of queries generating the most 
temporary files and the most waiting queries. 
- Rewrite code to better handle multi-line queries. 
- Fix garbage in examples of event queries with error only mode 
(option -w). Thanks to Thomas Reiss for the report. 
- Fix getting dataset related to query duration with the use of 
auto_explain. Thanks to tom__b for the patch. 
- Use a modal dialog window to download graphs as png images. 
- Huge rewrite of the incremental mechanism applied to log files 
to handle PostgreSQL and pgbouncer logs at the same time. 
- Multiprocess can be used with pgbouncer log. 
- Add code to remove remaining keyword placeholders tags. 
- Fix an other possible case of truncated date in LAST_PARSED file 
Thanks to brafaeloliveira for the report. 
- Set default scale 1 in pretty_print_number() js function. 
- Fix auto-detection of pgbouncer files that contain only stats 
lines. Thanks to Glyn Astill for the patch. 
- Add date to samples of queries generating most temporary files. 
- Do not display warning message of empty log when quiet mode is 
enable. 
- Fix reading from stdin by disabling pgbouncer format detection. 
Thanks to Robert Vargason for the patch. 
- Fix case of duplicate normalized error message with "nonstandard 
use of ...". 
- Fix storage of current temporary file related request. 
- Use the mnemonic rather than a signal number in kill calls. 

Thanks to Komeda Shinji for the patch.