--- /dev/null
+PostgreSQL 9.6, the latest version of the world's leading open source database, was released today by the PostgreSQL Global Development Group. This release will allow users to both scale up and scale out high performance database workloads. New features include parallel query, synchronous replication improvements, phrase search, and improvements to performance and usability, as well as many more features.
+
+Scale Up with Parallel Query
+----------------------------
+
+Version 9.6 adds support for parallelizing some query operations, enabling utilization of several or all of the cores on a server to return query results faster. This release includes parallel sequential (table) scan, aggregation, and joins. Depending on details and available cores, parallelism can speed up big data queries by as much as 32 times faster.
+
+"I migrated our entire genomics data platform - all 25 billion legacy MySQL rows of it - to a single Postgres database, leveraging the row compression abilities of the JSONB datatype, and the excellent GIN, BRIN, and B-tree indexing modes. Now with version 9.6, I expect to harness the parallel query functionality to allow even greater scalability for queries against our rather large tables," said Mike Sofen, Chief Database Architect, Synthetic Genomics.
+
+Scale Out with Synchronous Replication and postgres_fdw
+-------------------------------------------------------
+
+Two new options have been added to PostgreSQL's synchronous replication feature which allow it to be used to maintain consistent reads across database clusters. First, it now allows configuring groups of synchronous replicas. Second, the "remote_apply" mode creates a more consistent view of data across multiple nodes. These features support using built-in replication to maintain a set of "identical" nodes for load-balancing read workloads.
+
+The PostgreSQL-to-PostgreSQL data federation driver, postgres_fdw, has new capabilities to execute work on remote servers. By "pushing down" sorts, joins, and batch data updates, users can distribute workload across multiple PostgreSQL servers. These features should soon be added to other FDW drivers.
+
+"With the capabilities of remote JOIN, UPDATE and DELETE, Foreign Data Wrappers are now a complete solution for sharing data between other databases and PostgreSQL. For example, PostgreSQL can be used to handle data input going to two or more different kinds of databases," said Julyanto Sutandang, Director of Business Solutions at Equnix.
+
+Better Text Search with Phrases
+-------------------------------
+
+PostgreSQL's full text search feature now supports "phrase search." This lets users search for exact phrases, or for words within a specified proximity to each other, using fast GIN indexes. Combined with new features for fine-tuning text search options, PostgreSQL is the superior option for "hybrid search" which puts together relational, JSON, and full text searching.
+
+Smoother, Faster, and Easier to Use
+-----------------------------------
+
+Thanks to feedback and testing by PostgreSQL users with high-volume production databases, the project has been able to improve many aspects of performance and usability in this release. Replication, aggregation, indexing, sorting, and stored procedures have all been made more efficient, and PostgreSQL now makes better use of resources with recent Linux kernels. Administration overhead for large tables and complex workloads was also reduced, especially through improvements to VACUUM.
+
+Other Features
+--------------
+
+Version 9.6 has many other features added over the last year of development, among them:
+
+* New system views and functions: pg_stat_wal_receiver, pg_visbility,
+ pg_config, pg_blocking_pids, pg_notification_queue_usage
+* Command progress reporting support
+* Cascade support for installing extensions
+* pg_basebackup concurrency and replication slot support
+* Wait Event support
+* View editing and crosstabs in psql
+* User-defined expiration for old snapshots
+* Index-only scans for partial indexes
+
+Additionally, the project has changed and improved the API for binary hot backups. As such, developers of custom backup software for PostgreSQL should do additional testing around the new version. See the Release Notes for more detail.
+
+Links
+-----
+
+* [Downloads](https://www.postgresql.org/downloads)
+* [Release Notes](https://www.postgresql.org/docs/current/static/release-9-6.html)
+* [What's New in 9.6](https://wiki.postgresql.org/wiki/NewIn96)
+* [Press Kit](https://www.postgresql.org/about/press/presskit96)
--- /dev/null
+PostgreSQL 9.6, the latest version of the world's leading open source database, was released today by the PostgreSQL Global Development Group. This release will allow users to both scale up and scale out high performance database workloads. New features include parallel query, synchronous replication improvements, phrase search, and improvements to performance and usability, as well as many more features.
+
+Scale Up with Parallel Query
+----------------------------
+
+Version 9.6 adds support for parallelizing some query operations, enabling utilization of several or all of the cores on a server to return query results faster. This release includes parallel sequential (table) scan, aggregation, and joins. Depending on details and available cores, parallelism can speed up big data queries by as much as 32 times faster.
+
+"I migrated our entire genomics data platform - all 25 billion legacy MySQL rows of it - to a single Postgres database, leveraging the row compression abilities of the JSONB datatype, and the excellent GIN, BRIN, and B-tree indexing modes. Now with version 9.6, I expect to harness the parallel query functionality to allow even greater scalability for queries against our rather large tables," said Mike Sofen, Chief Database Architect, Synthetic Genomics.
+
+Scale Out with Synchronous Replication and postgres_fdw
+-------------------------------------------------------
+
+Two new options have been added to PostgreSQL's synchronous replication feature which allow it to be used to maintain consistent reads across database clusters. First, it now allows configuring groups of synchronous replicas. Second, the "remote_apply" mode creates a more consistent view of data across multiple nodes. These features support using built-in replication to maintain a set of "identical" nodes for load-balancing read workloads.
+
+The PostgreSQL-to-PostgreSQL data federation driver, postgres_fdw, has new capabilities to execute work on remote servers. By "pushing down" sorts, joins, and batch data updates, users can distribute workload across multiple PostgreSQL servers. These features should soon be added to other FDW drivers.
+
+"With the capabilities of remote JOIN, UPDATE and DELETE, Foreign Data Wrappers are now a complete solution for sharing data between other databases and PostgreSQL. For example, PostgreSQL can be used to handle data input going to two or more different kinds of databases," said Julyanto Sutandang, Director of Business Solutions at Equnix.
+
+Better Text Search with Phrases
+-------------------------------
+
+PostgreSQL's full text search feature now supports "phrase search." This lets users search for exact phrases, or for words within a specified proximity to each other, using fast GIN indexes. Combined with new features for fine-tuning text search options, PostgreSQL is the superior option for "hybrid search" which puts together relational, JSON, and full text searching.
+
+Smoother, Faster, and Easier to Use
+-----------------------------------
+
+Thanks to feedback and testing by PostgreSQL users with high-volume production databases, the project has been able to improve many aspects of performance and usability in this release. Replication, aggregation, indexing, sorting, and stored procedures have all been made more efficient, and PostgreSQL now makes better use of resources with recent Linux kernels. Administration overhead for large tables and complex workloads was also reduced, especially through improvements to VACUUM.
+
+Other Features
+--------------
+
+Version 9.6 has many other features added over the last year of development, among them:
+
+* New system views and functions: pg_stat_wal_receiver, pg_visbility,
+ pg_config, pg_blocking_pids, pg_notification_queue_usage
+* Command progress reporting support
+* Cascade support for installing extensions
+* pg_basebackup concurrency and replication slot support
+* Wait Event support
+* View editing and crosstabs in psql
+* User-defined expiration for old snapshots
+* Index-only scans for partial indexes
+
+Additionally, the project has changed and improved the API for binary hot backups. As such, developers of custom backup software for PostgreSQL should do additional testing around the new version. See the Release Notes for more detail.
+
+Links
+-----
+
+* Downloads:
+ https://www.postgresql.org/downloads
+* Release Notes:
+ https://www.postgresql.org/docs/current/static/release-9-6.html
+* What's New in 9.6:
+ https://wiki.postgresql.org/wiki/NewIn96
+* Press Kit:
+ https://www.postgresql.org/about/press/presskit96
--- /dev/null
+= Security Release 2010-10-05 Details: External PL Vulnerabilities =
+
+Following are details of the privilege escalation exploit which was reported in [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3433 CVE-2010-3433] and patched in the [http://www.postgresql.org/about/news.1244 2010-10-05 PostgreSQL Update Release]. While this security issue is low-risk and does not affect most users, its details are complex and hence a detailed explanation is necessary in order to clearly define who it '''does''' affect.
+
+== Who is affected by this vulnerability? ==
+
+Users who use external, trusted, interpreted procedural languages ("PLs"), together with privilege-changing code such as SECURITY DEFINER functions, SET ROLE and SET SESSION AUTHORIZATION.
+
+== What is the level of risk associated with this exploit? ==
+
+Low. It requires all of the following:
+
+* An attacker must have an authenticated connection to the database server.
+* The attacker must be able to execute arbitrary statements over that connection.
+* The attacker must have an strong knowledge of PostgreSQL.
+* Your application must include procedures or functions in an external procedural language.
+* These functions and procedures must be executed by users with greater privileges than the attacker, using SECURITY DEFINER or SET ROLE, and using the same connection as the attacker.
+
+The above may seem somewhat obscure. However, the PostgreSQL project takes our status as "most secure by default"[http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html] seriously and considers no security hole too small to patch. Additionally, this exploit specifically affects users who were trying to secure their data through the use of stored procedures and other mechanisms, and therefore needed to be addressed.
+
+== Which procedural languages are affected? ==
+
+{|
+! PL !! Affected? !! Patched? !! Comments
+|-
+| PL/pgsql || No || No || Not affected
+|-
+| PL/perl || Yes || Yes || 2010-10-05 security update
+|-
+| PL/tcl || Yes || Yes || 2010-10-05 security update
+|-
+| PL/pythonU || No || No || Untrusted only, not affected
+|-
+| PL/R || No || No || Untrusted only, not affected
+|-
+| PL/PHP || Yes || No || Patch in development<br>PL/PHP project
+|-
+| PL/Java || ??? || No || Unsure if affected or not
+|-
+| PL/Ruby || ??? || No || Unsure if affected or not
+|-
+| PL/sh || No || No || Untrusted only, not affected
+|}
+
+Other PLs, such as PL/Mono, PL/C++, PL/scheme, PL/XSLT, PL/matlab, PL/LOLCAT and PL/Lua are currently limited enough in functionality and adoption that they are assumed not to represent a significant risk. Authors or contributors to all PLs are urged to examine their PLs for this vulnerability and offer patches to their users as well as updates to this page.
+
+== Am I affected if I don't use stored procedures? ==
+
+No. You are not.
+
+In fact, you are only vulnerable if you use stored procedures together with some kind of privilege-changing statement, such as SECURITY DEFINER, SET ROLE, and SET SESSION AUTHORIZATION.
+
+== What are the details of this exploit? ==
+
+Several external languages which are used as procedural languages support features such as redefining modules, tied variables and other objects at runtime. An attacker, who is an authenticated PostgreSQL user with sufficient rights to create functions (which are available by default), could use this feature to redefine fundamental language components. If done in the same session in which a function in the same language is called by a different ROLE, or a SECURITY DEFINER function is called, this could then cause arbitrary code to be executed with the privileges of a different user, including the database superuser.
+
+This mechanism could be used to circumvent, for example, [https://public.commandprompt.com/projects/verticallychallenged/wiki the use of SET ROLE on connection to restrict user rights]. More dangerously, it could be used to hijack a SECURITY DEFINER function and execute whatever "side effect" code the attacker desires.
+
+"Untrusted" languages are not affected because only the database superuser can create functions using them, and the untrusted version of a langauage does get called as the same interpreter as the trusted version. If you have both trusted and untrusted versions of a language installed, however, you could still be vulnerable.
+
+== How does the 2010-10-05 security update fix this? ==
+
+It changes PL/perl and PL/tcl to start a seperate interpreter for each language for each database ROLE.
+
+== Does that break any backwards compatibility? ==
+
+Not for most users. However, users who were '''relying''' on the ability to pass variables or code between database ROLEs or to SECURITY DEFINER functions using shared hashes, modules, etc. may find that they need to modify their application before applying this update. A suggestion is to have all such data passing utilize SECURITY DEFINER functions owned by the same, single non-login ROLE.
+
+As frequently happens, what we see as a security hole a few users probably see as a feature. We apologize to such users for the inconvenience.
+
+== What's the difference between a trusted and untrusted language? ==
+
+"Trusted" procedural languages are ones that any database user with the rights to create functions is allowed to use to create new functions or modify existing functions. "Untrusted" languages are ones which only the database superuser is allowed to use to create new functions, because they may execute code outside of a "safe" database container.
+
+Several languages, including PL/perl, PL/tcl and PL/PHP, can be installed as either Trusted, Untrusted, or both. It has been pointed out that our use of the terms "trusted" and "untrusted" is exactly reversed, but after 13 years such usage would be difficult to change.
+
+== I cannot apply the update immediately, or my PL is not patched. How can I work around this vulnerability? ==
+
+First, three basic precautions lessen your exposure to this and other privilege escalation exploits:
+
+* Obviously, you want to prevent users from executing arbitrary code on your database. In order to take advantage of this exploit, users must be authenticated and able to create new, custom functions.
+* If you use SECURITY DEFINER functions, you want to make sure to set the search_path of such functions as detailed in previous security fixes.
+* Existing functions and stored procedures should be owned by a different login role than the one associated with your application or web user so that they cannot easily be modified.
+
+An immediate workaround is to remove all rights to create new functions from regular users, which is a good idea in any case for a production database:
+
+ REVOKE USAGE ON LANGUAGE '''procedural_language''' FROM PUBLIC;
+ example: REVOKE USAGE ON LANGUAGE plruby FROM PUBLIC;
+
+If specific users then need the ability to create functions, they can have that right GRANTed individually.
+
+== Do any known exploit scripts exist in the wild for this issue? ==
+
+No.
+
+== Who discovered this vulnerability, then? ==
+
+PostgreSQL contributor and Perl DBI creator Tim Bunce, while working on improving PL/perl.
+
+== I am a maintainer of an external PL and wish to contact someone about patching my PL ==
+
+Please e-mail security@postgresql.org to discuss this with the PostgreSQL security team.
--- /dev/null
+The PostgreSQL Global Development Group has released an update to all current versions of the PostgreSQL database system, including versions 9.2.3, 9.1.8, 9.0.12, 8.4.16, and 8.3.23. Users should update at their next maintenance window.
+
+Today's update fixes a performance regression which caused a 10% decrease in throughput when using dynamic queries in stored procedures in version 9.2. Applications which use PL/pgSQL's EXECUTE are strongly affected by this regression and need to be updated. We have also fixed intermittent crashes caused by CREATE/DROP INDEX CONCURRENTLY, and multiple minor issues with replication.
+
+This release is expected to be the final community-provided update for version 8.3, which is now End-of-Life (EOL). Users of version 8.3 should plan to upgrade to a later version of PostgreSQL within the next three months. For more information, see our Versioning Policy ( http://www.postgresql.org/support/versioning/ ).
+
+This update release also contains fixes for many minor issues discovered and patched by the PostgreSQL community in the last two months, including:
+
+* Prevent lowering freeze_min_age from causing additional table scans
+* Prevent spurious cached plan error in PL/pgSQL
+* Allow subscripts from subselects with extra parentheses
+* Prevent DROP OWNED from dropping databases or tablespaces
+* Make ECPG use translated messages
+* Allow PL/Python to use multi-table trigger functions (again) in 9.1 and 9.2
+* Fix several activity log management issues on Windows
+* Prevent autovacuum file truncation from being cancelled by deadlock_timeout
+* Make extensions build with the .exe suffix automatically on Windows
+* Fix concurrency issues with CREATE/DROP DATABASE
+* Reject out-of-date values in to_date() conversion function
+* Revert cost estimation for large indexes back to pre-9.2 behavior
+* Fix potential corruption error with CREATE/DROP INDEX CONCURRENTLY
+* Make pg_basebackup tolerate timeline switches
+* Cleanup leftover temp table entries during crash recovery
+* Prevent infinite loop when inserting a large table with a large fillfactor
+* Prevent integer overflow in dynahash creation
+* Make pg_upgrade work with INVALID indexes
+* Fix bugs in TYPE priveleges
+* Allow Contrib installchecks to run in their own databases
+* Many documentation updates
+* Add new timezone "FET", and update several other timezones.
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional, post-update steps; see the Release Notes for details.
+
+Links:
+ * Download: http://postgresql.org/download
+ * Release Notes: http://www.postgresql.org/docs/current/static/release.html
\ No newline at end of file
--- /dev/null
+The PostgreSQL Global Development Group has released an update to all current versions of the PostgreSQL database system, including 9.2.1, 9.1.6, 9.0.10, 8.4.14 and 8.3.21. This update fixes critical issues for major versions 9.1 and 9.2, and users running those versions should apply it as soon as possible. Users of versions 8.3, 8.4 and 9.0 should plan to update at the next scheduled downtime.
+
+The update fixes two potential data corruption issues present in the PostgreSQL 9.1 and 9.2 for any server which has crashed, been shutdown "immediate", or was failed over to a standby. First, the PostgreSQL development team has discovered a chance of corruption of BTREE and GIN indexes for databases. Second, there is a significant chance of corruption of the visibility map. This update fixes both issues.
+
+We advise users of 9.1 and 9.2 to run VACUUM and/or index rebuilds after applying the update. Please see this wiki page for detailed instructions: http://wiki.postgresql.org/wiki/20120924updaterelease
+
+This update release also contains fixes for many minor issues discovered and patched by the PostgreSQL community in the last month, including many fixes for the newly released version 9.2. These include:
+
+* list of significant changes here
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users of older versions who have skipped multiple update releases may need to perform additional, post-update steps; see the Release Notes for details.
+
+Links:
+ * Download: http://postgresql.org/download
+ * Release Notes: http://www.postgresql.org/docs/current/static/release.html
+
+
+
+= Details of 2012-09-24 Update Release Data Corruption Issue =
+
+== Description of the Problem ==
+
+Versions 9.1 and 9.2 of PostgreSQL have a bug with flushing dirty blocks from memory, or "checkpointing", introduced accidentally as a side effect of performance optimizations and new features, mainly Unlogged Tables. This bug can cause data of certain types to not be written to disk if the database shuts down or restarts for any of the following reasons:
+
+* PostgreSQL crash
+* Server crash or power loss
+* "immediate" shutdown (pg_ctl -m immediate)
+* "kill -9" or Out-Of-Memory-Kill of the postmaster service
+* database is a standby which was promoted to master
+
+Under these circumstances, the database can suffer from recoverable data corruption. The nature of this corruption is such that it can produce wrong, but seemingly valid, answers to queries, so it is critical that users who may have been affected by this corruption take steps to clean it up very soon.
+
+First, there is a low probability of corruption of BTREE and GIN indexes. Shutting
+down cleanly will limit the further spread of this issue. It's very likely that if corruption has occurred that it would be visible in the form of error messages when the index is used.
+
+Second, there is a significant probability of corruption of relation visibility maps (approaching 100% on standbys). This affects 9.1 very differently from 9.2, however. On PostgreSQL 9.1 the worst consequence is some transient inefficiency and/or failure to recover free space during VACUUM. On PostgreSQL 9.2, we use the visibility map during index only scans and so these are likely to produce wrong answers.
+
+== Steps for Users of PostgreSQL 9.1 ==
+
+If you are running 9.1, and suspect that you may be vulnerable to database corruption because your database has shut down unexpectedly or failed over during the last few months:
+
+# Download new 9.1.6 packages
+# Do a clean shutdown of PostgreSQL, using one of the following mechanisms:
+#* init script or service manager
+#* pg_ctl -m smart stop
+#* pg_ctl -m fast stop
+# Install 9.1.6
+# Restart the database system
+# Gradually rebuild all of your BTree and GIN indexes (see below)
+# Schedule a manual vacuum of the whole database during a convenient slow period (see below)
+
+If you are planning to upgrade to PostgreSQL 9.2 using pg_upgrade, it is critical for you to run the full database VACUUM first.
+
+== Steps for Users of PostgreSQL 9.2 ==
+
+If you are running 9.2.0, and suspect that you may be vulnerable to database corruption because your database has shut down unexpectedly or failed over during the last two weeks:
+
+# Download new 9.2.1 packages
+# Do a clean shutdown of PostgreSQL, using one of the following mechanisms:
+#* init script or service manager
+#* pg_ctl -m smart stop
+#* pg_ctl -m fast stop
+# Install 9.2.1
+# Restart the database system
+# VACUUM all tables in your database immediately
+# Gradually rebuild all of your BTree and GIN indexes (see below)
+
+== How to VACUUM All Tables ==
+
+To correct corruption of the visibility map, users should run a vacuum and force a scan of all database blocks in order to reset the entire map. Since this means effectively scanning the entire database off of disk, it will generate considerable IO and take significant time to execute for large databases. One way to ameliorate the impact on concurrently running database load is to use cost delay to spread out the vacuum:
+
+SET vacuum_cost_delay = 50;
+
+=== Interactive VACUUM ===
+
+# log in to psql as the Postgres superuser
+# set vacuum_cost_delay, if doing so
+# run "SET vacuum_freeze_table_age = 0;"
+# run "VACUUM VERBOSE ANALYZE;" (ANALYZE is optional)
+
+This will produce a lot of output, allowing you to track progress of the full-database vacuum.
+
+You can also VACUUM one table at a time instead of doing them all one after the other, provided that you have some way to track which tables have and have not been vacuumed.
+
+=== vacuumdb ===
+
+
+== a to Rebuild BTree/GIN Indexes ==
+
+
+
+
+
+New users of 9.2.0
+should consider immediate upgrade to avoid application issues. Once
+upgraded to 9.2.1, users should perform a complete database vacuum
+with reasonable urgency, by issuing the following commands to force a
+scan of all database blocks and to reset visibility map correctly. You
+may also wish to consider the use of vacuum_cost_delay to reduce the
+effect of vacuum on larger databases.
+
+SET vacuum_freeze_table_age = 0;
+VACUUM;
+
+Users of PostgreSQL 9.1 should make sure to perform the above step
+before any upgrade to 9.2. Other than that, 9.1 users do not need to
+perform the VACUUM with much urgency.
+
+
+Stacey,
+
+We need to notify all of our current customers using PostgreSQL 9.1 of the 9.1.6 release coming out Monday. Not only do they need to update their releases ASAP, but they also will need extra, post-update work. I'm telling you now because it's important that they be notified before the end of the California business day on Monday. If your schedule won't permit this, let me know.
+
+Associates who have active clients they know are not running 9.1 or have clients they want to notify personally, should send a list of those clients to Stacey.
+
+Draft notice follows:
+
+===============================
+
--- /dev/null
+The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.3, 9.1.8, 9.0.12, 8.4.16, and 8.3.23. This update fixes a denial-of-service (DOS) vulnerability. All users should update their PostgreSQL installations as soon as possible.
+
+The security issue fixed in this release, [CVE-2013-0255](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255), allows a previously authenticated user to crash the server by calling an internal function with invalid arguments. This issue was discovered by independent security researcher Sumit Soni this week and reported via Secunia SVCRP, and we are grateful for their efforts in making PostgreSQL more secure.
+
+Today's update also fixes a performance regression which caused a decrease in throughput when using dynamic queries in stored procedures in version 9.2. Applications which use PL/pgSQL's EXECUTE are strongly affected by this regression and should be updated. Additionally, we have fixed intermittent crashes caused by CREATE/DROP INDEX CONCURRENTLY, and multiple minor issues with replication.
+
+This release is expected to be the final update for version 8.3, which is now End-of-Life (EOL). Users of version 8.3 should plan to upgrade to a later version of PostgreSQL immediately. For more information, see our [Versioning Policy](http://www.postgresql.org/support/versioning).
+
+This update release also contains fixes for many minor issues discovered and patched by the PostgreSQL community in the last two months, including:
+
+* Prevent unnecessary table scans during vacuuming
+* Prevent spurious cached plan error in PL/pgSQL
+* Allow sub-SELECTs to be subscripted
+* Prevent DROP OWNED from dropping databases or tablespaces
+* Make ECPG use translated messages
+* Allow PL/Python to use multi-table trigger functions (again) in 9.1 and 9.2
+* Fix several activity log management issues on Windows
+* Prevent autovacuum file truncation from being cancelled by deadlock_timeout
+* Make extensions build with the .exe suffix automatically on Windows
+* Fix concurrency issues with CREATE/DROP DATABASE
+* Reject out-of-range values in to_date() conversion function
+* Revert cost estimation for large indexes back to pre-9.2 behavior
+* Make pg_basebackup tolerate timeline switches
+* Cleanup leftover temp table entries during crash recovery
+* Prevent infinite loop when COPY inserts a large tuple into a table with a large fillfactor
+* Prevent integer overflow in dynahash creation
+* Make pg_upgrade work with INVALID indexes
+* Fix bugs in TYPE privileges
+* Allow Contrib installchecks to run in their own databases
+* Many documentation updates
+* Add new timezone "FET".
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional, post-update steps; see the Release Notes for details.
+
+Links:
+ * [Download](http://postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
--- /dev/null
+The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.3, 9.1.8, 9.0.12, 8.4.16, and 8.3.23. This update fixes a denial-of-service (DOS) vulnerability. All users should update their PostgreSQL installations as soon as possible.
+
+The security issue fixed in this release, CVE-2013-0255 ( http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255 ), allows a previously authenticated user to crash the server by calling an internal function with invalid arguments. This issue was discovered by independent security researcher Sumit Soni this week and reported via Secunia SVCRP, and we are grateful for their efforts in making PostgreSQL more secure.
+
+Today's update also fixes a performance regression which caused a decrease in throughput when using dynamic queries in stored procedures in version 9.2. Applications which use PL/pgSQL's EXECUTE are strongly affected by this regression and should be updated. Additionally, we have fixed intermittent crashes caused by CREATE/DROP INDEX CONCURRENTLY, and multiple minor issues with replication.
+
+This release is expected to be the final update for version 8.3, which is now End-of-Life (EOL). Users of version 8.3 should plan to upgrade to a later version of PostgreSQL immediately. For more information, see our Versioning Policy ( http://www.postgresql.org/support/versioning/ ).
+
+This update release also contains fixes for many minor issues discovered and patched by the PostgreSQL community in the last two months, including:
+
+* Prevent unnecessary table scans during vacuuming
+* Prevent spurious cached plan error in PL/pgSQL
+* Allow sub-SELECTs to be subscripted
+* Prevent DROP OWNED from dropping databases or tablespaces
+* Make ECPG use translated messages
+* Allow PL/Python to use multi-table trigger functions
+ (again) in 9.1 and 9.2
+* Fix several activity log management issues on Windows
+* Prevent autovacuum file truncation from being
+ cancelled by deadlock_timeout
+* Make extensions build with the .exe suffix automatically
+ on Windows
+* Fix concurrency issues with CREATE/DROP DATABASE
+* Reject out-of-range values in to_date() conversion function
+* Revert cost estimation for large indexes back to pre-9.2
+ behavior
+* Make pg_basebackup tolerate timeline switches
+* Cleanup leftover temp table entries during crash recovery
+* Prevent infinite loop when COPY inserts a large tuple into a
+ table with a large fillfactor
+* Prevent integer overflow in dynahash creation
+* Make pg_upgrade work with INVALID indexes
+* Fix bugs in TYPE privileges
+* Allow Contrib installchecks to run in their own databases
+* Many documentation updates
+* Add new timezone "FET".
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional, post-update steps; see the Release Notes for details.
+
+Links:
+ * Download: http://postgresql.org/download
+ * Release Notes: http://www.postgresql.org/docs/current/static/release.html
+
\ No newline at end of file
--- /dev/null
+20130404 Security Release FAQ
+=============================
+
+While this FAQ covers the 20130404 PostgreSQL Security Update in general, most of its contents focus on the primary security vulnerability patched in the release, [CVE-2013-1899](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899).
+
+Are there any known exploits “in the wild” for this vulnerability?
+--------------------------------------------
+
+There are no known exploits at the time of release.
+
+Who is particularly vulnerable because of this issue?
+--------------------------------------------
+
+Any system that allows unrestricted access to the PostgreSQL network port, such as users running PostgreSQL on a public cloud, is especially vulnerable. Users whose servers are only accessible on protected internal networks, or who have effective firewalling or other network access restrictions, are less vulnerable.
+
+This is a good general rule for database security: do not allow port access to the database server from untrusted networks unless it is absolutely necessary. This is as true, or more true, of other database systems as it is of PostgreSQL.
+
+What is the nature of the vulnerability?
+--------------------------------------------
+
+The vulnerability allows users to use a command-line switch for a PostgreSQL connection intended for single-user recovery mode while PostgreSQL is running in normal, multiuser mode. This can be used to harm the server.
+
+What potential exploits are enabled by this vulnerability?
+--------------------------------------------
+
+1. Persistent Denial of Service: an unauthenticated attacker may use this vulnerability to cause PostgreSQL error messages to be appended to targeted files in the PostgreSQL data directory on the server. Files corrupted in this way may cause the database server to crash, and to refuse to restart. The database server can be fixed either by editing the files and removing the garbage text, or restoring from backup.
+2. Configuration Setting Privilege Escalation: in the event that an attacker has a legitimate login on the database server, and the server is configured such that this user name and the database name are identical (e.g. “user ‘web’, database ‘web’”), then this vulnerability may be used to temporarily set one configuration variable with the privileges of the superuser.
+3. Arbitrary Code Execution: if the attacker meets all of the qualifications under 2 above, and has the ability to save files to the filesystem as well (even to the “tmp” directory), then they can use the vulnerability to load and execute arbitrary C code. SEPostgres will prevent this specific type of exploit.
+
+Which major versions of PostgreSQL are affected?
+--------------------------------------------
+
+Versions 9.0, 9.1 and 9.2.
+
+Users of version 8.4 are not affected. Users of version 8.3 and earier are not affected by this issue, but are vulnerable to other unpatched security vulnerabilities, since those versions are EOL.
+
+How can users protect themselves?
+--------------------------------------------
+
+* Download the update release and update all of your servers as soon as possible.
+* Ensure that PostgreSQL is not open to connections from untrusted networks.
+* Audit your database users to be certain that all logins require proper credentials, and that the only logins which exist are legitimate and in current use.
+
+Use of advanced security frameworks, such as SELinux with PostgreSQL's SEPostgres extension, also lessen or eliminate the exposure and potential damage from PostgreSQL security vulnerabilities.
+
+Who was given access to the information about the vulnerability?
+--------------------------------------------
+
+Specifics about the vulnerability were first disclosed to our security team.
+
+The PostgreSQL Global Development Group (PGDG) has had, for several years, a policy granting engineers who build PostgreSQL binary packages to be distributed to the public (such as RPMs and Windows installers) early access to be able to release information and code so that packages can be ready on the official release date. This applied to both minor and major releases. Given the increasing prevalence of PostgreSQL-as-a-Service (PGaaS) as a distribution mechanism, we are revising this policy to accomodate the case of the cloud providers. The new policy is still being edited and should be available soon.
+
+When was the vulnerability discovered?
+--------------------------------------------
+
+This vulnerability was first reported to the PostgreSQL Global Development Group (PGDG) security team on March 12, 2013.
+
+We filed for the CVE, with the assistance of the Red Hat security team, on March 27.
+
+Who discovered the vulnerability?
+--------------------------------------------
+
+Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center while conducting a security audit. NTT is a longtime contributor to PostgreSQL.
+
+How was the vulnerability reported?
+--------------------------------------------
+
+Kondo-san and Horiguchi-san sent email to security@postgresql.org.
+
+As reported by TechCrunch and Hacker News, some entities including cloud platform provider Heroku were given early access. Why did this occur?
+--------------------------------------------
+
+Heroku was given access to updated source code which patched the vulnerability at the same time as other packagers. Because Heroku was especially vulnerable, the PostgreSQL Core Team worked with them both to secure their infrastructure and to use their deployment as a test-bed for the security patches, in order to verify that the security update did not break any application functionality. Heroku has a history both of working closely with community developers, and of testing experimental features in their PostgreSQL service.
+
+Who was given access to the code before the official release?
+--------------------------------------------
+
+We have two teams that communicate on private lists hosted on the PGDG infrastructure. Both teams had access to the source code prior to the release of any packages for analyzing the security patch and then creating packages for distributing PostgreSQL binaries. These are our Security Team and our Packagers List. In both cases, these groups had early access in order to participate in patching the security hole.
+
+How can end-users with large deployments or security-sensitive applications obtain early access security information?
+--------------------------------------------
+
+At this time, the PostgreSQL project does not provide users who are not directly involved in patching security vulnerabilities or packaging PostgreSQL for other users early access to security information, patches, or code. It is possible that at some time in the future we may be in a position to offer such access, but we are not able to now.
+
+Was taking the repository private while this security discussion was ongoing the proper thing to do?
+--------------------------------------------
+
+Given the severity of the vulnerability, the PostgreSQL Core team deliberated and determined the security risk posed by having the source code for the fix available before the packages were made available outweighed the public’s interest in having immediate access.
+
+Normal procedure for sharing information about security releases is to send an announcement our developer mailing list, pgsql-hackers@postgresql.org, a week before a new release. Tom Lane did this. Then, due to the severity of the security vulnerability, we also sent an announcement to pgsql-announce@postgresql.org and to our RSS News feed on our website homepage. We did this because we wanted to give DBAs sufficient time to plan for a maintenance window to upgrade.
+
+The timing of the announcements and the release was based on the availability of volunteer packagers and release managers to conduct the release.
+
+How is the PostgreSQL project organized?
+--------------------------------------------
+
+PostgreSQL Global Development Group (PGDG) is a volunteer-run, global organization. We have a six-person core team, a number of Major Contributors and several mailing lists that make up the centralized portion of our community. [See here for details about contributors](http://www.postgresql.org/community/contributors/).
+
+How are new members added to the Security Team or Packagers?
+--------------------------------------------
+
+Membership in both groups is maintained by the Core Team.
+
+How often does PostgreSQL find new security vulnerabilities?
+--------------------------------------------
+
+We find zero to seven minor security issues a year. This is the first security issue of this magnitude since 2006: the “backslash escape encoding issue”, which affected MySQL and a few other database systems as well.
+
+How was the vulnerability introduced?
+--------------------------------------------
+
+It was created as a side effect of a refactoring effort to make establishing new connections to a PostgreSQL server faster, and the associated code more maintainable.
+
+Who discovers vulnerabilities in PostgreSQL?
+--------------------------------------------
+
+We are fortunate to have a large pool of security engineers who test PostgreSQL regularly and responsibly report security issues so that they can be fixed. This includes:
+
+* QA staff at contributing companies like NTT Open Source and EnterpriseDB
+* Security researchers at the Japanese federal security agency
+* Security researchers at security companies, such as Secunia
+* Coverity’s Scan Project
+* and our large pool of participating community users, who report bugs.
+
+What else is included in this release?
+--------------------------------------------
+
+This release also updates four other, minor, security issues which are detailed on the [Security Page](http://www.postgresql.org/support/security) and in the release announcement. It includes a number of bug fixes for PostgreSQL as well, most notably fixes for two potential data corruption issues with binary replication.
--- /dev/null
+= 20130404 Security Release FAQ =
+
+While this FAQ covers the 20130404 PostgreSQL Security Update in general, most of its contents focus on the primary security vulnerability patched in the release, [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899 CVE-2013-1899].
+
+=== Are there any known exploits “in the wild” for this vulnerability? ===
+
+There are no known exploits at the time of release.
+
+=== Who is particularly vulnerable because of this issue? ===
+
+Any system that allows unrestricted access to the PostgreSQL network port, such as users running PostgreSQL on a public cloud, is especially vulnerable. Users whose servers are only accessible on protected internal networks, or who have effective firewalling or other network access restrictions, are less vulnerable.
+
+This is a good general rule for database security: do not allow port access to the database server from untrusted networks unless it is absolutely necessary. This is as true, or more true, of other database systems as it is of PostgreSQL.
+
+=== What is the nature of the vulnerability? ===
+
+The vulnerability allows users to use a command-line switch for a PostgreSQL connection intended for single-user recovery mode while PostgreSQL is running in normal, multiuser mode. This can be used to harm the server.
+
+=== What potential exploits are enabled by this vulnerability? ===
+
+# Persistent Denial of Service: an unauthenticated attacker may use this vulnerability to cause PostgreSQL error messages to be appended to targeted files in the PostgreSQL data directory on the server. Files corrupted in this way may cause the database server to crash, and to refuse to restart. The database server can be fixed either by editing the files and removing the garbage text, or restoring from backup.
+# Configuration Setting Privilege Escalation: in the event that an attacker has a legitimate login on the database server, and the server is configured such that this user name and the database name are identical (e.g. “user ‘web’, database ‘web’”), then this vulnerability may be used to temporarily set one configuration variable with the privileges of the superuser.
+# Arbitrary Code Execution: if the attacker meets all of the qualifications under 2 above, and has the ability to save files to the filesystem as well (even to the “tmp” directory), then they can use the vulnerability to load and execute arbitrary C code. SEPostgres will prevent this specific type of exploit.
+
+=== Which major versions of PostgreSQL are affected? ===
+
+Versions 9.0, 9.1 and 9.2.
+
+Users of version 8.4 are not affected. Users of version 8.3 and earier are not affected by this issue, but are vulnerable to other unpatched security vulnerabilities, since those versions are EOL.
+
+=== How can users protect themselves? ===
+
+* Download the update release and update all of your servers as soon as possible.
+* Ensure that PostgreSQL is not open to connections from untrusted networks.
+* Audit your database users to be certain that all logins require proper credentials, and that the only logins which exist are legitimate and in current use.
+
+Use of advanced security frameworks, such as SELinux with PostgreSQL's SEPostgres extension, also lessen or eliminate the exposure and potential damage from PostgreSQL security vulnerabilities.
+
+===Who was given access to the information about the vulnerability?===
+
+Specifics about the vulnerability were first disclosed to our security team.
+
+The PostgreSQL Global Development Group (PGDG) has had, for several years, a policy granting engineers who build PostgreSQL binary packages to be distributed to the public (such as RPMs and Windows installers) early access to be able to release information and code so that packages can be ready on the official release date. This applied to both minor and major releases. Given the increasing prevalence of PostgreSQL-as-a-Service (PGaaS) as a distribution mechanism, we are revising this policy to accomodate the case of the cloud providers. The new policy is still being edited and should be available soon.
+
+===When was the vulnerability discovered?===
+
+This vulnerability was first reported to the PostgreSQL Global Development Group (PGDG) security team on March 12, 2013.
+
+We filed for the CVE, with the assistance of the Red Hat security team, on March 27.
+
+===Who discovered the vulnerability?===
+
+Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center while conducting a security audit. NTT is a longtime contributor to PostgreSQL.
+
+===How was the vulnerability reported?===
+
+Kondo-san and Horiguchi-san sent email to security@postgresql.org.
+
+===As reported by TechCrunch and Hacker News, some entities including cloud platform provider Heroku were given early access. Why did this occur?===
+
+Heroku was given access to updated source code which patched the vulnerability at the same time as other packagers. Because Heroku was especially vulnerable, the PostgreSQL Core Team worked with them both to secure their infrastructure and to use their deployment as a test-bed for the security patches, in order to verify that the security update did not break any application functionality. Heroku has a history both of working closely with community developers, and of testing experimental features in their PostgreSQL service.
+
+===Who was given access to the code before the official release? ===
+
+We have two teams that communicate on private lists hosted on the PGDG infrastructure. Both teams had access to the source code prior to the release of any packages for analyzing the security patch and then creating packages for distributing PostgreSQL binaries. These are our Security Team and our Packagers List. In both cases, these groups had early access in order to participate in patching the security hole.
+
+===How can end-users with large deployments or security-sensitive applications obtain early access security information?===
+
+At this time, the PostgreSQL project does not provide users who are not directly involved in patching security vulnerabilities or packaging PostgreSQL for other users early access to security information, patches, or code. It is possible that at some time in the future we may be in a position to offer such access, but we are not able to now.
+
+===Was taking the repository private while this security discussion was ongoing the proper thing to do?===
+
+Given the severity of the vulnerability, the PostgreSQL Core team deliberated and determined the security risk posed by having the source code for the fix available before the packages were made available outweighed the public’s interest in having immediate access.
+
+Normal procedure for sharing information about security releases is to send an announcement our developer mailing list, pgsql-hackers@postgresql.org, a week before a new release. Tom Lane did this. Then, due to the severity of the security vulnerability, we also sent an announcement to pgsql-announce@postgresql.org and to our RSS News feed on our website homepage. We did this because we wanted to give DBAs sufficient time to plan for a maintenance window to upgrade.
+
+The timing of the announcements and the release was based on the availability of volunteer packagers and release managers to conduct the release.
+
+===How is the PostgreSQL project organized?===
+
+PostgreSQL Global Development Group (PGDG) is a volunteer-run, global organization. We have a six-person core team, a number of Major Contributors and several mailing lists that make up the centralized portion of our community. [http://www.postgresql.org/community/contributors/ See here for details about contributors].
+
+===How are new members added to the Security Team or Packagers?===
+
+Membership in both groups is maintained by the Core Team.
+
+===How often does PostgreSQL find new security vulnerabilities?===
+
+We find zero to seven minor security issues a year. This is the first security issue of this magnitude since 2006: the “backslash escape encoding issue”, which affected MySQL and a few other database systems as well.
+
+===How was the vulnerability introduced?===
+
+It was created as a side effect of a refactoring effort to make establishing new connections to a PostgreSQL server faster, and the associated code more maintainable.
+
+===Who discovers vulnerabilities in PostgreSQL?===
+
+We are fortunate to have a large pool of security engineers who test PostgreSQL regularly and responsibly report security issues so that they can be fixed. This includes:
+
+* QA staff at contributing companies like NTT Open Source and EnterpriseDB
+* Security researchers at the Japanese federal security agency
+* Security researchers at security companies, such as Secunia
+* Coverity’s Scan Project
+* and our large pool of participating community users, who report bugs.
+
+===What else is included in this release?===
+
+This release also updates four other, minor, security issues which are detailed on the [http://www.postgresql.org/support/security Security Page] and in the release announcement. It includes a number of bug fixes for PostgreSQL as well, most notably fixes for two potential data corruption issues with binary replication.
+
--- /dev/null
+The PostgreSQL Global Development Group has released a bug-fix update to all current versions of the PostgreSQL database system, including versions 9.3.1, 9.2.5, 9.1.10, 9.0.14, and 8.4.18. This release fixes many minor issues reported by our community over the last six months. All users should update their PostgreSQL installations at the next regular maintenance window.
+
+In this release are fixes for the recently-released version 9.3, including:
+
+* Update hstore extension with JSON functionality
+* Prevent memory leak when creating range indexes
+* Fix libpq SSL deadlock bug
+
+In addition to the above, there are a few dozen minor bug fixes for older versions. These patches were already included in 9.3.0 when released. Among them are:
+
+* Guarantee transmission of all WAL files before replica failover
+* Prevent downcasing of non-ASCII identifiers
+* Fix several minor memory leaks
+* Correct overcommit behavior when using more than 24GB of work memory
+* Improve planner cost estimates for choosing generic plans
+* Fix estimates of NULL rows in boolean columns
+* Make UNION ALL and inheritance query plans recheck parameterized paths
+* Correct pg_dump bugs for foreign tables, views, and extensions
+* Prevent a parallel pg_restore failure on certain indexes
+* Make REINDEX revalidate constraints
+* Prevent two deadlock issues in SP-GIST and REINDEX CONCURRENTLY
+* Prevent GiST index lookup crash
+* Fix several regular expression failures
+* Allow ALTER DEFAULT PRIVILEGES to work on all schemas
+* Loosen restrictions on keywords
+* Allow various spellings of infinity
+* Expand ability to compare rows to records and arrays
+* Prevent psql client crash on bad PSQLRC file
+* Add spinlock support for ARM64
+
+Note that users of the hstore extension on version 9.3 must take an additional, post upgrade step of running "ALTER EXTENSION hstore UPDATE" in each database after update.
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional, post-update steps; see the Release Notes for details.
+
+Links:
+ * [Download](http://postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+
+
\ No newline at end of file
--- /dev/null
+The PostgreSQL Global Development Group has released a bug-fix update to all current versions of the PostgreSQL database system, including versions 9.3.1, 9.2.5, 9.1.10, 9.0.14, and 8.4.18. This release fixes many minor issues reported by our community over the last six months. All users should update their PostgreSQL installations at the next regular maintenance window.
+
+In this release are fixes for the recently-released version 9.3, including:
+
+* Update hstore extension with JSON functionality
+* Prevent memory leak when creating range indexes
+* Fix libpq SSL deadlock bug
+
+In addition to the above, there are a few dozen minor bug fixes for older versions. These patches were already included in 9.3.0 when released. Among them are:
+
+* Guarantee transmission of all WAL files before replica failover
+* Prevent downcasing of non-ASCII identifiers
+* Fix several minor memory leaks
+* Correct overcommit behavior when using more than 24GB of work memory
+* Improve planner cost estimates for choosing generic plans
+* Fix estimates of NULL rows in boolean columns
+* Make UNION ALL and inheritance query plans recheck parameterized paths
+* Correct pg_dump bugs for foreign tables, views, and extensions
+* Prevent a parallel pg_restore failure on certain indexes
+* Make REINDEX revalidate constraints
+* Prevent two deadlock issues in SP-GIST and REINDEX CONCURRENTLY
+* Prevent GiST index lookup crash
+* Fix several regular expression failures
+* Allow ALTER DEFAULT PRIVILEGES to work on all schemas
+* Loosen restrictions on keywords
+* Allow various spellings of infinity
+* Expand ability to compare rows to records and arrays
+* Prevent psql client crash on bad PSQLRC file
+* Add spinlock support for ARM64
+
+Note that users of the hstore extension on version 9.3 must take an additional, post upgrade step of running "ALTER EXTENSION hstore UPDATE" in each database after update.
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional, post-update steps; see the Release Notes for details.
+
+Links:
+ * Download: http://postgresql.org/download
+ * Release Notes: http://www.postgresql.org/docs/current/static/release.html
+
\ No newline at end of file
--- /dev/null
+The PostgreSQL Global Development Group has released a critical update to all supported versions of the PostgreSQL database system, which includes minor versions 9.3.2, 9.2.6, 9.1.11, 9.0.15, and 8.4.19. This update fixes three serious data-loss bugs affecting replication and database maintenance. All users are urged to update their installations at the earliest opportunity.
+
+The replication issue affects some users of PostgreSQL binary replication, and can cause minor data loss between the master and the standby. While not all users are affected, it is difficult to predict when the bug will occur, so we urge all users of replication and continuous backup (PITR) to update immediately. Additionally, users who had replication running under PostgreSQL minor versions 9.3.0, 9.3.1, 9.2.5, 9.1.10, or 9.0.14 should plan to take a fresh base backup of each standby after update, in order to ensure no prior data corruption already exists. More information about this issue is [on its wiki page](https://wiki.postgresql.org/wiki/Nov2013ReplicationIssue).
+
+This release also fixes two timing issues with VACUUM, which can cause old, overwritten or deleted rows to re-appear at a later date under some circumstances. Users with very high transaction rates, particularly those who experience "transaction ID wraparound" every few weeks or less, are the most at risk for this issue. Those users should set vacuum_freeze_table_age to 0, and run a database-wide VACUUM after the update. The second of the two VACUUM issues affects only 9.3, making it expecially important for 9.3 users to update.
+
+Additional fixes included in this release, some of which only affect version 9.3, include:
+
+* Prevent "lock already held" error.
+* Resolve race conditions in timeout management, which could cause server lockup.
+* Fix minor bugs with HOT updates and the Visibility Map.
+* Prevent pg_multixact storage growth on standbys.
+* Fix bug in GIN indexes which caused transient query failures.
+* Remove issue which caused SP-GiST index creation to hang
+* Fix assorted bugs in Materialized Views.
+* Restore ability to use duplicate table aliases in complex queries.
+* Fix two bugs in subquery optimization.
+* Allow pg_receivexlog to resume streaming when more than 4GB of logs are generated.
+* Prevent planner crash on whole-row references.
+* Prevent premature deletion of temporary files.
+* Patch multiple minor memory leaks.
+* Suppress display of dropped columns for CHECK and NOT NULL constraint violations.
+* Allow default and named arguments for window functions.
+* Return a valid JSON value when converting an empty HStore string.
+* Fix GMT timezone offset.
+* Report out-of-disk-space error correctly during pg_upgrade.
+* Time zone updates for several time zones.
+
+Additional changes and details of some of the above issues can be found in the Release Notes.
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * [Download](http://postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+
\ No newline at end of file
--- /dev/null
+The PostgreSQL Global Development Group has released a critical update to all supported versions of the PostgreSQL database system, which includes minor versions 9.3.2, 9.2.6, 9.1.11, 9.0.15, and 8.4.19. This update fixes three serious data-loss bugs affecting replication and database maintenance. All users are urged to update their installations at the earliest opportunity.
+
+The replication issue affects some users of PostgreSQL binary replication, and can cause minor data loss between the master and the standby. While not all users are affected, it is difficult to predict when the bug will occur, so we urge all users of replication and continuous backup (PITR) to update immediately. Additionally, users who had replication running under PostgreSQL minor versions 9.3.0, 9.3.1, 9.2.5, 9.1.10, or 9.0.14 should plan to take a fresh base backup of each standby after update, in order to ensure no prior data corruption already exists. More information about this issue is on its wiki page (https://wiki.postgresql.org/wiki/Nov2013ReplicationIssue).
+
+This release also fixes two timing issues with VACUUM, which can cause old, overwritten or deleted rows to re-appear at a later date under some circumstances. Users with very high transaction rates, particularly those who experience "transaction ID wraparound" every few weeks or less, are the most at risk for this issue. Those users should set vacuum_freeze_table_age to 0, and run a database-wide VACUUM after the update. The second of the two VACUUM issues affects only 9.3, making it expecially important for 9.3 users to update.
+
+Additional fixes included in this release, some of which only affect version 9.3, include:
+
+* Prevent "lock already held" error.
+* Resolve race conditions in timeout management, which could cause server lockup.
+* Fix minor bugs with HOT updates and the Visibility Map.
+* Prevent pg_multixact storage growth on standbys.
+* Fix bug in GIN indexes which caused transient query failures.
+* Remove issue which caused SP-GiST index creation to hang
+* Fix assorted bugs in Materialized Views.
+* Restore ability to use duplicate table aliases in complex queries.
+* Fix two bugs in subquery optimization.
+* Allow pg_receivexlog to resume streaming when more than 4GB of logs are generated.
+* Prevent planner crash on whole-row references.
+* Prevent premature deletion of temporary files.
+* Patch multiple minor memory leaks.
+* Suppress display of dropped columns for CHECK and NOT NULL constraint violations.
+* Allow default and named arguments for window functions.
+* Return a valid JSON value when converting an empty HStore string.
+* Fix GMT timezone offset.
+* Report out-of-disk-space error correctly during pg_upgrade.
+* Time zone updates for several time zones.
+
+Additional changes and details of some of the above issues can be found in the Release Notes.
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * Download: http://postgresql.org/download
+ * Release Notes: http://www.postgresql.org/docs/current/static/release.html
+
\ No newline at end of file
--- /dev/null
+The PostgreSQL Global Development Group has released an important update to all supported versions of the PostgreSQL database system, which includes minor versions 9.3.3, 9.2.7, 9.1.12, 9.0.16, and 8.4.20. This update contains fixes for multiple security issues, as well as several fixes for replication and data integrity issues. All users are urged to update their installations at the earliest opportunity, especially those using binary replication or running a high-security application.
+
+Security Fixes
+--------------
+
+This update fixes [CVE-2014-0060](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060), in which PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for ROLE management. Before this fix, any member of a ROLE was able to grant others access to the same ROLE regardless if the member was given the WITH ADMIN OPTION permission. It also fixes multiple privilege escalation issues, including: [CVE-2014-0061](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061), [CVE-2014-0062](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062), [CVE-2014-0063](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063), [CVE-2014-0064](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064), [CVE-2014-0065](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065), and [CVE-2014-0066](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066). More information on these issues can be found on [our security page](http://www.postgresql.org/support/security/) and [the security issue detail wiki page](http://wiki.postgresql.org/wiki/20140220securityrelease).
+
+With this release, we are also alerting users to a known security
+hole that allows other users on the same machine to gain access to an
+operating system account while it is doing "make check": [CVE-2014-0067](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0067). "Make check" is normally part of building PostgreSQL from source code. As it is not possible to fix this issue without causing significant issues to our testing infrastructure, a patch will be released separately and publicly. Until then, users are strongly advised not to run "make check" on machines where untrusted users have accounts.
+
+Replication and Data Integrity Fixes
+------------------------------------
+
+This update also fixes some issues which affect binary replication and row locking, and can cause recoverable data corruption in some cases. There are several fixes to index page locking issue during replication which can cause indexes on the replica to be corrupted. There is a fix to a transaction freezing bug in version 9.3 which could cause databases which cycled through transaction ID wraparound several times to have old row versions reappear. We have also fixed three bugs which could cause new standbys to fail to start up. Finally, this update fixes an issue which could break foreign keys, although the keys themselves will still need to be fixed manually after applying the update.
+
+In version 9.3, these fixes result in the addition of several new server configuration settings to control multixact freezing. Importantly, standby servers must be updated to 9.3.3 or later before the replication master is updated, or replication will be broken.
+
+Other Improvements
+------------------
+
+In addition to the above, the following issues are fixed in this release:
+
+* Fix WAL logging of visibility map change
+* Make sure that GIN indexes log all insertions
+* Get pause_at_recovery_target to pause at correct time
+* Ensure walreceiver sends hot-standby feedback messages on time
+* Prevent timeout interrupts from taking control away from mainline code
+* Eliminate several race conditions
+* Fix some broken HINTs in error messages
+* Prevent server lockup on SSL connection loss
+* Fix two Unicode handling issues
+* Prevent crash on certain subselect syntax
+* Prevent crash on select from zero column table
+* Fix two bugs with LATERAL
+* Fix issue with UNION ALL, partitioning, and updates
+* Ensure that ANALYZE understands domains over ranges
+* Eliminate permissions check when using default tablespace
+* Fix memory leakage in JSON functions
+* Allow extensions with event triggers
+* Distinguish numbers correctly in JSON output
+* Fix permissions for pg_start_backup() and pg_stop_backup()
+* Accept SHIFT_JIS as locale name
+* Fix .* expansion for SQL function variables
+* Prevent infinite loop on some COPY connection failures
+* Several fixes for client issues on Windows
+* Enable building PostgreSQL with Visual Studio 2013
+* Update time zone files for recent changes
+
+There are also fixes to all of the following optional modules (extensions): ECPG, dblink, ISN, pgbench, pg_stat_statements and postgres_fdw. Additional changes and details of some of the above issues can be found in the Release Notes.
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * [Download](http://postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+ * [Security Page](http://www.postgresql.org/support/security/)
+ * [Security Issue Detail Page](http://wiki.postgresql.org/wiki/20140220securityrelease).
\ No newline at end of file
--- /dev/null
+The PostgreSQL Global Development Group has released an important update to all supported versions of the PostgreSQL database system, which includes minor versions 9.3.3, 9.2.7, 9.1.12, 9.0.16, and 8.4.20. This update contains fixes for multiple security issues, as well as several fixes for replication and data integrity issues. All users are urged to update their installations at the earliest opportunity, especially those using binary replication or running a high-security application.
+
+Security Fixes
+--------------
+
+This update fixes CVE-2014-0060, in which PostgreSQL did not properly
+enforce the WITH ADMIN OPTION permission for ROLE management. Before
+this fix, any member of a ROLE was able to grant others access to the
+same ROLE regardless if the member was given the WITH ADMIN OPTION
+permission. It also fixes multiple privilege escalation issues,
+including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
+CVE-2014-0065, and CVE-2014-0066. More information on these issues can
+be found on our security page and the security issue detail wiki page.
+
+With this release, we are also alerting users to a known security
+hole that allows other users on the same machine to gain access to an
+operating system account while it is doing "make check": CVE-2014-0067. "Make check" is normally part of building PostgreSQL from source code. As it is not possible to fix this issue without causing significant issues to our testing infrastructure, a patch will be released separately and publicly. Until then, users are strongly advised not to run "make check" on machines where untrusted users have accounts.
+
+Replication and Data Integrity Fixes
+------------------------------------
+
+This update also fixes some issues which affect binary replication and row locking, and can cause recoverable data corruption in some cases. There are several fixes to index page locking issue during replication which can cause indexes on the replica to be corrupted. There is a fix to a transaction freezing bug in version 9.3 which could cause databases which cycled through transaction ID wraparound several times to have old row versions reappear. We have also fixed three bugs which could cause new standbys to fail to start up. Finally, this update fixes an issue which could break foreign keys, although the keys themselves will still need to be fixed manually after applying the update.
+
+In version 9.3, these fixes result in the addition of several new server configuration settings to control multixact freezing. Importantly, standby servers must be updated to 9.3.3 or later before the replication master is updated, or replication will be broken.
+
+Other Improvements
+------------------
+
+In addition to the above, the following issues are fixed in this release:
+
+* Fix WAL logging of visibility map change
+* Make sure that GIN indexes log all insertions
+* Get pause_at_recovery_target to pause at correct time
+* Ensure walreceiver sends hot-standby feedback messages on time
+* Prevent timeout interrupts from taking control away from mainline code
+* Eliminate several race conditions
+* Fix some broken HINTs in error messages
+* Prevent server lockup on SSL connection loss
+* Fix two Unicode handling issues
+* Prevent crash on certain subselect syntax
+* Prevent crash on select from zero column table
+* Fix two bugs with LATERAL
+* Fix issue with UNION ALL, partitioning, and updates
+* Ensure that ANALYZE understands domains over ranges
+* Eliminate permissions check when using default tablespace
+* Fix memory leakage in JSON functions
+* Allow extensions with event triggers
+* Distinguish numbers correctly in JSON output
+* Fix permissions for pg_start_backup() and pg_stop_backup()
+* Accept SHIFT_JIS as locale name
+* Fix .* expansion for SQL function variables
+* Prevent infinite loop on some COPY connection failures
+* Several fixes for client issues on Windows
+* Enable building PostgreSQL with Visual Studio 2013
+* Update time zone files for recent changes
+
+There are also fixes to all of the following optional modules (extensions): ECPG, dblink, ISN, pgbench, pg_stat_statements and postgres_fdw. Additional changes and details of some of the above issues can be found in the Release Notes.
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * [Download](http://postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+ * [Security Page](http://www.postgresql.org/support/security/)
+ * [Security Issue Detail Page](http://wiki.postgresql.org/wiki/20140220securityrelease).
\ No newline at end of file
--- /dev/null
+= 2014-02-20 Consolidated Security Update =
+
+The 2014-02-20 update contains fixes for multiple security issues. Most of these are "Class C" security issues, meaning that they require prior valid login for privilege escalation. Some also require additional database conditions to be true in order to be exploited. One fix below breaks backwards compatibility in a way that complies with our documentation but not with past behavior.
+
+Summaries below provided by Noah Misch and Tom Lane.
+
+== Vulnerability during "make check" ==
+
+[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0067 CVE-2014-0067] PostgreSQL: Vulnerability during "make check"
+
+'''This issue is not fixed in this release.'''
+
+We are posting it in the interests of transparency, and so that database administrators and security staff will take the appropriate measures to secure their servers.
+
+=== Explanation ===
+
+The PostgreSQL Global Development Group security team has discovered a
+vulnerability in the scripts that orchestrate PostgreSQL
+test suites that validate the functionality of the PostgreSQL binaries.
+While a test suite is running, a user with interactive access to the system
+can hijack the operating system user account running
+the suite. Only users who run "make check" on a system they share with
+untrusted users are at risk. A future set of update releases will fix
+this vulnerability, though there will be no need to reinstall existing
+deployments. In the meantime, users are advised to run the test suites
+only on non-shared systems or under operating system user accounts
+dedicated to the task of running test suites.
+
+This vulnerability arises from the test scripts' use of "initdb" to create
+a PostgreSQL database cluster permitting local "trust" authentication.
+User-crafted workflows doing the same will exhibit the same vulnerability.
+We recommend studying automated usage of initdb in your own software. If
+a procedure in question could run on a system shared with untrusted users,
+follow the same precautions around that procedure as for the PostgreSQL
+test suites. The fix for PostgreSQL itself will establish a secure
+pattern for automating initdb, which you can later adopt.
+
+On Unix-like platforms the attacker needs to be able to reach the server's
+socket file, so the risk depends on where the platform places the socket
+file and whether there are filesystem permissions protections in place.
+On Windows, the server opens a locally-accessible TCP socket, so there is
+no possibility of ameliorating the risk through filesystem permissions.
+
+The changes required to make this situation safer are expected to be
+somewhat invasive and might break user-crafted testing workflows.
+Therefore, the PostgreSQL project will not actually be supplying a fix on
+20-Feb, merely announcing that there is a problem and recommending that
+users not use "make check" on machines shared with untrusted users. Suitable changes to the regression testing setup will subsequently
+be debated publicly and can be expected to be incorporated in future
+releases.
+
+The PostgreSQL project thanks Noah Misch for reporting this problem.
+
+== SET ROLE bypasses lack of ADMIN OPTION ==
+
+[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060 CVE-2014-0060] PostgreSQL: SET ROLE bypasses lack of ADMIN OPTION
+
+'''This change will break backwards compatibility for users who were expecting the prior, broken behavior. The new behavior is in compliance with the documentation.'''
+
+=== Explanation ===
+
+Enforce ADMIN OPTION restrictions.
+
+Granting a role without ADMIN OPTION is supposed to prevent the grantee
+from adding or removing members from the granted role. Issuing SET ROLE
+before the GRANT bypassed that, because the role itself had an implicit
+right to add or remove members. This issue was fixed by recognizing that
+implicit right only when the session user matches the current role.
+Additionally, do not recognize it during a security-restricted operation
+or during execution of a SECURITY DEFINER function. The restriction on
+SECURITY DEFINER is not security-critical. However, it seems best for a
+user testing his or her own SECURITY DEFINER function to see the same behavior
+others will see. Affects all supported versions back to 8.4.
+
+The SQL standards do not conflate roles and users as PostgreSQL does;
+only SQL roles have members, and only SQL users initiate sessions. An
+application using PostgreSQL users and roles as SQL users and roles will
+never attempt to grant membership in the role that is the session user,
+so the implicit right to add or remove members will never arise.
+
+The security impact was mostly that a role member could revoke access
+from others, contrary to the wishes of the role member's grantor. Unapproved
+role member additions are less notable, because the member can still largely
+achieve that by creating a view or a SECURITY DEFINER function.
+
+The PostgreSQL project thanks Noah Misch and Jonas Sundman for reporting
+this problem.
+
+== Language validators are accessible for everyone ==
+
+[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061 CVE-2014-0061] PostgreSQL: Privilege escalation via explicit calls to validator functions
+
+=== Explanation ===
+
+PostgreSQL procedural languages (PLs) normally provide a "validator"
+function that performs creation-time checking of syntax etc. for
+functions written in that language. These validator functions can
+be called directly from SQL, too, which is intended to allow post-facto
+checking of existing function definitions. However, unexpected and
+possibly insecure results could be obtained by feeding the text of a
+function defined in one language to the validator for another language.
+Moreover, in many languages the validator might perform some limited amount
+of code execution, opening the possibility of an attacker executing
+code without permission. The security impact is thus that an authenticated
+database user might be able to escalate his or her privileges.
+
+The fix will cause validator functions to throw an error when used
+against a function defined in another language, or against a function
+the current user doesn't have permissions to call.
+
+While the PostgreSQL project will fix the validator functions in PLs
+distributed with PostgreSQL, the same two-line fix will be needed in
+validator functions of PLs developed externally. There are many
+such extensions and we cannot be certain that all of their developers
+will respond promptly.
+
+The PostgreSQL project thanks Andres Freund for reporting this problem.
+
+== Race condition in CREATE INDEX allows for privilege escalation ==
+
+[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062 CVE-2014-0062] PostgreSQL: Race condition in CREATE INDEX allows for privilege escalation
+
+=== Description ===
+
+CREATE INDEX, and some ALTER TABLE statements, did multiple
+independent lookups of the table the index is
+supposed to be created on. Concurrent creation or deletion of another
+table of the same name (but in a different schema) might cause some of
+these lookups to find one table and some the other table. This allows
+effects such as creating an index on a table one doesn't own, thus
+exposing data to the calling user that should not be able to access. Though
+the race condition window is not wide, a user who can make many
+attempts at exploiting the race condition can do so without much difficulty.
+This vulnerability exists in all affected versions, but is more easily exploited in 9.2 and 9.3.
+
+The PostgreSQL project thanks Andres Freund for reporting this problem.
+
+== Potential Buffer Overruns in Datetime Input/Output ==
+
+* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063 CVE-2014-0063] PostgreSQL: Potential buffer overruns in datetime input/output
+
+=== Descriptions ===
+
+Many functions use the MAXDATELEN constant to size a buffer for parsing
+or displaying a datetime value. However, the buffer was much too small
+for the longest possible interval output and slightly too small for certain valid
+timestamp inputs, particularly input with a long timezone name.
+Inputs that were too long would be rejected needlessly, while outputs
+that were too long would result in stack corruption, which could crash
+the server and could be exploitable for arbitrary code execution.
+
+The PostgreSQL project thanks Daniel Schüssler for reporting this problem.
+
+== Potential Buffer Overruns of Fixed-Size Buffers ==
+
+* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065 CVE-2014-0065] PostgreSQL: Potential buffer overruns of fixed-size buffers
+
+=== Explanation ===
+
+Coverity Scan identified a number of places in which it could not prove that a
+string being copied into a fixed-size buffer would fit. We believe that
+most, perhaps all of these, are in fact safe or are copying data that is
+coming from a trusted source so that any overrun is not really a
+security issue. Nonetheless it seems prudent to forestall any risk by
+using strlcpy() and similar functions.
+
+The PostgreSQL project thanks Peter Eisentraut and Jozef Mlich for reporting
+this problem.
+
+== Potential null pointer dereference crash when crypt(3) returns NULL ==
+
+[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066 CVE-2014-0066] PostgreSQL: Potential null pointer dereference crash when crypt(3) returns NULL
+
+=== Explanation ===
+
+The chkpass extension uses the standard crypt() library function, which
+is defined to return NULL on failure, but it was not checking for NULL
+before using the result. The main practical case in which this could be
+an issue is if libc is configured to refuse to execute unapproved
+hashing algorithms ("FIPS mode").
+
+The PostgreSQL project thanks Honza Horak for reporting this problem.
+
+== Buffer overflow in path_in() ==
+
+* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064 CVE-2014-0064] PostgreSQL: Potential buffer overruns due to integer overflow in size calculations
+
+=== Description ===
+
+Predict integer overflow to avoid buffer overruns.
+
+Several functions, mostly type input functions, calculated an allocation
+size such that the calculation wrapped to a small positive value when
+arguments implied a sufficiently-large requirement. Writes past the end
+of the inadvertent small allocation followed shortly thereafter.
+Coverity Scan identified the path_in() vulnerability; code inspection led to
+the rest. In passing, add check_stack_depth() to prevent stack overflow
+in related functions.
+
+Affects all supported versions back to 8.4. The non-comment hstore
+changes touch code that did not exist in 8.4, so that part stops at 9.0.
\ No newline at end of file
--- /dev/null
+The PostgreSQL Global Development Group has released an update to all supported version of the database system, including versions 9.3.4, 9.2.8, 9.1.13, 9.0.17, and 8.4.21. This minor release fixes a data corruption issue with replication and crash recovery in version 9.3, as well as several other minor issues in all versions. All users of version 9.3 are urged to update their installations at the next possible downtime. Users of older versions should update at their convenience.
+
+The data corruption issue in PostgreSQL 9.3 affects binary replication standbys, servers being recovered from point-in-time-recovery backup, and standalone servers which recover from a system crash. The bug causes unrecoverable index corruption during recovery due to incorrect replay of row locking operations. This can then cause query results to be inconsistent depending on whether or not an index is used, and eventually lead to primary key violations and similar issues. For this reason, users are encouraged to replace each of their standby databases with a new base backup after applying the update.
+
+Other PostgreSQL 9.3-only fixes in this update include:
+
+* Make sure that statistics files for dropped databases get deleted
+* Allow materialized views to be referenced in UPDATE and DELETE queries
+* Add read-only data_checksum parameter
+* Prevent erroneous operator push-down in postgres_fdw
+
+This release resolves some other issues in all versions of PostgreSQL, including:
+
+* Fix timing consistency issue with NOTIFY
+* Allow regular expression execution to be cancelled
+* Improve performance of index checks for newly added rows
+* Prevent premature walsender disconnection
+* Prevent memory errors on newer Windows versions
+* Update timezone files
+
+Additional changes and details of some of the above issues can be found in the Release Notes. Two of the issues which affect version 9.3 have additional information on the 9.3.4 Update Wiki Page.
+
+Users of version 8.4 should note that it will reach End-of-Life (EOL) three months from now, per our [Versioning Policy](http://www.postgresql.org/support/versioning/). This means that this is likely to be the next-to-last update for version 8.4, and users should be planning to upgrade to a newer version of PostgreSQL.
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * [Download](http://postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+ * [9.3.4 Update Wiki Page](https://wiki.postgresql.org/wiki/20140320UpdateIssues)
--- /dev/null
+The PostgreSQL Global Development Group has released an update to all supported version of the database system, including versions 9.3.4, 9.2.8, 9.1.13, 9.0.17, and 8.4.21. This minor release fixes a data corruption issue with replication and crash recovery in version 9.3, as well as several other minor issues in all versions. All users of version 9.3 are urged to update their installations at the next possible downtime. Users of older versions should update at their convenience.
+
+The data corruption issue in PostgreSQL 9.3 affects binary replication standbys, servers being recovered from point-in-time-recovery backup, and standalone servers which recover from a system crash. The bug causes unrecoverable index corruption during recovery due to incorrect replay of row locking operations. This can then cause query results to be inconsistent depending on whether or not an index is used, and eventually lead to primary key violations and similar issues. For this reason, users are encouraged to replace each of their standby databases with a new base backup after applying the update.
+
+Other PostgreSQL 9.3-only fixes in this update include:
+
+* Make sure that statistics files for dropped databases get deleted
+* Allow materialized views to be referenced in UPDATE and DELETE queries
+* Add read-only data_checksum parameter
+* Prevent erroneous operator push-down in postgres_fdw
+
+This release resolves some other issues in all versions of PostgreSQL, including:
+
+* Fix timing consistency issue with NOTIFY
+* Allow regular expression execution to be cancelled
+* Improve performance of index checks for newly added rows
+* Prevent premature walsender disconnection
+* Prevent memory errors on newer Windows versions
+* Update timezone files
+
+Additional changes and details of some of the above issues can be found in the Release Notes. Two of the issues which affect version 9.3 have additional information on the 9.3.4 Update Wiki Page.
+
+Users of version 8.4 should note that it will reach End-of-Life (EOL) three months from now, per our Versioning Policy (http://www.postgresql.org/support/versioning/). This means that this is likely to be the next-to-last update for version 8.4, and users should be planning to upgrade to a newer version of PostgreSQL.
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * Download: http://postgresql.org/download
+ * Release Notes: http://www.postgresql.org/docs/current/static/release.html
+ * 9.3.4 Update Wiki Page: https://wiki.postgresql.org/wiki/20140320UpdateIssues
--- /dev/null
+The PostgreSQL Global Development Group has released an update to all supported version of the database system, including versions 9.3.5, 9.2.9, 9.1.14, 9.0.18, and 8.4.22. This minor release fixes a number of issues discovered and reported by users over the last four months, including some data corruption issues, and is the last update of version 8.4. Users of version 9.3 will want to update at the earliest opportunity; users of version 8.4 will want to schedule an upgrade to a supported PostgreSQL version.
+
+Among the notable issues fixed in this release are:
+
+**PostgreSQL 9.3 and pg_upgrade**: Users who upgraded to version 9.3 using pg_upgrade may have an issue with transaction information which causes VACUUM to eventually fail. These users should run the script provided in the release notes to determine if their installation is affected, and then take the remedy steps outlined there.
+
+**PostgreSQL 9.3 crash recovery**: Three issues which could compromise data integrity during crash recovery on master or standby servers in PostgreSQL 9.3 have been fixed.
+
+**GIN and GiST indexes**: Three issues with GIN and GiST indexes, used for PostGIS and full text indexing, can cause corruption or incorrect query responses. Any indexes on bit or bit varying columns should be rebuilt following the instructions in the release notes.
+
+**Security during make check**: The insecure socket permissions during "make check", reported in a previous security announcement, have now been fixed.
+
+With this release, **version 8.4 is now End-of-Life (EOL)**, per our [Versioning Policy](http://www.postgresql.org/support/versioning/). This means that no additional updates will be released for version 8.4, and users should plan to upgrade to a later version very soon.
+
+In addition the above, this update release includes the following fixes which affect multiple PostgreSQL versions:
+
+* Fix race condition with concurrent tuple updating
+* Prevent "could not find pathkey item to sort" planner error
+* Properly optimize subqueries with set-returning functions
+* Repair planner regression in optimizing AND/OR NULL
+* Fix planner handling of VARIADIC functions
+* Make json_populate_recordset handle nested JSON properly
+* Prevent corruption of TOAST values when creating complex types
+* Prevent "record type has not been registered" query error
+* Fix a possible crash condition with functions and rewinding cursors
+* Patch three memory leaks
+* Fix row checks for rows deleted by subtransactions
+* Change how pg_stat_activity displays sessions during PREPARE TRANSACTION
+* Prevent multixact ID corruption during VACUUM FULL
+* Fix indentation when displaying complex view definitions
+* Fix client hostname lookup in pg_hba.conf
+* Fix libpython linking on OSX
+* Avoid buffer bloat in libpq
+* Fix an issue with dumping materialized views
+* Fix pg_upgrade's handling of multixact IDs
+* Make sure that pgcrypto clears sensitive information from memory
+* Time zone updates for Crimea, Egypt, and Morocco
+
+Four Windows fixes are included in this release:
+
+* Prevent tablespace creation recovery errors
+* Fix detection of socket failures
+* Allow users to change parameters after startup
+* Properly quote executable names so they don't fail
+
+A few of the issues above require post-update steps to be carried out by affected users. Please see the release notes for details.
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * [Download Updates](http://postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+
--- /dev/null
+The PostgreSQL Global Development Group has released an update to all supported version of the database system, including versions 9.3.5, 9.2.9, 9.1.14, 9.0.18, and 8.4.22. This minor release fixes a number of issues discovered and reported by users over the last four months, including some data corruption issues, and is the last update of version 8.4. Users of version 9.3 will want to update at the earliest opportunity; users of version 8.4 will want to schedule an upgrade to a supported PostgreSQL version.
+
+Among the notable issues fixed in this release are:
+
+**PostgreSQL 9.3 and pg_upgrade**: Users who upgraded to version 9.3 using pg_upgrade may have an issue with transaction information which causes VACUUM to eventually fail. These users should run the script provided in the release notes to determine if their installation is affected, and then take the remedy steps outlined there.
+
+**PostgreSQL 9.3 crash recovery**: Three issues which could compromise data integrity during crash recovery on master or standby servers in PostgreSQL 9.3 have been fixed.
+
+**GIN and GiST indexes**: Three issues with GIN and GiST indexes, used for PostGIS and full text indexing, can cause corruption or incorrect query responses. Any indexes on bit or bit varying columns should be rebuilt following the instructions in the release notes.
+
+**Security during make check**: The insecure socket permissions during "make check", reported in a previous security announcement, have now been fixed.
+
+With this release, **version 8.4 is now End-of-Life (EOL)**, per our [Versioning Policy](http://www.postgresql.org/support/versioning/). This means that no additional updates will be released for version 8.4, and users should plan to upgrade to a later version very soon.
+
+In addition the above, this update release includes the following fixes which affect multiple PostgreSQL versions:
+
+* Fix race condition with concurrent tuple updating
+* Prevent "could not find pathkey item to sort" planner error
+* Properly optimize subqueries with set-returning functions
+* Repair planner regression in optimizing AND/OR NULL
+* Fix planner handling of VARIADIC functions
+* Make json_populate_recordset handle nested JSON properly
+* Prevent corruption of TOAST values when creating complex types
+* Prevent "record type has not been registered" query error
+* Fix a possible crash condition with functions and rewinding cursors
+* Patch three memory leaks
+* Fix row checks for rows deleted by subtransactions
+* Change how pg_stat_activity displays sessions during PREPARE TRANSACTION
+* Prevent multixact ID corruption during VACUUM FULL
+* Fix indentation when displaying complex view definitions
+* Fix client hostname lookup in pg_hba.conf
+* Fix libpython linking on OSX
+* Avoid buffer bloat in libpq
+* Fix an issue with dumping materialized views
+* Fix pg_upgrade's handling of multixact IDs
+* Make sure that pgcrypto clears sensitive information from memory
+* Time zone updates for Crimea, Egypt, and Morocco
+
+Four Windows fixes are included in this release:
+
+* Prevent tablespace creation recovery errors
+* Fix detection of socket failures
+* Allow users to change parameters after startup
+* Properly quote executable names so they don't fail
+
+A few of the issues above require post-update steps to be carried out by affected users. Please see the release notes for details.
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * [Download Updates](http://postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+
--- /dev/null
+The PostgreSQL Global Development Group has released an important update with fixes for multiple security issues to all supported versions of the PostgreSQL database system, which includes minor versions 9.4.1, 9.3.6, 9.2.10, 9.1.15, and 9.0.19. This update includes both security fixes and fixes for issues discovered since the last release. In particular for the 9.4 update, there is a change to the way unicode strings are escaped for the JSON and JSONB data types.
+
+All users should update their PostgreSQL installation at the next opportunity.
+
+Security Fixes
+--------------
+
+This update fixes multiple security issues reported in PostgreSQL over the past few months. All of these issues require prior authentication, and some require additional conditions, and as such are not considered generally urgent. However, users should examine the list of security holes patched below in case they are particularly vulnerable.
+
+* [CVE-2015-0241](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241) Buffer overruns in "to_char" functions.
+* [CVE-2015-0242](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0242) Buffer overrun in replacement printf family of functions.
+* [CVE-2015-0243](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243) Memory errors in functions in the pgcrypto extension.
+* [CVE-2015-0244](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244) An error in extended protocol message reading.
+* [CVE-2014-8161](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161) Constraint violation errors can cause display of values in columns which the user would not normally have rights to see.
+
+This update also fixes the previously reported problem that, during regression testing on Windows, the test postmaster process was vulnerable to unauthorized connections. This vulnerability was fixed on non-Windows platforms in the prior update releases.
+
+More information about these issues, as well as older patched issues, is available on the PostgreSQL Security Page.
+
+JSON and JSONB Unicode Escapes
+------------------------------
+
+The handling of Unicode escape strings for JSON and JSONB in PostgreSQL 9.4.0 has been changed in a way which may break compatibility for some users. To fix some inconsistencies, type JSONB no longer accepts the escape sequence "\u0000". Type JSON accepts "\u0000" only in contexts where it does not need to be converted to de-escaped form. See the release notes for more detail.
+
+Other Fixes and Improvements
+----------------------------
+
+In addition to the above, more than 60 reported issues have been fixed in this cumulative update release. Some of them affect only version 9.4, but many of them fix problems present in older versions. These fixes include:
+
+* Cope with the non-ASCII Norwegian Windows locale name.
+* Avoid data corruption when databases are moved to new tablespaces and back again.
+* Ensure that UNLOGGED tables are correctly copied during ALTER DATABASE operations.
+* Avoid deadlocks when locking recently modified rows.
+* Fix two SELECT FOR UPDATE query issues.
+* Prevent false negative for shortest-first regular expression matches.
+* Fix false positives and negatives in tsquery contains operator.
+* Fix namespace handling in xpath().
+* Prevent row-producing functions from creating empty column names.
+* Make autovacuum use per-table cost_limit and cost_delay settings.
+* When autovacuum=off, limit autovacuum work to wraparound prevention only.
+* Multiple fixes for logical decoding in 9.4.
+* Fix transient errors on hot standby queries due to page replacement.
+* Prevent duplicate WAL file archiving at end of recovery or standby promotion.
+* Prevent deadlock in parallel restore of schema-only dump.
+
+In addition to the fixes above, the following contrib modules and extensions have had bugs fixed in this release: pg_upgrade, auto_explain, hstore, pageinspect, pgcrypto, pg_test_fsync, tablefunc, and xml2. Also, multiple functions across several contrib modules have been modified with the correct level of volatility. There are also multiple cleanup fixes based on minor issues found by the Coverity Scan static analyzer.
+
+This update also contains many changes to PostgreSQL's timezone files. This includes an update to tzdata release 2015a, with updates to Chile, Mexico, Caicos Islands, and Fiji. PostgreSQL now takes date into account when assigning an offset based on a timezone abbreviation for historically changeable timezones. We have also done a general cleanup on timezone abbreviations, and added "CST" as an abbreviation for China Standard Time.
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * [Download](http://www.postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+ * [Security Page](http://www.postgresql.org/support/security/)
--- /dev/null
+The PostgreSQL Global Development Group has released an update with multiple functionality and security fixes to all supported versions of the PostgreSQL database system, which includes minor versions 9.4.2, 9.3.7, 9.2.11, 9.1.16, and 9.0.20. The update contains a critical fix for a potential data corruption issue in PostgreSQL 9.3 and 9.4; users of those versions should update their servers at the next possible opportunity.
+
+Data Corruption Fix
+-------------------
+
+For users of PostgreSQL versions 9.3 or 9.4, this release fixes a problem where the database will fail to protect against "multixact wraparound", resulting in data corruption or loss. Users with a high transaction rate (1 million or more per hour) in a database with many foreign keys are especially vulnerable. We strongly urge all users of 9.4 and 9.3 to update their installations in the next few days.
+
+Users of versions 9.2 and earlier are not affected by this issue.
+
+Security Fixes
+--------------
+
+This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable:
+
+* [CVE-2015-3165](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165) Double "free" after authentication timeout.
+* [CVE-2015-3166](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166) Unanticipated errors from the standard library.
+* [CVE-2015-3167](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167) pgcrypto has multiple error messages for decryption with an incorrect key.
+
+Additionally, we are recommending that all users who use Kerberos, GSSAPI, or SSPI authentication set include_realm to 1 in pg_hba.conf, which will become the default in future versions.
+
+More information about these issues, as well as older patched issues, is available on the PostgreSQL Security Page.
+
+Other Fixes and Improvements
+----------------------------
+
+A new, non-default version of the citext extension fixes its previously undocumented regexp_matches() functions to align with the ordinary text version of those functions. The fixed version has a different return type than the old version, so users of CIText should test their applications before updating the function by running "ALTER EXTENSION citext UPDATE".
+
+In addition to the above, more than 50 reported issues have been fixed in this cumulative update release. Most of the issues named affect all supported versions. These fixes include:
+
+* Render infinite dates and timestamps as infinity when converting to json
+* Fix json/jsonb's populate_record() and to_record()
+* Fix incorrect checking of deferred exclusion constraints
+* Improve planning of star-schema-style queries
+* Fix three issues with joins
+* Ensure correct locking with security barrier views
+* Fix deadlock at startup when max_prepared_transactions is too small
+* Recursively fsync() the data directory after a crash
+* Fix autovacuum launcher's possible failure to shut down
+* Cope with unexpected signals in LockBufferForCleanup()
+* Fix crash when doing COPY IN to a table with check constraints
+* Avoid waiting for synchronous replication of read-only transactions
+* Fix two issues with hash indexes
+* Prevent memory leaks in GIN index vacuum
+* Fix two issues with background workers
+* Several fixes to Logical Decoding replication
+* Fix several minor issues with pg_dump and pg_upgrade
+
+This release includes an update to tzdata release 2015d, with updates to Egypt, Mongolia, and Palestine, plus historical changes in Canada and Chile.
+
+9.0 EOL Soon
+------------
+
+Version 9.0 will become End-Of-Life in September 2015. This means that this update is likely to be the next-to-last update for that version. Users of PostgreSQL 9.0 should start planning to upgrade to a more current version before then. See our [versioning policy](http://www.postgresql.org/support/versioning/) for more information about EOL dates.
+
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users of the CIText extension need to run a command. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * [Download](http://www.postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+ * [Security Page](http://www.postgresql.org/support/security/)
--- /dev/null
+The PostgreSQL Global Development Group has released an update with multiple functionality and security fixes to all supported versions of the PostgreSQL database system, which includes minor versions 9.4.2, 9.3.7, 9.2.11, 9.1.16, and 9.0.20. The update contains a critical fix for a potential data corruption issue in PostgreSQL 9.3 and 9.4; users of those versions should update their servers at the next possible opportunity.
+
+Data Corruption Fix
+-------------------
+
+For users of PostgreSQL versions 9.3 or 9.4, this release fixes a problem where the database will fail to protect against "multixact wraparound", resulting in data corruption or loss. Users with a high transaction rate (1 million or more per hour) in a database with many foreign keys are especially vulnerable. We strongly urge all users of 9.4 and 9.3 to update their installations in the next few days.
+
+Users of versions 9.2 and earlier are not affected by this issue.
+
+Security Fixes
+--------------
+
+This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable:
+
+* CVE-2015-3165 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165)
+ Double "free" after authentication timeout.
+* CVE-2015-3166 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166)
+ Unanticipated errors from the standard library.
+* CVE-2015-3167 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167)
+ pgcrypto has multiple error messages for decryption with an incorrect key.
+
+Additionally, we are recommending that all users who use Kerberos, GSSAPI, or SSPI authentication set include_realm to 1 in pg_hba.conf, which will become the default in future versions.
+
+More information about these issues, as well as older patched issues, is available on the PostgreSQL Security Page.
+
+Other Fixes and Improvements
+----------------------------
+
+A new, non-default version of the citext extension fixes its previously undocumented regexp_matches() functions to align with the ordinary text version of those functions. The fixed version has a different return type than the old version, so users of CIText should test their applications before updating the function by running "ALTER EXTENSION citext UPDATE".
+
+In addition to the above, more than 50 reported issues have been fixed in this cumulative update release. Most of the issues named affect all supported versions. These fixes include:
+
+* Render infinite dates and timestamps as infinity when converting to json
+* Fix json/jsonb's populate_record() and to_record()
+* Fix incorrect checking of deferred exclusion constraints
+* Improve planning of star-schema-style queries
+* Fix three issues with joins
+* Ensure correct locking with security barrier views
+* Fix deadlock at startup when max_prepared_transactions is too small
+* Recursively fsync() the data directory after a crash
+* Fix autovacuum launcher's possible failure to shut down
+* Cope with unexpected signals in LockBufferForCleanup()
+* Fix crash when doing COPY IN to a table with check constraints
+* Avoid waiting for synchronous replication of read-only transactions
+* Fix two issues with hash indexes
+* Prevent memory leaks in GIN index vacuum
+* Fix two issues with background workers
+* Several fixes to Logical Decoding replication
+* Fix several minor issues with pg_dump and pg_upgrade
+
+This release includes an update to tzdata release 2015d, with updates to Egypt, Mongolia, and Palestine, plus historical changes in Canada and Chile.
+
+9.0 EOL Soon
+------------
+
+Version 9.0 will become End-Of-Life in September 2015. This means that this update is likely to be the next-to-last update for that version. Users of PostgreSQL 9.0 should start planning to upgrade to a more current version before then. See our versioning policy (http://www.postgresql.org/support/versioning/) for more information about EOL dates.
+
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users of the CIText extension need to run a command. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * Download (http://www.postgresql.org/download)
+ * Release Notes (http://www.postgresql.org/docs/current/static/release.html)
+ * Security Page (http://www.postgresql.org/support/security/)
--- /dev/null
+The PostgreSQL Global Development Group has released an update with multiple functionality and security fixes to all supported versions of the PostgreSQL database system, which includes minor versions 9.4.2, 9.3.7, 9.2.11, 9.1.16, and 9.0.20. The update contains a critical fix for a potential data corruption issue in PostgreSQL 9.3 and 9.4; users of those versions should update their servers at the next possible opportunity.
+
+Data Corruption Fix
+-------------------
+
+For users of PostgreSQL versions 9.3 or 9.4, this release fixes a problem where the database will fail to protect against "multixact wraparound", resulting in data corruption or loss. Users with a high transaction rate (1 million per hour) in a database with many foreign keys are especially vulnerable. We strongly urge all users of 9.4 and 9.3 to update their installations in the next few days.
+
+Users of versions 9.2 and earlier are not affected by this issue.
+
+Security Fixes
+--------------
+
+This update fixes two security holes reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are particularly vulnerable:
+
+SECURITY ISSUES REDACTED
+
+Additionally, we are recommending that all users who use Kerberos, GSSAPI, or SSPI authentication set include_realm to 1 in pg_hba.conf, which will become the default in future versions. More information about these issues, as well as older patched issues, is available on the PostgreSQL Security Page.
+
+Other Fixes and Improvements
+----------------------------
+
+A new, non-default version of the citext extension fixes its previously undocumented regexp_matches() functions to align with the ordinary text version of those functions. The fixed version has a different return type than the old version, so users of CIText should test their applications before updating the function by running "ALTER EXTENSION citext UPDATE".
+
+In addition to the above, more than 50 reported issues have been fixed in this cumulative update release. Most of the issues named affect all supported versions. These fixes include:
+
+* Render infinite dates and timestamps as infinity when converting to json
+* Fix json/jsonb's populate_record() and to_record()
+* Fix incorrect checking of deferred exclusion constraints
+* Improve planning of star-schema-style queries
+* Fix three issues with joins
+* Ensure correct locking with security barrier views
+* Fix deadlock at startup when max_prepared_transactions is too small
+* Recursively fsync() the data directory after a crash
+* Fix autovacuum launcher's possible failure to shut down
+* Cope with unexpected signals in LockBufferForCleanup()
+* Fix crash when doing COPY IN to a table with check constraints
+* Avoid waiting for synchronous replication of read-only transactions
+* Fix two issues with hash indexes
+* Prevent memory leaks in GIN index vacuum
+* Fix two issues with background workers
+* Several fixes to Logical Decoding replication
+* Fix several minor issues with pg_dump and pg_upgrade
+
+This release includes an update to tzdata release 2015d, with updates to Egypt, Mongolia, and Palestine, plus historical changes in Canada and Chile.
+
+9.0 EOL Soon
+------------
+
+Version 9.0 will become End-Of-Life in September 2015. This means that this update is likely to be the next-to-last update for that version. Users on PostgreSQL 9.0 should start planning to upgrade to a more current version before then. See our [versioning policy](http://www.postgresql.org/support/versioning/) for more information about EOL dates.
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users of the CIText extension need to run a command. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * [Download](http://www.postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+ * [Security Page](http://www.postgresql.org/support/security/)
--- /dev/null
+2015-06-04 Update Release
+=========================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.4.3, 9.3.8, 9.2.12, 9.1.17 and 9.0.21. This release primarily fixes a startup failure problem created by the prior update release, and should be installed by all users who applied that release.
+
+File Permissions Fix
+---------------------
+
+The 2015-05-22 update release added an anti-corruption step which will fsync all files in the data directory on restart after a crash. This caused PostgreSQL to fail to start if it encountered any file permissions issues. The problem is now fixed. Find out more [on the PostgreSQL wiki](https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug).
+
+
+Other Fixes and Improvements
+----------------------------
+In addition to the above, a few other minor issues were patched in this release. These fixes include:
+
+* Have pg_get_functiondef() show the LEAKPROOF property
+* Make pushJsonbValue() function push jbvBinary type
+* Allow building with threaded Python on OpenBSD
+
+Update Release Schedule
+------------------------
+
+The PostgreSQL developers are currently working hard to fix a few known issues discovered in the past couple of weeks. As such, we expect to release another update once a solution for those issues is complete and tested. The PostgreSQL project apologizes for any inconvenience from the frequent releases. We are prioritizing getting important fixes to our users as soon as possible.
+
+Updating
+--------
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * [Download](http://www.postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
--- /dev/null
+2015-06-04 Update Release
+=========================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.4.3, 9.3.8, 9.2.12, 9.1.17 and 9.0.21. This release primarily fixes a startup failure problem created by the prior update release, and should be installed by all users who applied that release.
+
+File Permissions Fix
+---------------------
+
+The 2015-05-22 update release added an anti-corruption step which will fsync all files in the data directory on restart after a crash. This caused PostgreSQL to fail to start if it encountered any file permissions issues. The problem is now fixed. Find out more on the PostgreSQL wiki: https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug.
+
+
+Other Fixes and Improvements
+----------------------------
+In addition to the above, a few other minor issues were patched in this release. These fixes include:
+
+* Have pg_get_functiondef() show the LEAKPROOF property
+* Make pushJsonbValue() function push jbvBinary type
+* Allow building with threaded Python on OpenBSD
+
+Update Release Schedule
+------------------------
+
+The PostgreSQL developers are currently working hard to fix a few known issues discovered in the past couple of weeks. As such, we expect to release another update once a solution for those issues is complete and tested. The PostgreSQL project apologizes for any inconvenience from the frequent releases. We are prioritizing getting important fixes to our users as soon as possible.
+
+Updating
+--------
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * Download: http://www.postgresql.org/download
+ * Release Notes: http://www.postgresql.org/docs/current/static/release.html
+
--- /dev/null
+2015-06-12 Update Release
+=========================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.4.4, 9.3.9, 9.2.13, 9.1.18 and 9.0.22. This release primarily fixes issues not successfully fixed in prior releases. It should be applied as soon as possible by any user who installed the May or June update releases. Other users should apply at the next available downtime.
+
+Crash Recovery Fixes
+---------------------
+
+Earlier update releases attempted to fix an issue in PostgreSQL 9.3 and 9.4 with "multixact wraparound", but failed to account for issues doing multixact cleanup during crash recovery. This could cause servers to be unable to restart after a crash. As such, all users of 9.3 and 9.4 should apply this update as soon as possible.
+
+Servers previously upgraded to PostgreSQL 9.3 using pg_upgrade, even those servers now running PostgreSQL 9.4 due to another upgrade, may experience
+an immediate autovacuum of all tables after applying this update. For large databases, consider a controlled manual VACUUM, before updating, to better
+regulate the performance consequences of this critical maintenance. Please see the [release notes](http://www.postgresql.org/docs/9.4/static/release-9-3-9.html) for details.
+
+Other Fixes and Improvements
+----------------------------
+
+In addition to the above, a few other minor issues were patched in this release. These fixes include:
+
+* Prevent failure to invalidate relation cache init file
+* Avoid deadlock between new sessions and CREATE/DROP DATABASE
+* Improve query planning for semi-joins and anti-joins
+
+Cumulative Releases
+-------------------
+
+All PostgreSQL update releases are cumulative. As this update release fixes a number of problems inadvertently introduced by fixes in earlier update releases, we strongly urge users to apply this update, rather than installing less recent updates that have known issues. As this update release closes multiple known bugs with multixact handling, the PostgreSQL Project does not anticipate additional update releases soon.
+
+Updating
+--------
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details. See also the above note for users who used pg_upgrade with PostgreSQL version 9.3.
+
+Links:
+ * [Download](http://www.postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
--- /dev/null
+2015-06-12 Update Release
+=========================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.4.4, 9.3.9, 9.2.13, 9.1.18 and 9.0.22. This release primarily fixes issues not successfully fixed in prior releases. It should be applied as soon as possible by any user who installed the May or June update releases. Other users should apply at the next available downtime.
+
+Crash Recovery Fixes
+---------------------
+
+Earlier update releases attempted to fix an issue in PostgreSQL 9.3 and 9.4 with "multixact wraparound", but failed to account for issues doing multixact cleanup during crash recovery. This could cause servers to be unable to restart after a crash. As such, all users of 9.3 and 9.4 should apply this update as soon as possible.
+
+Servers previously upgraded to PostgreSQL 9.3 using pg_upgrade, even those servers now running PostgreSQL 9.4 due to another upgrade, may experience
+an immediate autovacuum of all tables after applying this update. For large databases, consider a controlled manual VACUUM, before updating, to better
+regulate the performance consequences of this critical maintenance. Please see the release notes (http://www.postgresql.org/docs/9.4/static/release-9-3-9.html) for details.
+
+Other Fixes and Improvements
+----------------------------
+
+In addition to the above, a few other minor issues were patched in this release. These fixes include:
+
+* Prevent failure to invalidate relation cache init file
+* Avoid deadlock between new sessions and CREATE/DROP DATABASE
+* Improve query planning for semi-joins and anti-joins
+
+Cumulative Releases
+-------------------
+
+All PostgreSQL update releases are cumulative. As this update release fixes a number of problems inadvertently introduced by fixes in earlier update releases, we strongly urge users to apply this update, rather than installing less recent updates that have known issues. As this update release closes multiple known bugs with multixact handling, the PostgreSQL Project does not anticipate additional update releases soon.
+
+Updating
+--------
+
+As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details. See also the above note for users who used pg_upgrade with PostgreSQL version 9.3.
+
+Links:
+ * Download: http://www.postgresql.org/download
+ * Release Notes: http://www.postgresql.org/docs/current/static/release.html
--- /dev/null
+2015-10-08 Security Update Release
+==================================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.4.5, 9.3.10, 9.2.14, 9.1.19 and 9.0.23. This release fixes two security issues, as well as several bugs found over the last four months. Users vulnerable to the security issues should update their installations immediately; other users should update at the next scheduled downtime. This is also the final update release for major version 9.0.
+
+Security Fixes
+--------------
+
+Two security issues have been fixed in this release which affect users of specific PostgreSQL features:
+
+**CVE-2015-5289**: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service.
+
+**CVE-2015-5288**: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed.
+
+The PostgreSQL project thanks Josh Kupershmidt and Oskari Saarenmaa for reporting these issues.
+
+This update will also disable SSL renegotiation by default; previously, it was enabled by default. SSL renegotiation will be removed entirely in PostgreSQL versions 9.5 and later.
+
+Other Fixes and Improvements
+----------------------------
+
+In addition to the above, many other issues were patched in this release based on bugs reported by our users over the last few months. These fixes include:
+
+* Prevent deeply nested regex, LIKE and SIMILAR matching from crashing the server
+* Multiple other fixes with regular expression handling
+* Ensure that ALTER TABLE sets all locks for CONSTRAINT modifications
+* Fix subtransaction cleanup when a cursor fails, preventing a crash
+* Prevent deadlock during WAL insertion when commit_delay is set
+* Fix locking during updating of updatable views
+* Prevent corruption of relation cache "init file"
+* Improve performance of large SPI query results
+* Improve LISTEN startup time
+* Disable SSL renegotiation by default
+* Lower minimum for *_freeze_max_age parameters
+* Limit the maximum for wal_buffers to 2GB
+* Guard against potential stack overflows in several areas
+* Fix handling of DOW and DOY in datetime input
+* Allow regular expression queries to be canceled sooner
+* Fix assorted planner bugs
+* Fix several shutdown issues in the postmaster
+* Make anti-wraparound autovacuuming more robust
+* Fix minor issues with GIN and SP-GiST indexes.
+* Fix several issues with PL/Python, PL/Perl and PL/Tcl
+* Improve pg_stat_statements' garbage collection
+* Improve collation handling in pgsql_fdw
+* Improve libpq's handling of out-of-memory conditions
+* Prevent psql crash when there is no current connection
+* Multiple fixes to pg_dump, including file and object permissions
+* Improve handling of privileges when dumping from old PostgreSQL versions
+* Fix issues with support of Alpha, PPC, AIX and Solaris platforms
+* Fix startup issue on Windows with Chinese locale
+* Fix Windows install.bat script to handle spaces in filenames
+* Make the numeric PostgreSQL version number available to extensions
+
+This update also contains tzdata release 2015g, with updates for Cayman Islands, Fiji, Moldova, Morocco, Norfolk Island, North Korea, Turkey, Uruguay, and the new zone America/Fort_Nelson.
+
+Final Update for 9.0
+--------------------
+
+9.0.23 is the final update for major version 9.0, which is now End-Of-Life (EOL) as scheduled. Future security updates will not include version 9.0. As such, users of that version should plan to upgrade to another major version as soon as possible. For more information about the community's support policy and EOL schedule, see the [Versioning Policy](http://www.postgresql.org/support/versioning/).
+
+Updating
+--------
+
+All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * [Download](http://www.postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+ * [Security Page](http://www.postgresql.org/support/security/)
--- /dev/null
+2015-10-08 Security Update Release
+==================================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.4.5, 9.3.10, 9.2.14, 9.1.19 and 9.0.23. This release fixes two security issues, as well as several bugs found over the last four months. Users vulnerable to the security issues should update their installations immediately; other users should update at the next scheduled downtime. This is also the final update release for major version 9.0.
+
+Security Fixes
+--------------
+
+Two security issues have been fixed in this release which affect users of specific PostgreSQL features:
+
+CVE-2015-5289: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service.
+
+CVE-2015-5288: The crypt( function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed.
+
+The PostgreSQL project thanks Josh Kupershmidt and Oskari Saarenmaa for reporting these issues.
+
+This update will also disable SSL renegotiation by default; previously, it was enabled by default. SSL renegotiation will be removed entirely in PostgreSQL versions 9.5 and later.
+
+Other Fixes and Improvements
+----------------------------
+In addition to the above, many other issues were patched in this release based on bugs reported by our users over the last few months. These fixes include:
+
+* Prevent deeply nested regex, LIKE and SIMILAR matching from crashing the server
+* Multiple other fixes with regular expression handling
+* Ensure that ALTER TABLE sets all locks for CONSTRAINT modifications
+* Fix subtransaction cleanup when a cursor fails, preventing a crash
+* Prevent deadlock during WAL insertion when commit_delay is set
+* Fix locking during updating of updatable views
+* Prevent corruption of relation cache "init file"
+* Improve performance of large SPI query results
+* Improve LISTEN startup time
+* Disable SSL renegotiation by default
+* Lower minimum for *_freeze_max_age parameters
+* Limit the maximum for wal_buffers to 2GB
+* Guard against potential stack overflows in several areas
+* Fix handling of DOW and DOY in datetime input
+* Allow regular expression queries to be canceled sooner
+* Fix assorted planner bugs
+* Fix several shutdown issues in the postmaster
+* Make anti-wraparound autovacuuming more robust
+* Fix minor issues with GIN and SP-GiST indexes.
+* Fix several issues with PL/Python, PL/Perl and PL/Tcl
+* Improve pg_stat_statements' garbage collection
+* Improve collation handling in pgsql_fdw
+* Improve libpq's handling of out-of-memory conditions
+* Prevent psql crash when there is no current connection
+* Multiple fixes to pg_dump, including file and object permissions
+* Improve handling of privileges when dumping from old PostgreSQL versions
+* Fix issues with support of Alpha, PPC, AIX and Solaris platforms
+* Fix startup issue on Windows with Chinese locale
+* Fix Windows install.bat script to handle spaces in filenames
+* Make the numeric PostgreSQL version number available to extensions
+
+This update also contains tzdata release 2015g, with updates for Cayman Islands, Fiji, Moldova, Morocco, Norfolk Island, North Korea, Turkey, Uruguay, and the new zone America/Fort_Nelson.
+
+Final Update for 9.0
+--------------------
+
+9.0.23 is the final update for major version 9.0, which is now End-Of-Life (EOL as scheduled. Future security updates will not include version 9.0. As such, users of that version should plan to upgrade to another major version as soon as possible. For more information about the community's support policy and EOL schedule, see the Versioning Policy: http://www.postgresql.org/support/versioning/.
+
+Updating
+--------
+
+All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+Links:
+ * Download: http://www.postgresql.org/download
+ * Release Notes: http://www.postgresql.org/docs/current/static/release.html
+ * Security Page: http://www.postgresql.org/support/security/
--- /dev/null
+2016-03-31 Security Update Release
+==================================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.5.2, 9.4.7, 9.3.12, 9.2.16, and 9.1.21. This release fixes two security issues and one index corruption issue in version 9.5. It also contains a variety of bug fixes for earlier versions. Users of PostgreSQL 9.5.0 or 9.5.1 should update as soon as possible.
+
+Security Fixes for RLS, BRIN
+----------------------------
+
+This release closes security hole [CVE-2016-2193](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2193), where a query plan might get reused in more than one ROLE in the same session. This could cause the wrong set of Row Level Security (RLS) policies to be used for the query.
+
+The update also fixes [CVE-2016-3065](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3065), a server crash bug triggered by using `pageinspect` with BRIN index pages. Since an attacker might be able to expose a few bytes of server memory, this crash is being treated as a security issue.
+
+Abbreviated Keys and Corrupt Indexes
+------------------------------------
+
+In this release, the PostgreSQL Project has been forced to disable 9.5's Abbreviated Keys performance feature for many indexes due to reports of index corruption. This affects all B-tree indexes on TEXT, VARCHAR, and CHAR columns which are not in "C" locale. Indexes in other locales will lose the performance benefits of the feature, and should be REINDEXed in case of existing index corruption. The feature may be re-enabled in future versions if the project finds a solution for the problem. See the release notes, and [the wiki page on this issue](http://wiki.postgresql.org/abbreviatedkeys_issue) for more information.
+
+Other Fixes and Improvements
+----------------------------
+
+In addition to the above, many other issues were patched in this release based on bugs reported by our users over the last few months. This includes bugs which affect multiple versions of PostgreSQL, such as:
+
+* Fix two bugs in indexed ROW() comparisons
+* Avoid data loss due to renaming files
+* Prevent an error in rechecking rows in SELECT FOR UPDATE/SHARE
+* Fix bugs in multiple json_* and jsonb_* functions
+* Log lock waits for INSERT ON CONFLICT correctly
+* Ignore recovery_min_apply_delay until reaching a consistent state
+* Fix issue with pg_subtrans XID wraparound
+* Fix assorted bugs in Logical Decoding
+* Fix planner error with nested security barrier views
+* Prevent memory leak in GIN indexes
+* Fix two issues with ispell dictionaries
+* Avoid a crash on old Windows versions
+* Skip creating an erroneous delete script in pg_upgrade
+* Correctly translate empty arrays into PL/Perl
+* Make PL/Python cope with identifier names
+
+This update also contains tzdata release 2016c, with updates for Azerbaijan, Chile, Haiti, Palestine, and Russia, and historical fixes for other regions.
+
+Updating
+--------
+
+Users of version 9.5 will want to REINDEX any indexes they created on character columns in non-C locales. Users of other versions who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries.
+
+Links:
+ * [Download](http://www.postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+ * [Security Page](http://www.postgresql.org/support/security/)
+ * [Abbreviated Keys Issue](http://wiki.postgresql.org/abbreviatedkeys_issue)
--- /dev/null
+2016-02-11 Security Update Release
+==================================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.5.1, 9.4.6, 9.3.11, 9.2.15, and 9.1.20. This release fixes two security issues, as well as several bugs found over the last four months. Users vulnerable to the security issue should update their installations immediately; other users should update at the next scheduled downtime.
+
+Security Fixes for Regular Expressions, PL/Java
+-----------------------------------------------
+
+This release closes security hole CVE-2016-0773, an issue with regular expression (regex) parsing which can cause a denial of service. Prior code allowed users to pass in expressions which included out-of-range Unicode characters, triggering a backend crash. This issue is critical for PostgreSQL systems with untrusted users or which generate regexes based on user input.
+
+The update also fixes CVE-2016-0766, a privilege escalation issue for users of PL/Java. Certain custom configuration settings (GUCS) for PL/Java will now be modifiable only by the database superuser
+
+Other Fixes and Improvements
+----------------------------
+
+In addition to the above, many other issues were patched in this release based on bugs reported by our users over the last few months. This includes multiple fixes for new features introduced in version 9.5.0, as well as refactoring of pg_dump to eliminate a number of chronic issues with backing up EXTENSIONs. Among them are:
+
+* Fix many issues in pg_dump with specific object types
+* Prevent over-eager pushdown of HAVING clauses for GROUPING SETS
+* Fix deparsing error with ON CONFLICT ... WHERE clauses
+* Fix tableoid errors for pgsql_fdw
+* Prevent floating-point exceptions in pgbench
+* Make \det search Foreign Table names consistently
+* Fix quoting of domain constraint names in pg_dump
+* Prevent putting expanded objects into Const nodes
+* Allow compile of PL/Java on Windows
+* Prevent token leak during SSPI authentication
+* Fix "unresolved symbol" errors in PL/Python execution
+* Allow Python2 and Python3 to be used in the same database
+* Add support for Python 3.5 in PL/Python
+* Fix issue with subdirectory creation during initdb
+* Make pg_ctl report status correctly on Windows
+* Supress confusing error when using pg_receivexlog with older servers
+* Multiple documentation corrections and additions
+* Fix erroneous hash calculations in gin_extract_jsonb_path()
+
+This update also contains tzdata release 2016a, with updates for Cayman Islands, Metlakatla, Trans-Baikal Territory
+(Zabaykalsky Krai), and Pakistan.
+
+Updating
+--------
+
+Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. Users of other versions who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries.
+
+Links:
+ * Download: http://www.postgresql.org/download
+ * Release Notes: http://www.postgresql.org/docs/current/static/release.html
+ * Security Page: http://www.postgresql.org/support/security/
--- /dev/null
+2016-03-31 Security Update Release
+==================================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.5.2, 9.4.7, 9.3.12, 9.2.16, and 9.1.21. This release fixes two security issues and one index corruption issue in version 9.5. It also contains a variety of bug fixes for earlier versions. Users of PostgreSQL 9.5.0 or 9.5.1 should update as soon as possible.
+
+Security Fixes for RLS, BRIN
+----------------------------
+
+This release closes security hole [CVE-2016-2193](https://access.redhat.com/security/cve/CVE-2016-2193), where a query plan might get reused for more than one ROLE in the same session. This could cause the wrong set of Row Level Security (RLS) policies to be used for the query.
+
+The update also fixes [CVE-2016-3065](https://access.redhat.com/security/cve/CVE-2016-3065), a server crash bug triggered by using `pageinspect` with BRIN index pages. Since an attacker might be able to expose a few bytes of server memory, this crash is being treated as a security issue.
+
+Abbreviated Keys and Corrupt Indexes
+------------------------------------
+
+In this release, the PostgreSQL Project has been forced to disable 9.5's Abbreviated Keys performance feature for many indexes due to reports of index corruption. This may affect any B-tree indexes on TEXT, VARCHAR, and CHAR columns which are not in "C" locale. Indexes in other locales will lose the performance benefits of the feature, and should be REINDEXed in case of existing index corruption. The feature may be re-enabled in future versions if the project finds a solution for the problem. See the release notes, and [the wiki page on this issue](http://wiki.postgresql.org/abbreviatedkeys_issue) for more information.
+
+Other Fixes and Improvements
+----------------------------
+
+In addition to the above, many other issues were patched in this release based on bugs reported by our users over the last few months. This includes bugs which affect multiple versions of PostgreSQL, such as:
+
+* Fix two bugs in indexed ROW() comparisons
+* Avoid data loss due to renaming files
+* Prevent an error in rechecking rows in SELECT FOR UPDATE/SHARE
+* Fix bugs in multiple json_* and jsonb_* functions
+* Log lock waits for INSERT ON CONFLICT correctly
+* Ignore recovery_min_apply_delay until reaching a consistent state
+* Fix issue with pg_subtrans XID wraparound
+* Fix assorted bugs in Logical Decoding
+* Fix planner error with nested security barrier views
+* Prevent memory leak in GIN indexes
+* Fix two issues with ispell dictionaries
+* Avoid a crash on old Windows versions
+* Skip creating an erroneous delete script in pg_upgrade
+* Correctly translate empty arrays into PL/Perl
+* Make PL/Python cope with identifier names
+
+This update also contains tzdata release 2016c, with updates for Azerbaijan, Chile, Haiti, Palestine, and Russia, and historical fixes for other regions.
+
+Updating
+--------
+
+Users of version 9.5 will want to REINDEX any indexes they created on character columns in non-C locales. Users of other versions who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.
+
+All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries.
+
+Links:
+ * [Download](http://www.postgresql.org/download)
+ * [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+ * [Security Page](http://www.postgresql.org/support/security/)
+ * [Abbreviated Keys Issue](http://wiki.postgresql.org/abbreviatedkeys_issue)
--- /dev/null
+2016-05-12 Cumulative Bug Fix Release
+======================================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.5.3, 9.4.8, 9.3.13, 9.2.17 and 9.1.22. This release fixes a number of issues reported by users over the last two months. Most database administrators should plan to upgrade at the next available downtime, unless they have been affected directly by the fixed issues.
+
+Bug Fixes and Improvements
+--------------------------
+
+This update fixes several problems which caused downtime for users, including:
+
+* Clearing the OpenSSL error queue before OpenSSL calls, preventing errors in SSL
+ connections, particularly when using the Python, Ruby or PHP OpenSSL wrappers
+* Fixed the "failed to build N-way joins" planner error
+* Fixed incorrect handling of equivalence in multilevel nestloop query plans,
+ which could emit rows which didn't match the WHERE clause.
+* Prevented two memory leaks with using GIN indexes, including a potential index
+ corruption risk.
+
+The release also includes many other bug fixes for reported issues, many of which
+affect all supported versions:
+
+* Fix corner-case parser failures occurring when operator_precedence_warning is turned on
+* Prevent possible misbehavior of TH, th, and Y,YYY format codes in to_timestamp()
+* Correct dumping of VIEWs and RULEs which use ANY (array) in a subselect
+* Disallow newlines in ALTER SYSTEM parameter values
+* Avoid possible misbehavior after failing to remove a tablespace symlink
+* Fix crash in logical decoding on alignment-picky platforms
+* Avoid repeated requests for feedback from receiver while shutting down walsender
+* Multiple fixes for pg_upgrade
+* Support building with Visual Studio 2015
+
+This update also contains tzdata release 2016d, with updates for Russia, Venezuela, Kirov, and Tomsk.
+
+Updating
+--------
+
+All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped one or more update releases may need to run additional, post-update steps; please see the release notes for earlier versions for details.
+
+Links:
+* Download: http://www.postgresql.org/download
+* Release Notes: http://www.postgresql.org/docs/current/static/release.html
+* Security Page: http://www.postgresql.org/support/security/
+* Abbreviated Keys Issue: http://wiki.postgresql.org/abbreviatedkeys_issue
--- /dev/null
+2016-05-12 Cumulative Bug Fix Release
+======================================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.5.3, 9.4.8, 9.3.13, 9.2.17 and 9.1.22. This release fixes a number of issues reported by users over the last two months. Most database administrators should plan to upgrade at the next available downtime, unless they have been affected directly by the fixed issues.
+
+Bug Fixes and Improvements
+--------------------------
+
+This update fixes several problems which caused downtime for users, including:
+
+* Clearing the OpenSSL error queue before OpenSSL calls, preventing errors in SSL
+ connections, particularly when using the Python, Ruby or PHP OpenSSL wrappers
+* Fixed the "failed to build N-way joins" planner error
+* Fixed incorrect handling of equivalence in multilevel nestloop query plans,
+ which could emit rows which didn't match the WHERE clause.
+* Prevented two memory leaks with using GIN indexes, including a potential index
+ corruption risk.
+
+The release also includes many other bug fixes for reported issues, many of which
+affect all supported versions:
+
+* Fix corner-case parser failures occurring when operator_precedence_warning is turned on
+* Prevent possible misbehavior of TH, th, and Y,YYY format codes in to_timestamp()
+* Correct dumping of VIEWs and RULEs which use ANY (array) in a subselect
+* Disallow newlines in ALTER SYSTEM parameter values
+* Avoid possible misbehavior after failing to remove a tablespace symlink
+* Fix crash in logical decoding on alignment-picky platforms
+* Avoid repeated requests for feedback from receiver while shutting down walsender
+* Multiple fixes for pg_upgrade
+* Support building with Visual Studio 2015
+
+This update also contains tzdata release 2016d, with updates for Russia, Venezuela, Kirov, and Tomsk.
+
+Updating
+--------
+
+All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped one or more update releases may need to run additional, post-update steps; please see the release notes for earlier versions for details.
+
+Links:
+* [Download](http://www.postgresql.org/download)
+* [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+* [Security Page](http://www.postgresql.org/support/security/)
+* [Abbreviated Keys Issue](http://wiki.postgresql.org/abbreviatedkeys_issue)
--- /dev/null
+2016-05-12 Cumulative Bug Fix Release
+======================================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.5.3, 9.4.8, 9.3.13, 9.2.17 and 9.1.22. This release fixes a number of issues reported by users over the last two months. Most database administrators should plan to upgrade at the next available downtime, unless they have been affected directly by the fixed issues.
+
+Bug Fixes and Improvements
+--------------------------
+
+This update fixes several problems which caused downtime for users, including:
+
+* Clearing the OpenSSL error queue before OpenSSL calls, preventing errors in SSL
+ connections, particularly when using the Python, Ruby or PHP OpenSSL wrappers
+* Fixed the "failed to build N-way joins" planner error
+* Fixed incorrect handling of equivalence in multilevel nestloop query plans,
+ which could emit rows which didn't match the WHERE clause.
+* Prevented two memory leaks with using GIN indexes, including a potential index
+ corruption risk.
+
+The release also includes many other bug fixes for reported issues, many of which
+affect all supported versions:
+
+* Fix corner-case parser failures occurring when operator_precedence_warning is turned on
+* Prevent possible misbehavior of TH, th, and Y,YYY format codes in to_timestamp()
+* Correct dumping of VIEWs and RULEs which use ANY (array) in a subselect
+* Disallow newlines in ALTER SYSTEM parameter values
+* Avoid possible misbehavior after failing to remove a tablespace symlink
+* Fix crash in logical decoding on alignment-picky platforms
+* Avoid repeated requests for feedback from receiver while shutting down walsender
+* Multiple fixes for pg_upgrade
+* Support building with Visual Studio 2015
+
+This update also contains tzdata release 2016d, with updates for Russia, Venezuela, Kirov, and Tomsk.
+
+Updating
+--------
+
+All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped one or more update releases may need to run additional, post-update steps; please see the release notes for earlier versions for details.
+
+Links:
+* Download: http://www.postgresql.org/download
+* Release Notes: http://www.postgresql.org/docs/current/static/release.html
+* Security Page: http://www.postgresql.org/support/security/
+* Abbreviated Keys Issue: http://wiki.postgresql.org/abbreviatedkeys_issue
--- /dev/null
+2016-08-11 Security Update Release
+==================================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and 9.1.23. This release fixes two security issues. It also patches a number of other bugs reported over the last three months. Users who rely on security isolation between database users should update as soon as possible. Other users should plan to update at the next convenient
+downtime.
+
+Security Issues
+---------------
+
+Two security holes have been closed by this release:
+
+* [CVE-2016-5423](https://access.redhat.com/security/cve/CVE-2016-5423): certain nested CASE expressions can cause the server to crash.
+* [CVE-2016-5424](https://access.redhat.com/security/cve/CVE-2016-5424): database and role names with embedded special characters
+ can allow code injection during administrative operations like pg_dumpall.
+
+The fix for the second issue also adds an option, -reuse-previous, to
+psql's \connect command. pg_dumpall will also refuse to handle database and
+role names containing line breaks after the update. For more information on
+these issues and how they affect backwards-compatibility, see the Release Notes.
+
+Bug Fixes and Improvements
+--------------------------
+
+This update also fixes a number of bugs reported in the last few months. Some
+of these issues affect only version 9.5, but many affect all supported versions:
+
+* Fix misbehaviors of IS NULL/IS NOT NULL with composite values
+* Fix three areas where INSERT ... ON CONFLICT failed to work properly
+ with other SQL features.
+* Make INET and CIDR data types properly reject bad IPv6 values
+* Prevent crash in "point ## lseg" operator for NaN input
+* Avoid possible crash in pg_get_expr()
+* Fix several one-byte buffer over-reads in to_number()
+* Don't needlessly plan query if WITH NO DATA is specified
+* Avoid crash-unsafe state in expensive heap_update() paths
+* Fix hint bit update during WAL replay of row locking operations
+* Avoid unnecessary "could not serialize access" with FOR KEY SHARE
+* Avoid crash in postgres -C when the specified variable is a null string
+* Fix two issues with logical decoding and subtransactions
+* Ensure that backends see up-to-date statistics for shared catalogs
+* Prevent possible failure when vacuuming multixact IDs in an upgraded database
+* When a manual ANALYZE specifies columns, don't reset changes_since_analyze
+* Fix ANALYZE's overestimation of n_distinct for columns with nulls
+* Fix bug in b-tree mark/restore processing
+* Fix building of large (bigger than shared_buffers) hash indexes
+* Prevent infinite loop in GiST index build with NaN values
+* Fix possible crash during a nearest-neighbor indexscan
+* Fix "PANIC: failed to add BRIN tuple" error
+* Prevent possible crash during background worker shutdown
+* Many fixes for issues in parallel pg_dump and pg_restore
+* Make pg_basebackup accept -Z 0 as no compression
+* Make regression tests safe for Danish and Welsh locales
+
+The libpq client library has also been updated to support future two-part
+PostgreSQL version numbers. This update also contains tzdata release 2016f,
+with updates for Kemerovo, Novosibirsk, Azerbaijan, Belarus, and Morocco.
+
+EOL Warning for Version 9.1
+--------------------------
+
+PostgreSQL version 9.1 will be End-of-Life in September 2016. The project expects to only release one more update for that version. We urge users to start
+planning an upgrade to a later version of PostgreSQL as soon as possible. See our
+Versioning Policy for more information.
+
+Updating
+--------
+
+All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped one or more update releases may need to run additional, post-update steps; please see the release notes for earlier versions for details.
+
+Links:
+* [Download](http://www.postgresql.org/download)
+* [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+* [Security Page](http://www.postgresql.org/support/security/)
+* [Versioning Policy](https://www.postgresql.org/support/versioning/)
--- /dev/null
+2016-08-11 Security Update Release
+==================================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and 9.1.23. This release fixes two security issues. It also patches a number of other bugs reported over the last three months. Users who rely on security isolation between database users should update as soon as possible. Other users should plan to update at the next convenient
+downtime.
+
+Security Issues
+---------------
+
+Two security holes have been closed by this release:
+
+* CVE-2016-5423: certain nested CASE expressions can cause the server to crash.
+* CVE-2016-5424: database and role names with embedded special characters
+ can allow code injection during administrative operations like pg_dumpall.
+
+The fix for the second issue also adds an option, -reuse-previous, to
+psql's \connect command. pg_dumpall will also refuse to handle database and
+role names containing line breaks after the update. For more information on
+these issues and how they affect backwards-compatibility, see the Release Notes.
+
+Bug Fixes and Improvements
+--------------------------
+
+This update also fixes a number of bugs reported in the last few months. Some
+of these issues affect only version 9.5, but many affect all supported versions:
+
+* Fix misbehaviors of IS NULL/IS NOT NULL with composite values
+* Fix three areas where INSERT ... ON CONFLICT failed to work properly
+ with other SQL features.
+* Make INET and CIDR data types properly reject bad IPv6 values
+* Prevent crash in "point ## lseg" operator for NaN input
+* Avoid possible crash in pg_get_expr()
+* Fix several one-byte buffer over-reads in to_number()
+* Don't needlessly plan query if WITH NO DATA is specified
+* Avoid crash-unsafe state in expensive heap_update() paths
+* Fix hint bit update during WAL replay of row locking operations
+* Avoid unnecessary "could not serialize access" with FOR KEY SHARE
+* Avoid crash in postgres -C when the specified variable is a null string
+* Fix two issues with logical decoding and subtransactions
+* Ensure that backends see up-to-date statistics for shared catalogs
+* Prevent possible failure when vacuuming multixact IDs in an upgraded database
+* When a manual ANALYZE specifies columns, don't reset changes_since_analyze
+* Fix ANALYZE's overestimation of n_distinct for columns with nulls
+* Fix bug in b-tree mark/restore processing
+* Fix building of large (bigger than shared_buffers) hash indexes
+* Prevent infinite loop in GiST index build with NaN values
+* Fix possible crash during a nearest-neighbor indexscan
+* Fix "PANIC: failed to add BRIN tuple" error
+* Prevent possible crash during background worker shutdown
+* Many fixes for issues in parallel pg_dump and pg_restore
+* Make pg_basebackup accept -Z 0 as no compression
+* Make regression tests safe for Danish and Welsh locales
+
+The libpq client library has also been updated to support future two-part
+PostgreSQL version numbers. This update also contains tzdata release 2016f,
+with updates for Kemerovo, Novosibirsk, Azerbaijan, Belarus, and Morocco.
+
+EOL Warning for Version 9.1
+--------------------------
+
+PostgreSQL version 9.1 will be End-of-Life in September 2016. The project expects to only release one more update for that version. We urge users to start
+planning an upgrade to a later version of PostgreSQL as soon as possible. See our
+Versioning Policy for more information.
+
+Updating
+--------
+
+All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped one or more update releases may need to run additional, post-update steps; please see the release notes for earlier versions for details.
+
+Links:
+* Download: http://www.postgresql.org/download
+* Release Notes: http://www.postgresql.org/docs/current/static/release.html
+* Security Page: http://www.postgresql.org/support/security/
+* Versioning Policy: https://www.postgresql.org/support/versioning/
--- /dev/null
+{{ DATE_HERE }} Security Update Release
+==================================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including {{ LIST OF MINOR VERSIONS }}. This release fixes {{ NUMBER }} security issues. It also patches a number of other bugs reported over the last three months. Users who {{ AFFECTED SECURITY CONDITION }} should update as soon as possible. Other users should plan to update at the next convenient downtime.
+
+Security Issues
+---------------
+
+{{ NUMBER }} security vulnerabilities have been closed by this release:
+
+* [CVE-0000-0000](https://access.redhat.com/security/cve/CVE-0000-0000): {{ CVE_SUMMARY }}
+* [CVE-0000-0000](https://access.redhat.com/security/cve/CVE-0000-0000): {{ CVE_SUMMARY }}
+
+{{ EXTRA NOTES ON ISSUES AND BACKWARDS COMPATIBILITY }}
+
+Bug Fixes and Improvements
+--------------------------
+
+This update also fixes a number of bugs reported in the last few months. Some
+of these issues affect only version {{ CURRENT_VERSION }}, but many affect
+all supported versions:
+
+{{ LIST OF PATCHED ISSUES FROM GITLOG AND/OR RELEASE NOTES }}
+
+{{ EXTRA NOTES ON SPECIAL ISSUE IF REQUIRED }}
+
+This update also contains tzdata release {{ TZDATA_RELEASE }},
+with updates for {{ LIST OF TIME ZONES }}.
+
+{{ %IF 2 to 5 MONTHS FROM EOL }}
+EOL Warning for Version {{ EOL VERSION }}
+-----------------------------------------
+
+PostgreSQL version {{ EOL VERSION }} will be End-of-Life in {{ MONTH YEAR }}. The project expects to only release one more update for that version. We urge users to start planning an upgrade to a later version of PostgreSQL as soon as possible. See our Versioning Policy for more information.
+
+{{ %ENDIF }}
+
+{{ %IF 0 to 1 MONTHS FROM EOL }}
+EOL Notice for Version {{ EOL VERSION }}
+-----------------------------------------
+
+PostgreSQL version {{ EOL VERSION }} is now End-of-Life (EOL). No additional updates or security patches
+will be released by the community for this version. Users still on {{ EOL VERSION }}
+are urged to upgrade as soon as possible. See our Versioning Policy for more information.
+
+{{ %ENDIF }}
+
+Updating
+--------
+
+All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries.
+{{ %IF POST-UPDATE STEPS }}
+After update, users will need to {{ BRIEF DESC OF UPDATE STEPS }}. See the Release Notes for more details.
+{{ %ELSE }}
+Users who have skipped one or more update releases may need to run additional, post-update steps; please see the release notes for earlier versions for details.
+{{ %ENDIF }}
+
+Links:
+* [Download](http://www.postgresql.org/download)
+* [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+* [Security Page](http://www.postgresql.org/support/security/)
+* [Versioning Policy](https://www.postgresql.org/support/versioning/)
--- /dev/null
+{{ DATE_HERE }} Cumulative Update Release
+==================================
+
+The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including {{ LIST OF MINOR VERSIONS }}. This release fixes {{ 1-3 BIGGEST ISSUES }}. It also patches a number of other bugs reported over the last three months.
+{{ %IF MAJOR_ISSUE AFFECTS ONLY SOME USERS }}
+Users who are affected by {{ MAJOR ISSUE }} should update as soon as possible. Other users should plan to update at the next convenient downtime.
+{{ %ELSEIF MAJOR_ISSUE AFFECTS MOST USERS }}
+Users of {{ AFFECTED_VERSIONS }} should plan to update {{ immediately | as soon as possible | at the next available opportunity }}
+{{ %ELSE }}
+Users should plan to apply this update at the next scheduled downtime.
+{{ %ENDIF }}
+{{ SEE http://www.databasesoup.com/2013/10/how-urgent-is-that-update.html }}
+
+{{ MAJOR_ISSUE }}
+---------------
+
+This update fixes {{ MAJOR_ISSUE }}, which {{ DESCRIPTION OF ISSUE }}.
+{{ EXTRA NOTES ON FIX AND COMPATIBILITY ISSUES }}
+
+Bug Fixes and Improvements
+--------------------------
+
+This update also fixes a number of bugs reported in the last few months. Some
+of these issues affect only version {{ CURRENT_VERSION }}, but many affect
+all supported versions:
+
+{{ LIST OF PATCHED ISSUES FROM GITLOG AND/OR RELEASE NOTES }}
+
+{{ EXTRA NOTES ON SPECIAL ISSUE IF REQUIRED }}
+
+This update also contains tzdata release {{ TZDATA_RELEASE }},
+with updates for {{ LIST OF TIME ZONES }}.
+
+{{ %IF 2 to 5 MONTHS FROM EOL }}
+EOL Warning for Version {{ EOL VERSION }}
+-----------------------------------------
+
+PostgreSQL version {{ EOL VERSION }} will be End-of-Life in {{ MONTH YEAR }}. The project expects to only release one more update for that version. We urge users to start planning an upgrade to a later version of PostgreSQL as soon as possible. See our Versioning Policy for more information.
+
+{{ %ENDIF }}
+
+{{ %IF 0 to 1 MONTHS FROM EOL }}
+EOL Notice for Version {{ EOL VERSION }}
+-----------------------------------------
+
+PostgreSQL version {{ EOL VERSION }} is now End-of-Life (EOL). No additional updates or security patches
+will be released by the community for this version. Users still on {{ EOL VERSION }}
+are urged to upgrade as soon as possible. See our Versioning Policy for more information.
+
+{{ %ENDIF }}
+
+Updating
+--------
+
+All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries.
+{{ %IF POST-UPDATE STEPS }}
+After update, users will need to {{ BRIEF DESC OF UPDATE STEPS }}. See the Release Notes for more details.
+{{ %ELSE }}
+Users who have skipped one or more update releases may need to run additional, post-update steps; please see the release notes for earlier versions for details.
+{{ %ENDIF }}
+
+Links:
+* [Download](http://www.postgresql.org/download)
+* [Release Notes](http://www.postgresql.org/docs/current/static/release.html)
+* [Security Page](http://www.postgresql.org/support/security/)
+* [Versioning Policy](https://www.postgresql.org/support/versioning/)
projects / press.git / commitdiff