From cb830ad05cb6cc056ba7284df5ab790ce49f0be3 Mon Sep 17 00:00:00 2001 From: "Jonathan S. Katz" Date: Thu, 14 Nov 2024 08:28:51 -0500 Subject: [PATCH] Updates to the 2024-11-14 announcement Reviewed-by: jian he Reviewed-by: Thomas Munro Reviewed-by: Noah Misch Reviewed-by: Tom Lane --- update_releases/current/20241114securityrelease.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/update_releases/current/20241114securityrelease.md b/update_releases/current/20241114securityrelease.md index 6b12bd3..4e619e7 100644 --- a/update_releases/current/20241114securityrelease.md +++ b/update_releases/current/20241114securityrelease.md @@ -89,7 +89,7 @@ are affected. The PostgreSQL project thanks Tom Lane for reporting this problem. -### [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/): PostgreSQL PL/Perl environment variable changes execute arbitrary code +### [CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/): PostgreSQL PL/Perl environment variable changes execute arbitrary code CVSS v3.1 Base Score: [8.8](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?version=3.1&vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) @@ -119,7 +119,9 @@ more information. while `LC_COLLATE` is a different locale. This could lead to incorrect query results. If you have these settings in your database, please reindex any affected indexes after updating to this release. This issue impacted 17.0 only. -* Several query planner fixes. +* Several query planner fixes, including disallowing joining partitions +([partitionwise join](https://www.postgresql.org/docs/current/runtime-config-query.html#GUC-ENABLE-PARTITIONWISE-JOIN)) +if the collations of the partitions don't match. * Fix possible wrong answers or `wrong varnullingrels` planner errors for [`MERGE ... WHEN NOT MATCHED BY SOURCE`](https://www.postgresql.org/docs/current/sql-merge.html) actions. @@ -141,8 +143,9 @@ called from a [`CALL`](https://www.postgresql.org/docs/current/sql-call.html) statement's argument list and the `CALL` is within a [PL/pgSQL `EXCEPTION`](https://www.postgresql.org/docs/current/plpgsql-control-structures.html#PLPGSQL-ERROR-TRAPPING) block. -* The `psql` `\watch` now treats values that are less than 1ms to be an interval -of 0 (no wait between executions). +* Fix for JIT crashes on ARM (aarch64) systems. +* The `psql` `\watch` now treats values that are less than 1ms to be 0 +(no wait between executions). * Fix failure to use credentials for a replication user in the [password file](https://www.postgresql.org/docs/current/libpq-pgpass.html) ([`pgpass`](https://www.postgresql.org/docs/current/libpq-pgpass.html)) -- 2.39.5