doc PG 19 relnotes: update to current

Bruce Momjian

This commit updates the release notes for PostgreSQL 19 to reflect the current state of development and changes.

refint: Fix segfault in check_foreign_key().

Nathan Bossart

This fixes a segfault that occurred when an UPDATE statement triggered check_foreign_key() with a "cascade" action and a new key value was NULL. The fix ensures that NULL values are handled correctly to prevent the segfault.

Fix attribute mapping for COPY TO on partitioned tables.

Masahiko Sawada

This commit corrects an issue where COPY TO on a partitioned table incorrectly built the attribute map, leading to improper mapping of partition attributes to the root table. The fix ensures the attribute map is correctly built from the partition to the root table.

Prevent access to other sessions' temp tables

Alexander Korotkov

This commit addresses a security vulnerability where a superuser could potentially read or modify temporary tables of other sessions through the read-stream path, bypassing a critical security check. The fix restores the necessary checks to prevent unauthorized access.

Add tests for cross-session temp table access

Alexander Korotkov

This commit adds new TAP tests to document the behavior when one session attempts to interact with another session's temporary table. These tests confirm the current behavior where such operations silently succeed with zero rows affected.

postgres_fdw: Fix deparsing of remote column names in stats import.

Etsuro Fujita

This fixes an issue in postgres_fdw where the deparsing of remote column names for stats import could fail if column names contained single quotes or backslashes. The correction ensures proper quoting and escaping of identifiers for valid remote queries.

Fix jsonpath .split_part() to honor silent mode

Michael PaquierDiscussion: FCF996D0-580B-431C-8DE1-A540O58E4

This commit addresses a bug in the jsonpath .split_part() method, ensuring it correctly handles overflow and zero field-position cases in silent mode without hard failures. This improves the robustness of jsonpath expressions.

pgbench: fix verbose error message corruption with multiple threads

Fujii Masao

This fixes an issue in pgbench where verbose error messages could become corrupted when running with multiple threads due to a shared static buffer. The change uses a local buffer to ensure thread-safe and correct error reporting.

HN News

Postgres minor releases closing 11 CVEs

Score: 20 / Comments: 0

PostgreSQL has released minor versions across multiple branches (18.4, 17.10, 16.14, 15.18, and 14.23) to address and close 11 Common Vulnerabilities and Exposures (CVEs). This update is crucial for enhancing the security and stability of existing PostgreSQL deployments.

Postgres FDW: Pushdown is a negotiation

Score: 5 / Comments: 0

This article from ClickHouse explores the intricate details of Foreign Data Wrappers (FDW) in PostgreSQL, focusing on the "pushdown" optimization. It discusses how FDWs negotiate query execution with remote servers, highlighting the complexities and benefits of offloading processing.

Summary

Today's PostgreSQL news highlights significant bug fixes, including a crucial security patch preventing cross-session access to temporary tables and several stability improvements for COPY TO and jsonpath functions. Additionally, the PostgreSQL community released minor versions addressing 11 CVEs, emphasizing ongoing commitment to security, while a deep dive into FDW pushdown negotiation provided valuable insights for developers.

This digest was generated by gemini based on Hacker News, GitHub, and the PostgreSQL mailing list.