|
24 | 24 |
|
25 | 25 | <para> |
26 | 26 | However, if you use BRIN indexes, it may be advisable to reindex them; |
27 | | - see thefirst changelog entry below. |
| 27 | + see thesecond changelog entry below. |
28 | 28 | </para> |
29 | 29 |
|
30 | 30 | <para> |
|
40 | 40 |
|
41 | 41 | <listitem> |
42 | 42 | <!-- |
| 43 | +Author: Noah Misch <noah@leadboat.com> |
| 44 | +Branch: master [cd5f2a357] 2023-08-07 06:05:56 -0700 |
| 45 | +Branch: REL_16_STABLE [f53511010] 2023-08-07 06:05:59 -0700 |
| 46 | +Branch: REL_15_STABLE [de494ec14] 2023-08-07 06:06:00 -0700 |
| 47 | +Branch: REL_14_STABLE [d4648a74b] 2023-08-07 06:06:00 -0700 |
| 48 | +Branch: REL_13_STABLE [b1b585e0f] 2023-08-07 06:06:00 -0700 |
| 49 | +Branch: REL_12_STABLE [eb044d8f0] 2023-08-07 06:06:00 -0700 |
| 50 | +Branch: REL_11_STABLE [919ebb023] 2023-08-07 06:06:01 -0700 |
| 51 | +--> |
| 52 | + <para> |
| 53 | + Disallow substituting a schema or owner name into an extension script |
| 54 | + if the name contains a quote, backslash, or dollar sign (Noah Misch) |
| 55 | + </para> |
| 56 | + |
| 57 | + <para> |
| 58 | + This restriction guards against SQL-injection hazards for trusted |
| 59 | + extensions. |
| 60 | + </para> |
| 61 | + |
| 62 | + <para> |
| 63 | + The <productname>PostgreSQL</productname> Project thanks Micah Gate, |
| 64 | + Valerie Woolard, Tim Carey-Smith, and Christoph Berg for reporting |
| 65 | + this problem. |
| 66 | + (CVE-2023-39417) |
| 67 | + </para> |
| 68 | + </listitem> |
| 69 | + |
| 70 | + <listitem> |
| 71 | +<!-- |
43 | 72 | Author: Tomas Vondra <tomas.vondra@postgresql.org> |
44 | 73 | Branch: master Release: REL_16_BR [3581cbdcd] 2023-05-19 01:29:44 +0200 |
45 | 74 | Branch: REL_15_STABLE [e18769323] 2023-05-19 00:15:13 +0200 |
|