@@ -58,16 +58,20 @@ Author: Noah Misch <noah@leadboat.com>
5858 </para>
5959
6060 <para>
61- This is a change in the default for newly-created databases in
62- existing clusters and for new clusters; <literal>USAGE</literal>
63- permissions on the <literal>public</literal> schema has not
64- been changed. Databases restored from previous Postgres releases
65- will be restored with their current permissions. Users wishing
66- to have the former permissions will need to grant
67- <literal>CREATE</literal> permission for <literal>PUBLIC</literal>
68- on the <literal>public</literal> schema; this change can be made
69- on <literal>template1</literal> to cause all new databases
70- to have these permissions.
61+ The new default is one of the secure schema usage patterns that <xref
62+ linkend="ddl-schemas-patterns"/> has recommended since the security
63+ release for CVE-2018-1058. The change applies to newly-created
64+ databases in existing clusters and for new clusters. Upgrading a
65+ cluster or restoring a database dump will preserve existing permissions.
66+ </para>
67+
68+ <para>
69+ For existing databases, especially those having multiple users,
70+ consider revoking <literal>CREATE</literal> permission on
71+ the <literal>public</literal> schema to adopt this new default.
72+ For new databases having zero need to defend against insider threats,
73+ granting <literal>CREATE</literal> permission will yield the behavior
74+ of prior releases.
7175 </para>
7276 </listitem>
7377