E.43. Release 10.7
Release date: 2019-02-14
This release contains a variety of fixes from 10.6. For information about new features in major release 10, seeSection E.50.
E.43.1. Migration to Version 10.7
A dump/restore is not required for those running 10.X.
However, if you are upgrading from a version earlier than 10.6, seeSection E.44.
E.43.2. Changes
By default, panic instead of retrying after
fsync()failure, to avoid possible data corruption (Craig Ringer, Thomas Munro)Some popular operating systems discard kernel data buffers when unable to write them out, reporting this as
fsync()failure. If we reissue thefsync()request it will succeed, but in fact the data has been lost, so continuing risks database corruption. By raising a panic condition instead, we can replay from WAL, which may contain the only remaining copy of the data in such a situation. While this is surely ugly and inefficient, there are few alternatives, and fortunately the case happens very rarely.A new server parameterdata_sync_retry has been added to control this; if you are certain that your kernel does not discard dirty data buffers in such scenarios, you can set
data_sync_retrytoonto restore the old behavior.Include each major release branch's release notes in the documentation for only that branch, rather than that branch and all later ones (Tom Lane)
The duplication induced by the previous policy was getting out of hand. Our plan is to provide a full archive of release notes on the project's web site, but not duplicate it within each release.
Ensure that
NOT NULLconstraints of a partitioned table are honored within its partitions (Álvaro Herrera, Amit Langote)Use a safe table lock level when detaching a partition (Álvaro Herrera)
The previous locking level was too weak and might allow concurrent DDL on the table, with bad results.
Fix problems with applying
ON COMMIT DROPandON COMMIT DELETE ROWSto partitioned tables and tables with inheritance children (Michael Paquier)Disallow
COPY FREEZEon partitioned tables (David Rowley)This should eventually be made to work, but it may require a patch that's too complicated to risk back-patching.
Avoid possible deadlock when acquiring multiple buffer locks (Nishant Fnu)
Avoid deadlock between GIN vacuuming and concurrent index insertions (Alexander Korotkov, Andrey Borodin, Peter Geoghegan)
This change partially reverts a performance improvement, introduced in version 10.0, that attempted to reduce the number of index pages locked during deletion of a GIN posting tree page. That's now been found to lead to deadlocks, so we've removed it pending closer analysis.
Avoid deadlock between hot-standby queries and replay of GIN index page deletion (Alexander Korotkov)
Fix possible crashes in logical replication when index expressions or predicates are in use (Peter Eisentraut)
Avoid useless and expensive logical decoding of TOAST data during a table rewrite (Tomas Vondra)
Fix logic for stopping a subset of WAL senders when synchronous replication is enabled (Paul Guo, Michael Paquier)
Avoid possibly writing an incorrect replica identity field in a tuple deletion WAL record (Stas Kelvich)
Prevent incorrect use of WAL-skipping optimization during
COPYto a view or foreign table (Amit Langote, Michael Paquier)Make the archiver prioritize WAL history files over WAL data files while choosing which file to archive next (David Steele)
Fix possible crash in
UPDATEwith a multipleSETclause using a sub-SELECTas source (Tom Lane)Avoid crash iflibxml2 returns a null error message (Sergio Conde Gómez)
Fix spurious grouping-related parser errors caused by inconsistent handling of collation assignment (Andrew Gierth)
In some cases, expressions that should be considered to match were not seen as matching, if they included operations on collatable data types.
Check whether the comparison function underlying
LEAST()orGREATEST()is leakproof, rather than just assuming it is (Tom Lane)Actual information leaks from btree comparison functions are typically hard to provoke, but in principle they could happen.
Fix incorrect planning of queries involving nested loops both above and below a Gather plan node (Tom Lane)
If both levels of nestloop needed to pass the same variable into their right-hand sides, an incorrect plan would be generated.
Fix incorrect planning of queries in which a lateral reference must be evaluated at a foreign table scan (Tom Lane)
Fix corner-case underestimation of the cost of a merge join (Tom Lane)
The planner could prefer a merge join when the outer key range is much smaller than the inner key range, even if there are so many duplicate keys on the inner side that this is a poor choice.
Avoid O(N^2) planning time growth when a query contains many thousand indexable clauses (Tom Lane)
Improve
ANALYZE's handling of concurrently-updated rows (Jeff Janes, Tom Lane)Previously, rows deleted by an in-progress transaction were omitted from
ANALYZE's sample, but this has been found to lead to more inconsistency than including them would do. In effect, the sample now corresponds to an MVCC snapshot as ofANALYZE's start time.Make
TRUNCATEignore inheritance child tables that are temporary tables of other sessions (Amit Langote, Michael Paquier)This brings
TRUNCATEinto line with the behavior of other commands. Previously, such cases usually ended in failure.Fix
TRUNCATEto update the statistics counters for the right table (Tom Lane)If the truncated table had a TOAST table, that table's counters were reset instead.
Process
ALTER TABLE ONLY ADD COLUMN IF NOT EXISTScorrectly (Greg Stark)Allow
UNLISTENin hot-standby mode (Shay Rojansky)This is necessarily a no-op, because
LISTENisn't allowed in hot-standby mode; but allowing the dummy operation simplifies session-state-reset logic in clients.Fix missing role dependencies in some schema and data type permissions lists (Tom Lane)
In some cases it was possible to drop a role to which permissions had been granted. This caused no immediate problem, but a subsequent dump/reload or upgrade would fail, with symptoms involving attempts to grant privileges to all-numeric role names.
Prevent use of a session's temporary schema within a two-phase transaction (Michael Paquier)
Accessing a temporary table within such a transaction has been forbidden for a long time, but it was still possible to cause problems with other operations on temporary objects.
Ensure relation caches are updated properly after adding or removing foreign key constraints (Álvaro Herrera)
This oversight could result in existing sessions failing to enforce a newly-created constraint, or continuing to enforce a dropped one.
Ensure relation caches are updated properly after renaming constraints (Amit Langote)
Make autovacuum more aggressive about removing leftover temporary tables, and also remove leftover temporary tables during
DISCARD TEMP(Álvaro Herrera)This helps ensure that remnants from a crashed session are cleaned up more promptly.
Fix replay of GiST index micro-vacuum operations so that concurrent hot-standby queries do not see inconsistent state (Alexander Korotkov)
Prevent empty GIN index pages from being reclaimed too quickly, causing failures of concurrent searches (Andrey Borodin, Alexander Korotkov)
Fix edge-case failures in float-to-integer coercions (Andrew Gierth, Tom Lane)
Values very slightly above the maximum valid integer value might not be rejected, and then would overflow, producing the minimum valid integer instead. Also, values that should round to the minimum or maximum integer value might be incorrectly rejected.
When making a PAM authentication request, don't set the
PAM_RHOSTvariable if the connection is via a Unix socket (Thomas Munro)Previously that variable would be set to
[local], which is at best unhelpful, since it's supposed to be a host name.Disallow setting
client_min_messageshigher thanERROR(Jonah Harris, Tom Lane)Previously, it was possible to set this variable to
FATALorPANIC, which had the effect of suppressing transmission of ordinary error messages to the client. However, that's contrary to guarantees that are given in thePostgreSQL wire protocol specification, and it caused some clients to become very confused. In released branches, fix this by silently treating such settings as meaningERRORinstead. Version 12 and later will reject those alternatives altogether.Fixecpglib to use
uselocale()or_configthreadlocale()in preference tosetlocale()(Michael Meskes, Tom Lane)Since
setlocale()is not thread-local, and might not even be thread-safe, the previous coding caused problems in multi-threadedecpg applications.