Release date: 2017-11-09
This release contains a variety of fixes from 10.0. For information about new features in major release 10, see Section E.5.
A dump/restore is not required for those running 10.X.
However, if you use BRIN indexes, see the fourth changelog entry below.
      Ensure that INSERT ... ON CONFLICT DO UPDATE checks
      table permissions and RLS policies in all cases (Dean Rasheed)
     
      The update path of INSERT ... ON CONFLICT DO UPDATE
      requires SELECT permission on the columns of the
      arbiter index, but it failed to check for that in the case of an
      arbiter specified by constraint name.
      In addition, for a table with row level security enabled, it failed to
      check updated rows against the table's SELECT
      policies (regardless of how the arbiter index was specified).
      (CVE-2017-15099)
     
      Fix crash due to rowtype mismatch
      in json{b}_populate_recordset()
      (Michael Paquier, Tom Lane)
     
      These functions used the result rowtype specified in the FROM
      ... AS clause without checking that it matched the actual
      rowtype of the supplied tuple value.  If it didn't, that would usually
      result in a crash, though disclosure of server memory contents seems
      possible as well.
      (CVE-2017-15098)
     
      Fix sample server-start scripts to become $PGUSER
      before opening $PGLOG (Noah Misch)
     
      Previously, the postmaster log file was opened while still running as
      root.  The database owner could therefore mount an attack against
      another system user by making $PGLOG be a symbolic
      link to some other file, which would then become corrupted by appending
      log messages.
     
      By default, these scripts are not installed anywhere.  Users who have
      made use of them will need to manually recopy them, or apply the same
      changes to their modified versions.  If the
      existing $PGLOG file is root-owned, it will need to
      be removed or renamed out of the way before restarting the server with
      the corrected script.
      (CVE-2017-12172)
     
Fix BRIN index summarization to handle concurrent table extension correctly (Álvaro Herrera)
Previously, a race condition allowed some table rows to be omitted from the index. It may be necessary to reindex existing BRIN indexes to recover from past occurrences of this problem.
Fix possible failures during concurrent updates of a BRIN index (Tom Lane)
These race conditions could result in errors like “invalid index offnum” or “inconsistent range map”.
      Prevent logical replication from setting non-replicated columns to
      nulls when replicating an UPDATE (Petr Jelinek)
     
      Fix logical replication to fire BEFORE ROW DELETE
      triggers when expected (Masahiko Sawada)
     
      Previously, that failed to happen unless the table also had
      a BEFORE ROW UPDATE trigger.
     
Fix crash when logical decoding is invoked from a SPI-using function, in particular any function written in a PL language (Tom Lane)
      Ignore CTEs when looking up the target table for
      INSERT/UPDATE/DELETE,
      and prevent matching schema-qualified target table names to trigger
      transition table names (Thomas Munro)
     
This restores the pre-v10 behavior for CTEs attached to DML commands.
      Avoid evaluating an aggregate function's argument expression(s) at rows
      where its FILTER test fails (Tom Lane)
     
This restores the pre-v10 (and SQL-standard) behavior.
      Fix incorrect query results when multiple GROUPING
      SETS columns contain the same simple variable (Tom Lane)
     
      Fix query-lifespan memory leakage while evaluating a set-returning
      function in a SELECT's target list (Tom Lane)
     
Allow parallel execution of prepared statements with generic plans (Amit Kapila, Kuntal Ghosh)
Fix incorrect parallelization decisions for nested queries (Amit Kapila, Kuntal Ghosh)
Fix parallel query handling to not fail when a recently-used role is dropped (Amit Kapila)
Fix crash in parallel execution of a bitmap scan having a BitmapAnd plan node below a BitmapOr node (Dilip Kumar)
      Fix json_build_array(),
      json_build_object(), and their jsonb
      equivalents to handle explicit VARIADIC arguments
      correctly (Michael Paquier)
     
Fix autovacuum's “work item” logic to prevent possible crashes and silent loss of work items (Álvaro Herrera)
Fix corner-case crashes when columns have been added to the end of a view (Tom Lane)
      Record proper dependencies when a view or rule
      contains FieldSelect
      or FieldStore expression nodes (Tom Lane)
     
      Lack of these dependencies could allow a column or data
      type DROP to go through when it ought to fail,
      thereby causing later uses of the view or rule to get errors.
      This patch does not do anything to protect existing views/rules,
      only ones created in the future.
     
Correctly detect hashability of range data types (Tom Lane)
The planner mistakenly assumed that any range type could be hashed for use in hash joins or hash aggregation, but actually it must check whether the range's subtype has hash support. This does not affect any of the built-in range types, since they're all hashable anyway.
      Correctly ignore RelabelType expression nodes
      when examining functional-dependency statistics (David Rowley)
     
      This allows, e.g., extended statistics on varchar columns
      to be used properly.
     
Prevent sharing transition states between ordered-set aggregates (David Rowley)
This causes a crash with the built-in ordered-set aggregates, and probably with user-written ones as well. v11 and later will include provisions for dealing with such cases safely, but in released branches, just disable the optimization.
      Prevent idle_in_transaction_session_timeout from
      being ignored when a statement_timeout occurred
      earlier (Lukas Fittl)
     
      Fix low-probability loss of NOTIFY messages due to
      XID wraparound (Marko Tiikkaja, Tom Lane)
     
If a session executed no queries, but merely listened for notifications, for more than 2 billion transactions, it started to miss some notifications from concurrently-committing transactions.
Reduce the frequency of data flush requests during bulk file copies to avoid performance problems on macOS, particularly with its new APFS file system (Tom Lane)
      Allow COPY's FREEZE option to
      work when the transaction isolation level is REPEATABLE
      READ or higher (Noah Misch)
     
This case was unintentionally broken by a previous bug fix.
      Fix AggGetAggref() to return the
      correct Aggref nodes to aggregate final
      functions whose transition calculations have been merged (Tom Lane)
     
Fix insufficient schema-qualification in some new queries in pg_dump and psql (Vitaly Burovoy, Tom Lane, Noah Misch)
      Avoid use of @> operator
      in psql's queries for \d
      (Tom Lane)
     
This prevents problems when the parray_gin extension is installed, since that defines a conflicting operator.
Fix pg_basebackup's matching of tablespace paths to canonicalize both paths before comparing (Michael Paquier)
This is particularly helpful on Windows.
Fix libpq to not require user's home directory to exist (Tom Lane)
      In v10, failure to find the home directory while trying to
      read ~/.pgpass was treated as a hard error,
      but it should just cause that file to not be found.  Both v10 and
      previous release branches made the same mistake when
      reading ~/.pg_service.conf, though this was less
      obvious since that file is not sought unless a service name is
      specified.
     
      In ecpglib, correctly handle backslashes in string literals depending
      on whether standard_conforming_strings is set
      (Tsunakawa Takayuki)
     
Make ecpglib's Informix-compatibility mode ignore fractional digits in integer input strings, as expected (Gao Zengqi, Michael Meskes)
      Fix missing temp-install prerequisites
      for check-like Make targets (Noah Misch)
     
      Some non-default test procedures that are meant to work
      like make check failed to ensure that the temporary
      installation was up to date.
     
Update time zone data files to tzdata release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, Sudan, Tonga, and Turks & Caicos Islands, plus historical corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, Namibia, and Pago Pago.
In the documentation, restore HTML anchors to being upper-case strings (Peter Eisentraut)
Due to a toolchain change, the 10.0 user manual had lower-case strings for intrapage anchors, thus breaking some external links into our website documentation. Return to our previous convention of using upper-case strings.