Release date: 2019-06-20
This release contains a variety of fixes from 10.8. For information about new features in major release 10, see Section E.23.
A dump/restore is not required for those running 10.X.
However, if you are upgrading from a version earlier than 10.6, see Section E.17.
Fix buffer-overflow hazards in SCRAM verifier parsing (Jonathan Katz, Heikki Linnakangas, Michael Paquier)
Any authenticated user could cause a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could suffice for executing arbitrary code as the PostgreSQL operating system account.
A similar overflow hazard existed in libpq, which could allow a rogue server to crash a client or perhaps execute arbitrary code as the client's operating system account.
The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. (CVE-2019-10164)
      Fix failure of ALTER TABLE ... ALTER COLUMN TYPE
      when the table has a partial exclusion constraint (Tom Lane)
     
      Fix failure of COMMENT command for comments on
      domain constraints (Daniel Gustafsson, Michael Paquier)
     
Prevent possible memory clobber when there are duplicate columns in a hash aggregate's hash key list (Andrew Gierth)
Fix faulty generation of merge-append plans (Tom Lane)
This mistake could lead to “could not find pathkey item to sort” errors.
Fix incorrect printing of queries with duplicate join names (Philip Dubé)
This oversight caused a dump/restore failure for views containing such queries.
      Fix conversion of JSON string literals to JSON-type output columns
      in json_to_record()
      and json_populate_record() (Tom Lane)
     
Such cases should produce the literal as a standalone JSON value, but the code misbehaved if the literal contained any characters requiring escaping.
      Fix misoptimization of {1,1} quantifiers in
      regular expressions (Tom Lane)
     
      Such quantifiers were treated as no-ops and optimized away;
      but the documentation specifies that they impose greediness, or
      non-greediness in the case of the non-greedy
      variant {1,1}?, on the subexpression they're
      attached to, and this did not happen.  The misbehavior occurred
      only if the subexpression contained capturing parentheses or a
      back-reference.
     
      Avoid possible failures while initializing a new
      process's pg_stat_activity data (Tom Lane)
     
      Certain operations that could fail, such as converting strings
      extracted from an SSL certificate into the database encoding, were
      being performed inside a critical section.  Failure there would
      result in database-wide lockup due to violating the access protocol
      for shared pg_stat_activity data.
     
Fix race condition in check to see whether a pre-existing shared memory segment is still in use by a conflicting postmaster (Tom Lane)
Fix unsafe coding in walreceiver's signal handler (Tom Lane)
This avoids rare problems in which the walreceiver process would crash or deadlock when commanded to shut down.
Avoid attempting to do database accesses for parameter checking in processes that are not connected to a specific database (Vignesh C, Andres Freund)
This error could result in failures like “cannot read pg_class without having selected a database”.
Avoid possible hang in libpq if using SSL and OpenSSL's pending-data buffer contains an exact multiple of 256 bytes (David Binderman)
Improve initdb's handling of multiple equivalent names for the system time zone (Tom Lane, Andrew Gierth)
      Make initdb examine
      the /etc/localtime symbolic link, if that
      exists, to break ties between equivalent names for the system time
      zone.  This makes initdb more likely to
      select the time zone name that the user would expect when multiple
      identical time zones exist.  It will not change the behavior
      if /etc/localtime is not a symlink to a zone
      data file, nor if the time zone is determined from
      the TZ environment variable.
     
      Separately, prefer UTC over other spellings of
      that time zone, when neither TZ
      nor /etc/localtime provide a hint.  This fixes
      an annoyance introduced by tzdata 2019a's
      change to make the UCT and UTC
      zone names equivalent: initdb was then
      preferring UCT, which almost nobody wants.
     
      Fix ordering of GRANT commands emitted
      by pg_dump
      and pg_dumpall for databases and
      tablespaces (Nathan Bossart, Michael Paquier)
     
      If cascading grants had been issued, restore might fail due to
      the GRANT commands being given in an order that
      didn't respect their interdependencies.
     
      Make pg_dump recreate table partitions
      using CREATE TABLE then ATTACH
      PARTITION, rather than including PARTITION
      OF in the creation command (Álvaro Herrera, David
      Rowley)
     
      This avoids problems with the partition's column order possibly being
      changed to match the parent's.  Also, a partition is now restorable
      from the dump (as a standalone table) even if its parent table isn't
      restored; the ATTACH will fail, but that can just
      be ignored.
     
Fix misleading error reports from reindexdb (Julien Rouhaud)
Ensure that vacuumdb returns correct status if an error occurs while using parallel jobs (Julien Rouhaud)
      Fix contrib/auto_explain to not cause problems
      in parallel queries (Tom Lane)
     
      Previously, a parallel worker might try to log its query even if the
      parent query were not being logged
      by auto_explain.  This would work sometimes, but
      it's confusing, and in some cases it resulted in failures
      like “could not find key N in shm TOC”.
     
Also, fix an off-by-one error that resulted in not necessarily logging every query even when the sampling rate is set to 1.0.
      In contrib/postgres_fdw, account for possible
      data modifications by local BEFORE ROW UPDATE
      triggers (Shohei Mochizuki)
     
      If a trigger modified a column that was otherwise not changed by the
      UPDATE, the new value was not transmitted to the
      remote server.
     
On Windows, avoid failure when the database encoding is set to SQL_ASCII and we attempt to log a non-ASCII string (Noah Misch)
The code had been assuming that such strings must be in UTF-8, and would throw an error if they didn't appear to be validly encoded. Now, just transmit the untranslated bytes to the log.
Make PL/pgSQL's header files C++-safe (George Tarasov)