Last-minute updates for release notes.

Security: CVE-2021-3393, CVE-2021-20229
2021-02-08 11:10:40 -05:00 · 2021-02-08 11:10:40 -05:00 · 934b850847
parent cb5868cc1b
commit 934b850847
1 changed files with 25 additions and 1 deletions
--- a/doc/src/sgml/release-11.sgml
+++ b/doc/src/sgml/release-11.sgml
@ -23,7 +23,7 @@
   </para>

   <para>
-    However, see the first changelog item below,
+    However, see the second changelog item below,
    which describes cases in which reindexing indexes after the upgrade
    may be advisable.
   </para>
@ -41,6 +41,30 @@

    <listitem>
 <!--
+Author: Heikki Linnakangas <heikki.linnakangas@iki.fi>
+Branch: master [6214e2b22] 2021-02-08 11:01:51 +0200
+Branch: REL_13_STABLE [8e56684d5] 2021-02-08 11:01:55 +0200
+Branch: REL_12_STABLE [f50e88899] 2021-02-08 11:01:55 +0200
+Branch: REL_11_STABLE [cb5868cc1] 2021-02-08 11:01:55 +0200
+-->
+     <para>
+      Fix information leakage in constraint-violation error messages
+      (Heikki Linnakangas)
+     </para>
+
+     <para>
+      If an <command>UPDATE</command> command attempts to move a row to a
+      different partition but finds that it violates some constraint on
+      the new partition, and the columns in that partition are in
+      different physical positions than in the parent table, the error
+      message could reveal the contents of columns that the user does not
+      have <literal>SELECT</literal> privilege on.
+      (CVE-2021-3393)
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
 Author: Noah Misch <noah@leadboat.com>
 Branch: master [8a54e12a3] 2021-01-30 00:00:27 -0800
 Branch: REL_13_STABLE [86a5b309c] 2021-01-30 00:00:42 -0800