2010-10-04 This release contains a variety of fixes from 8.0.25. For information about new features in the 8.0 major release, see . This is expected to be the last PostgreSQL release in the 8.0.X series. Users are encouraged to update to a newer release branch soon. A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.22, see . Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl (Tom Lane) This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity (for example, within a SECURITY DEFINER function). Most scripting languages offer numerous ways that that might be done, such as redefining standard functions or operators called by the target function. Without this change, any SQL user with Perl or Tcl language usage rights can do essentially anything with the SQL privileges of the target function's owner. The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already. It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes. Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). Prevent possible crashes in pg_get_expr() by disallowing it from being called with an argument that is not one of the system catalog columns it's intended to be used with (Heikki Linnakangas, Tom Lane) Fix cannot handle unplanned sub-select error (Tom Lane) This occurred when a sub-select contains a join alias reference that expands into an expression containing another sub-select. Defend against functions returning setof record where not all the returned rows are actually of the same rowtype (Tom Lane) Take care to fsync the contents of lockfiles (both postmaster.pid and the socket lockfile) while writing them (Tom Lane) This omission could result in corrupted lockfile contents if the machine crashes shortly after postmaster start. That could in turn prevent subsequent attempts to start the postmaster from succeeding, until the lockfile is manually removed. Avoid recursion while assigning XIDs to heavily-nested subtransactions (Andres Freund, Robert Haas) The original coding could result in a crash if there was limited stack space. Fix log_line_prefix's %i escape, which could produce junk early in backend startup (Tom Lane) Fix possible data corruption in ALTER TABLE ... SET TABLESPACE when archiving is enabled (Jeff Davis) Allow CREATE DATABASE and ALTER DATABASE ... SET TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge) In PL/Python, defend against null pointer results from PyCObject_AsVoidPtr and PyCObject_FromVoidPtr (Peter Eisentraut) Improve contrib/dblink's handling of tables containing dropped columns (Tom Lane) Fix connection leak after duplicate connection name errors in contrib/dblink (Itagaki Takahiro) Fix contrib/dblink to handle connection names longer than 62 bytes correctly (Itagaki Takahiro) Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git (Magnus Hagander and others) Update time zone data files to tzdata release 2010l for DST law changes in Egypt and Palestine; also historical corrections for Finland. This change also adds new names for two Micronesian timezones: Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over Pacific/Ponape. 2010-05-17 This release contains a variety of fixes from 8.0.24. For information about new features in the 8.0 major release, see . The PostgreSQL community will stop releasing updates for the 8.0.X release series in July 2010. Users are encouraged to update to a newer release branch soon. A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.22, see . Enforce restrictions in plperl using an opmask applied to the whole interpreter, instead of using Safe.pm (Tim Bunce, Andrew Dunstan) Recent developments have convinced us that Safe.pm is too insecure to rely on for making plperl trustable. This change removes use of Safe.pm altogether, in favor of using a separate interpreter with an opcode mask that is always applied. Pleasant side effects of the change include that it is now possible to use Perl's strict pragma in a natural way in plperl, and that Perl's $a and $b variables work as expected in sort routines, and that function compilation is significantly faster. (CVE-2010-1169) Prevent PL/Tcl from executing untrustworthy code from pltcl_modules (Tom) PL/Tcl's feature for autoloading Tcl code from a database table could be exploited for trojan-horse attacks, because there was no restriction on who could create or insert into that table. This change disables the feature unless pltcl_modules is owned by a superuser. (However, the permissions on the table are not checked, so installations that really need a less-than-secure modules table can still grant suitable privileges to trusted non-superusers.) Also, prevent loading code into the unrestricted normal Tcl interpreter unless we are really going to execute a pltclu function. (CVE-2010-1170) Do not allow an unprivileged user to reset superuser-only parameter settings (Alvaro) Previously, if an unprivileged user ran ALTER USER ... RESET ALL for himself, or ALTER DATABASE ... RESET ALL for a database he owns, this would remove all special parameter settings for the user or database, even ones that are only supposed to be changeable by a superuser. Now, the ALTER will only remove the parameters that the user has permission to change. Avoid possible crash during backend shutdown if shutdown occurs when a CONTEXT addition would be made to log entries (Tom) In some cases the context-printing function would fail because the current transaction had already been rolled back when it came time to print a log message. Update pl/perl's ppport.h for modern Perl versions (Andrew) Fix assorted memory leaks in pl/python (Andreas Freund, Tom) Prevent infinite recursion in psql when expanding a variable that refers to itself (Tom) Ensure that contrib/pgstattuple functions respond to cancel interrupts promptly (Tatsuhito Kasahara) Make server startup deal properly with the case that shmget() returns EINVAL for an existing shared memory segment (Tom) This behavior has been observed on BSD-derived kernels including macOS. It resulted in an entirely-misleading startup failure complaining that the shared memory request size was too large. Update time zone data files to tzdata release 2010j for DST law changes in Argentina, Australian Antarctic, Bangladesh, Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; also historical corrections for Taiwan. 2010-03-15 This release contains a variety of fixes from 8.0.23. For information about new features in the 8.0 major release, see . The PostgreSQL community will stop releasing updates for the 8.0.X release series in July 2010. Users are encouraged to update to a newer release branch soon. A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.22, see . Add new configuration parameter ssl_renegotiation_limit to control how often we do session key renegotiation for an SSL connection (Magnus) This can be set to zero to disable renegotiation completely, which may be required if a broken SSL library is used. In particular, some vendors are shipping stopgap patches for CVE-2009-3555 that cause renegotiation attempts to fail. Fix possible crashes when trying to recover from a failure in subtransaction start (Tom) Fix server memory leak associated with use of savepoints and a client encoding different from server's encoding (Tom) Make substring() for bit types treat any negative length as meaning all the rest of the string (Tom) The previous coding treated only -1 that way, and would produce an invalid result value for other negative values, possibly leading to a crash (CVE-2010-0442). Fix integer-to-bit-string conversions to handle the first fractional byte correctly when the output bit width is wider than the given integer by something other than a multiple of 8 bits (Tom) Fix some cases of pathologically slow regular expression matching (Tom) Fix the STOP WAL LOCATION entry in backup history files to report the next WAL segment's name when the end location is exactly at a segment boundary (Itagaki Takahiro) When reading pg_hba.conf and related files, do not treat @something as a file inclusion request if the @ appears inside quote marks; also, never treat @ by itself as a file inclusion request (Tom) This prevents erratic behavior if a role or database name starts with @. If you need to include a file whose path name contains spaces, you can still do so, but you must write @"/path to/file" rather than putting the quotes around the whole construct. Prevent infinite loop on some platforms if a directory is named as an inclusion target in pg_hba.conf and related files (Tom) Fix plpgsql failure in one case where a composite column is set to NULL (Tom) Add volatile markings in PL/Python to avoid possible compiler-specific misbehavior (Zdenek Kotala) Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) The only known symptom of this oversight is that the Tcl clock command misbehaves if using Tcl 8.5 or later. Prevent crash in contrib/dblink when too many key columns are specified to a dblink_build_sql_* function (Rushabh Lathia, Joe Conway) Fix assorted crashes in contrib/xml2 caused by sloppy memory management (Tom) Update time zone data files to tzdata release 2010e for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa. 2009-12-14 This release contains a variety of fixes from 8.0.22. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.22, see . Protect against indirect security threats caused by index functions changing session-local state (Gurjeet Singh, Tom) This change prevents allegedly-immutable index functions from possibly subverting a superuser's session (CVE-2009-4136). Reject SSL certificates containing an embedded null byte in the common name (CN) field (Magnus) This prevents unintended matching of a certificate to a server or client name during SSL validation (CVE-2009-4034). Fix possible crash during backend-startup-time cache initialization (Tom) Prevent signals from interrupting VACUUM at unsafe times (Alvaro) This fix prevents a PANIC if a VACUUM FULL is canceled after it's already committed its tuple movements, as well as transient errors if a plain VACUUM is interrupted after having truncated the table. Fix possible crash due to integer overflow in hash table size calculation (Tom) This could occur with extremely large planner estimates for the size of a hashjoin's result. Fix very rare crash in inet/cidr comparisons (Chris Mikkelson) Fix premature drop of temporary files used for a cursor that is accessed within a subtransaction (Heikki) Fix PAM password processing to be more robust (Tom) The previous code is known to fail with the combination of the Linux pam_krb5 PAM module with Microsoft Active Directory as the domain controller. It might have problems elsewhere too, since it was making unjustified assumptions about what arguments the PAM stack would pass to it. Fix rare crash in exception processing in PL/Python (Peter) Ensure psql's flex module is compiled with the correct system header definitions (Tom) This fixes build failures on platforms where --enable-largefile causes incompatible changes in the generated code. Make the postmaster ignore any application_name parameter in connection request packets, to improve compatibility with future libpq versions (Tom) Update time zone data files to tzdata release 2009s for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical corrections for Hong Kong. 2009-09-09 This release contains a variety of fixes from 8.0.21. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you have any hash indexes on interval columns, you must REINDEX them after updating to 8.0.22. Also, if you are upgrading from a version earlier than 8.0.6, see . Disallow RESET ROLE and RESET SESSION AUTHORIZATION inside security-definer functions (Tom, Heikki) This covers a case that was missed in the previous patch that disallowed SET ROLE and SET SESSION AUTHORIZATION inside security-definer functions. (See CVE-2007-6600) Fix handling of sub-SELECTs appearing in the arguments of an outer-level aggregate function (Tom) Fix hash calculation for data type interval (Tom) This corrects wrong results for hash joins on interval values. It also changes the contents of hash indexes on interval columns. If you have any such indexes, you must REINDEX them after updating. Treat to_char(..., 'TH') as an uppercase ordinal suffix with 'HH'/'HH12' (Heikki) It was previously handled as 'th' (lowercase). Fix overflow for INTERVAL 'x ms' when x is more than 2 million and integer datetimes are in use (Alex Hunsaker) Fix calculation of distance between a point and a line segment (Tom) This led to incorrect results from a number of geometric operators. Fix money data type to work in locales where currency amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) Properly round datetime input like 00:12:57.9999999999999999999999999999 (Tom) Fix poor choice of page split point in GiST R-tree operator classes (Teodor) Fix portability issues in plperl initialization (Andrew Dunstan) Fix pg_ctl to not go into an infinite loop if postgresql.conf is empty (Jeff Davis) Fix contrib/xml2's xslt_process() to properly handle the maximum number of parameters (twenty) (Tom) Improve robustness of libpq's code to recover from errors during COPY FROM STDIN (Tom) Avoid including conflicting readline and editline header files when both libraries are installed (Zdenek Kotala) Update time zone data files to tzdata release 2009l for DST law changes in Bangladesh, Egypt, Jordan, Pakistan, Argentina/San_Luis, Cuba, Jordan (historical correction only), Mauritius, Morocco, Palestine, Syria, Tunisia. 2009-03-16 This release contains a variety of fixes from 8.0.20. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Prevent error recursion crashes when encoding conversion fails (Tom) This change extends fixes made in the last two minor releases for related failure scenarios. The previous fixes were narrowly tailored for the original problem reports, but we have now recognized that any error thrown by an encoding conversion function could potentially lead to infinite recursion while trying to report the error. The solution therefore is to disable translation and encoding conversion and report the plain-ASCII form of any error message, if we find we have gotten into a recursive error reporting situation. (CVE-2009-0922) Disallow CREATE CONVERSION with the wrong encodings for the specified conversion function (Heikki) This prevents one possible scenario for encoding conversion failure. The previous change is a backstop to guard against other kinds of failures in the same area. Fix core dump when to_char() is given format codes that are inappropriate for the type of the data argument (Tom) Add MUST (Mauritius Island Summer Time) to the default list of known timezone abbreviations (Xavier Bugaud) 2009-02-02 This release contains a variety of fixes from 8.0.19. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Improve handling of URLs in headline() function (Teodor) Improve handling of overlength headlines in headline() function (Teodor) Prevent possible Assert failure or misconversion if an encoding conversion is created with the wrong conversion function for the specified pair of encodings (Tom, Heikki) Avoid unnecessary locking of small tables in VACUUM (Heikki) Fix uninitialized variables in contrib/tsearch2's get_covers() function (Teodor) Make all documentation reference pgsql-bugs and/or pgsql-hackers as appropriate, instead of the now-decommissioned pgsql-ports and pgsql-patches mailing lists (Tom) Update time zone data files to tzdata release 2009a (for Kathmandu and historical DST corrections in Switzerland, Cuba) 2008-11-03 This release contains a variety of fixes from 8.0.18. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Fix backend crash when the client encoding cannot represent a localized error message (Tom) We have addressed similar issues before, but it would still fail if the character has no equivalent message itself couldn't be converted. The fix is to disable localization and send the plain ASCII error message when we detect such a situation. Fix possible crash when deeply nested functions are invoked from a trigger (Tom) Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function (Tom) Fix incorrect tsearch2 headline generation when single query item matches first word of text (Sushant Sinha) Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an --enable-integer-datetimes build (Ron Mayer) Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns (Tom) This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. Fix ecpg's parsing of CREATE USER (Michael) Fix recent breakage of pg_ctl restart (Tom) Update time zone data files to tzdata release 2008i (for DST law changes in Argentina, Brazil, Mauritius, Syria) 2008-09-22 This release contains a variety of fixes from 8.0.17. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Widen local lock counters from 32 to 64 bits (Tom) This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected lock is already held errors. Add checks in executor startup to ensure that the tuples produced by an INSERT or UPDATE will match the target table's current rowtype (Tom) ALTER COLUMN TYPE, followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform (Tom) Improve performance of writing very long log messages to syslog (Tom) Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query (Tom) Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents (Tom) This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like col IS NULL. Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful about the encoding of data sent to or from Tcl (Tom) Fix PL/Python to work with Python 2.5 This is a back-port of fixes made during the 8.2 development cycle. Improve pg_dump and pg_restore's error reporting after failure to send a SQL command (Tom) Fix pg_ctl to properly preserve postmaster command-line arguments across a restart (Bruce) Update time zone data files to tzdata release 2008f (for DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco, Pakistan, Palestine, and Paraguay) 2008-06-12 This release contains one serious bug fix over 8.0.16. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Make pg_get_ruledef() parenthesize negative constants (Tom) Before this fix, a negative constant in a view or rule might be dumped as, say, -42::integer, which is subtly incorrect: it should be (-42)::integer due to operator precedence rules. Usually this would make little difference, but it could interact with another recent patch to cause PostgreSQL to reject what had been a valid SELECT DISTINCT view query. Since this could result in pg_dump output failing to reload, it is being treated as a high-priority fix. The only released versions in which dump output is actually incorrect are 8.3.1 and 8.2.7. never released This release contains a variety of fixes from 8.0.15. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Fix ALTER TABLE ADD COLUMN ... PRIMARY KEY so that the new column is correctly checked to see if it's been initialized to all non-nulls (Brendan Jurd) Previous versions neglected to check this requirement at all. Fix possible CREATE TABLE failure when inheriting the same constraint from multiple parent relations that inherited that constraint from a common ancestor (Tom) Fix conversions between ISO-8859-5 and other encodings to handle Cyrillic Yo characters (e and E with two dots) (Sergey Burladyan) Fix a few datatype input functions that were allowing unused bytes in their results to contain uninitialized, unpredictable values (Tom) This could lead to failures in which two apparently identical literal values were not seen as equal, resulting in the parser complaining about unmatched ORDER BY and DISTINCT expressions. Fix a corner case in regular-expression substring matching (substring(string from pattern)) (Tom) The problem occurs when there is a match to the pattern overall but the user has specified a parenthesized subexpression and that subexpression hasn't got a match. An example is substring('foo' from 'foo(bar)?'). This should return NULL, since (bar) isn't matched, but it was mistakenly returning the whole-pattern match instead (ie, foo). Update time zone data files to tzdata release 2008c (for DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba, Argentina/San_Luis, and Chile) Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function (Michael) Fix core dump in contrib/xml2's xpath_table() function when the input query returns a NULL value (Tom) Fix contrib/xml2's makefile to not override CFLAGS (Tom) Fix DatumGetBool macro to not fail with gcc 4.3 (Tom) This problem affects old style (V0) C functions that return boolean. The fix is already in 8.3, but the need to back-patch it was not realized at the time. Fix longstanding LISTEN/NOTIFY race condition (Tom) In rare cases a session that had just executed a LISTEN might not get a notification, even though one would be expected because the concurrent transaction executing NOTIFY was observed to commit later. A side effect of the fix is that a transaction that has executed a not-yet-committed LISTEN command will not see any row in pg_listener for the LISTEN, should it choose to look; formerly it would have. This behavior was never documented one way or the other, but it is possible that some applications depend on the old behavior. Fix rare crash when an error occurs during a query using a hash index (Heikki) Fix input of datetime values for February 29 in years BC (Tom) The former coding was mistaken about which years were leap years. Fix unrecognized node type error in some variants of ALTER OWNER (Tom) Fix pg_ctl to correctly extract the postmaster's port number from command-line options (Itagaki Takahiro, Tom) Previously, pg_ctl start -w could try to contact the postmaster on the wrong port, leading to bogus reports of startup failure. Use -fwrapv to defend against possible misoptimization in recent gcc versions (Tom) This is known to be necessary when building PostgreSQL with gcc 4.3 or later. Fix display of constant expressions in ORDER BY and GROUP BY (Tom) An explicitly casted constant would be shown incorrectly. This could for example lead to corruption of a view definition during dump and reload. Fix libpq to handle NOTICE messages correctly during COPY OUT (Tom) This failure has only been observed to occur when a user-defined datatype's output routine issues a NOTICE, but there is no guarantee it couldn't happen due to other causes. 2008-01-07 This release contains a variety of fixes from 8.0.14, including fixes for significant security issues. For information about new features in the 8.0 major release, see . This is the last 8.0.X release for which the PostgreSQL community will produce binary packages for Windows. Windows users are encouraged to move to 8.2.X or later, since there are Windows-specific fixes in 8.2.X that are impractical to back-port. 8.0.X will continue to be supported on other platforms. A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Prevent functions in indexes from executing with the privileges of the user running VACUUM, ANALYZE, etc (Tom) Functions used in index expressions and partial-index predicates are evaluated whenever a new table entry is made. It has long been understood that this poses a risk of trojan-horse code execution if one modifies a table owned by an untrustworthy user. (Note that triggers, defaults, check constraints, etc. pose the same type of risk.) But functions in indexes pose extra danger because they will be executed by routine maintenance operations such as VACUUM FULL, which are commonly performed automatically under a superuser account. For example, a nefarious user can execute code with superuser privileges by setting up a trojan-horse index definition and waiting for the next routine vacuum. The fix arranges for standard maintenance operations (including VACUUM, ANALYZE, REINDEX, and CLUSTER) to execute as the table owner rather than the calling user, using the same privilege-switching mechanism already used for SECURITY DEFINER functions. To prevent bypassing this security measure, execution of SET SESSION AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context. (CVE-2007-6600) Repair assorted bugs in the regular-expression package (Tom, Will Drewry) Suitably crafted regular-expression patterns could cause crashes, infinite or near-infinite looping, and/or massive memory consumption, all of which pose denial-of-service hazards for applications that accept regex search patterns from untrustworthy sources. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) Require non-superusers who use /contrib/dblink to use only password authentication, as a security measure (Joe) The fix that appeared for this in 8.0.14 was incomplete, as it plugged the hole for only some dblink functions. (CVE-2007-6601, CVE-2007-3278) Update time zone data files to tzdata release 2007k (in particular, recent Argentina changes) (Tom) Fix planner failure in some cases of WHERE false AND var IN (SELECT ...) (Tom) Preserve the tablespace of indexes that are rebuilt by ALTER TABLE ... ALTER COLUMN TYPE (Tom) Make archive recovery always start a new WAL timeline, rather than only when a recovery stop time was used (Simon) This avoids a corner-case risk of trying to overwrite an existing archived copy of the last WAL segment, and seems simpler and cleaner than the original definition. Make VACUUM not use all of maintenance_work_mem when the table is too small for it to be useful (Alvaro) Fix potential crash in translate() when using a multibyte database encoding (Tom) Fix PL/Perl to cope when platform's Perl defines type bool as int rather than char (Tom) While this could theoretically happen anywhere, no standard build of Perl did things this way ... until macOS 10.5. Fix PL/Python to not crash on long exception messages (Alvaro) Fix pg_dump to correctly handle inheritance child tables that have default expressions different from their parent's (Tom) ecpg parser fixes (Michael) Make contrib/tablefunc's crosstab() handle NULL rowid as a category in its own right, rather than crashing (Joe) Fix tsvector and tsquery output routines to escape backslashes correctly (Teodor, Bruce) Fix crash of to_tsvector() on huge input strings (Teodor) Require a specific version of Autoconf to be used when re-generating the configure script (Peter) This affects developers and packagers only. The change was made to prevent accidental use of untested combinations of Autoconf and PostgreSQL versions. You can remove the version check if you really want to use a different Autoconf version, but it's your responsibility whether the result works or not. 2007-09-17 This release contains a variety of fixes from 8.0.13. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Prevent index corruption when a transaction inserts rows and then aborts close to the end of a concurrent VACUUM on the same table (Tom) Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) Fix excessive logging of SSL error messages (Tom) Fix logging so that log messages are never interleaved when using the syslogger process (Andrew) Fix crash when log_min_error_statement logging runs out of memory (Tom) Fix incorrect handling of some foreign-key corner cases (Tom) Prevent CLUSTER from failing due to attempting to process temporary tables of other sessions (Alvaro) Update the time zone database rules, particularly New Zealand's upcoming changes (Tom) Windows socket improvements (Magnus) Suppress timezone name (%Z) in log timestamps on Windows because of possible encoding mismatches (Tom) Require non-superusers who use /contrib/dblink to use only password authentication, as a security measure (Joe) 2007-04-23 This release contains a variety of fixes from 8.0.12, including a security fix. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Support explicit placement of the temporary-table schema within search_path, and disable searching it for functions and operators (Tom) This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, an unprivileged SQL user can use temporary objects to execute code with the privileges of the security-definer function (CVE-2007-2138). See CREATE FUNCTION for more information. /contrib/tsearch2 crash fixes (Teodor) Fix potential-data-corruption bug in how VACUUM FULL handles UPDATE chains (Tom, Pavan Deolasee) Fix PANIC during enlargement of a hash index (bug introduced in 8.0.10) (Tom) Fix POSIX-style timezone specs to follow new USA DST rules (Tom) 2007-02-07 This release contains one fix from 8.0.11. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Remove overly-restrictive check for type length in constraints and functional indexes(Tom) 2007-02-05 This release contains a variety of fixes from 8.0.10, including a security fix. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Remove security vulnerabilities that allowed connected users to read backend memory (Tom) The vulnerabilities involve suppressing the normal check that a SQL function returns the data type it's declared to, and changing the data type of a table column (CVE-2007-0555, CVE-2007-0556). These errors can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access. Fix rare bug wherein btree index page splits could fail due to choosing an infeasible split point (Heikki Linnakangas) Fix for rare Assert() crash triggered by UNION (Tom) Tighten security of multi-byte character processing for UTF8 sequences over three bytes long (Tom) 2007-01-08 This release contains a variety of fixes from 8.0.9. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Improve handling of getaddrinfo() on AIX (Tom) This fixes a problem with starting the statistics collector, among other things. Fix failed to re-find parent key errors in VACUUM (Tom) Fix race condition for truncation of a large relation across a gigabyte boundary by VACUUM (Tom) Fix bugs affecting multi-gigabyte hash indexes (Tom) Fix possible deadlock in Windows signal handling (Teodor) Fix error when constructing an ARRAY[] made up of multiple empty elements (Tom) Fix ecpg memory leak during connection (Michael) to_number() and to_char(numeric) are now STABLE, not IMMUTABLE, for new initdb installs (Tom) This is because lc_numeric can potentially change the output of these functions. Improve index usage of regular expressions that use parentheses (Tom) This improves psql \d performance also. Update timezone database This affects Australian and Canadian daylight-savings rules in particular. 2006-10-16 This release contains a variety of fixes from 8.0.8. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Fix crash when referencing NEW row values in rule WHERE expressions (Tom) Fix core dump when an untyped literal is taken as ANYARRAY Fix mishandling of AFTER triggers when query contains a SQL function returning multiple rows (Tom) Fix ALTER TABLE ... TYPE to recheck NOT NULL for USING clause (Tom) Fix string_to_array() to handle overlapping matches for the separator string For example, string_to_array('123xx456xxx789', 'xx'). Fix corner cases in pattern matching for psql's \d commands Fix index-corrupting bugs in /contrib/ltree (Teodor) Numerous robustness fixes in ecpg (Joachim Wieland) Fix backslash escaping in /contrib/dbmirror Fix instability of statistics collection on Win32 (Tom, Andrew) Fixes for AIX and Intel compilers (Tom) 2006-05-23 This release contains a variety of fixes from 8.0.7, including patches for extremely serious security issues. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Full security against the SQL-injection attacks described in CVE-2006-2313 and CVE-2006-2314 might require changes in application code. If you have applications that embed untrustworthy strings into SQL commands, you should examine them as soon as possible to ensure that they are using recommended escaping techniques. In most cases, applications should be using subroutines provided by libraries or drivers (such as libpq's PQescapeStringConn()) to perform string escaping, rather than relying on ad hoc code to do it. Change the server to reject invalidly-encoded multibyte characters in all cases (Tatsuo, Tom) While PostgreSQL has been moving in this direction for some time, the checks are now applied uniformly to all encodings and all textual input, and are now always errors not merely warnings. This change defends against SQL-injection attacks of the type described in CVE-2006-2313. Reject unsafe uses of \' in string literals As a server-side defense against SQL-injection attacks of the type described in CVE-2006-2314, the server now only accepts '' and not \' as a representation of ASCII single quote in SQL string literals. By default, \' is rejected only when client_encoding is set to a client-only encoding (SJIS, BIG5, GBK, GB18030, or UHC), which is the scenario in which SQL injection is possible. A new configuration parameter backslash_quote is available to adjust this behavior when needed. Note that full security against CVE-2006-2314 might require client-side changes; the purpose of backslash_quote is in part to make it obvious that insecure clients are insecure. Modify libpq's string-escaping routines to be aware of encoding considerations and standard_conforming_strings This fixes libpq-using applications for the security issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs them against the planned changeover to SQL-standard string literal syntax. Applications that use multiple PostgreSQL connections concurrently should migrate to PQescapeStringConn() and PQescapeByteaConn() to ensure that escaping is done correctly for the settings in use in each database connection. Applications that do string escaping by hand should be modified to rely on library routines instead. Fix some incorrect encoding conversion functions win1251_to_iso, alt_to_iso, euc_tw_to_big5, euc_tw_to_mic, mic_to_euc_tw were all broken to varying extents. Clean up stray remaining uses of \' in strings (Bruce, Jan) Fix bug that sometimes caused OR'd index scans to miss rows they should have returned Fix WAL replay for case where a btree index has been truncated Fix SIMILAR TO for patterns involving | (Tom) Fix SELECT INTO and CREATE TABLE AS to create tables in the default tablespace, not the base directory (Kris Jurka) Fix server to use custom DH SSL parameters correctly (Michael Fuhr) Fix for Bonjour on Intel Macs (Ashley Clark) Fix various minor memory leaks Fix problem with password prompting on some Win32 systems (Robert Kinberg) 2006-02-14 This release contains a variety of fixes from 8.0.6. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see . Fix potential crash in SET SESSION AUTHORIZATION (CVE-2006-0553) An unprivileged user could crash the server process, resulting in momentary denial of service to other users, if the server has been compiled with Asserts enabled (which is not the default). Thanks to Akio Ishida for reporting this problem. Fix bug with row visibility logic in self-inserted rows (Tom) Under rare circumstances a row inserted by the current command could be seen as already valid, when it should not be. Repairs bug created in 8.0.4, 7.4.9, and 7.3.11 releases. Fix race condition that could lead to file already exists errors during pg_clog and pg_subtrans file creation (Tom) Fix cases that could lead to crashes if a cache-invalidation message arrives at just the wrong time (Tom) Properly check DOMAIN constraints for UNKNOWN parameters in prepared statements (Neil) Ensure ALTER COLUMN TYPE will process FOREIGN KEY, UNIQUE, and PRIMARY KEY constraints in the proper order (Nakano Yoshihisa) Fixes to allow restoring dumps that have cross-schema references to custom operators or operator classes (Tom) Allow pg_restore to continue properly after a COPY failure; formerly it tried to treat the remaining COPY data as SQL commands (Stephen Frost) Fix pg_ctl unregister crash when the data directory is not specified (Magnus) Fix ecpg crash on AMD64 and PPC (Neil) Recover properly if error occurs during argument passing in PL/python (Neil) Fix PL/perl's handling of locales on Win32 to match the backend (Andrew) Fix crash when log_min_messages is set to DEBUG3 or above in postgresql.conf on Win32 (Bruce) Fix pgxs -L library path specification for Win32, Cygwin, macOS, AIX (Bruce) Check that SID is enabled while checking for Win32 admin privileges (Magnus) Properly reject out-of-range date inputs (Kris Jurka) Portability fix for testing presence of finite and isinf during configure (Tom) 2006-01-09 This release contains a variety of fixes from 8.0.5. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.3, see . Also, you might need to REINDEX indexes on textual columns after updating, if you are affected by the locale or plperl issues described below. Fix Windows code so that postmaster will continue rather than exit if there is no more room in ShmemBackendArray (Magnus) The previous behavior could lead to a denial-of-service situation if too many connection requests arrive close together. This applies only to the Windows port. Fix bug introduced in 8.0 that could allow ReadBuffer to return an already-used page as new, potentially causing loss of recently-committed data (Tom) Fix for protocol-level Describe messages issued outside a transaction or in a failed transaction (Tom) Fix character string comparison for locales that consider different character combinations as equal, such as Hungarian (Tom) This might require REINDEX to fix existing indexes on textual columns. Set locale environment variables during postmaster startup to ensure that plperl won't change the locale later This fixes a problem that occurred if the postmaster was started with environment variables specifying a different locale than what initdb had been told. Under these conditions, any use of plperl was likely to lead to corrupt indexes. You might need REINDEX to fix existing indexes on textual columns if this has happened to you. Allow more flexible relocation of installation directories (Tom) Previous releases supported relocation only if all installation directory paths were the same except for the last component. Fix longstanding bug in strpos() and regular expression handling in certain rarely used Asian multi-byte character sets (Tatsuo) Various fixes for functions returning RECORDs (Tom) Fix bug in /contrib/pgcrypto gen_salt, which caused it not to use all available salt space for MD5 and XDES algorithms (Marko Kreen, Solar Designer) Salts for Blowfish and standard DES are unaffected. Fix /contrib/dblink to throw an error, rather than crashing, when the number of columns specified is different from what's actually returned by the query (Joe) 2005-12-12 This release contains a variety of fixes from 8.0.4. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.3, see . Fix race condition in transaction log management There was a narrow window in which an I/O operation could be initiated for the wrong page, leading to an Assert failure or data corruption. Fix bgwriter problems after recovering from errors (Tom) The background writer was found to leak buffer pins after write errors. While not fatal in itself, this might lead to mysterious blockages of later VACUUM commands. Prevent failure if client sends Bind protocol message when current transaction is already aborted /contrib/ltree fixes (Teodor) AIX and HPUX compile fixes (Tom) Retry file reads and writes after Windows NO_SYSTEM_RESOURCES error (Qingqing Zhou) Fix intermittent failure when log_line_prefix includes %i Fix psql performance issue with long scripts on Windows (Merlin Moncure) Fix missing updates of pg_group flat file Fix longstanding planning error for outer joins This bug sometimes caused a bogus error RIGHT JOIN is only supported with merge-joinable join conditions. Postpone timezone initialization until after postmaster.pid is created This avoids confusing startup scripts that expect the pid file to appear quickly. Prevent core dump in pg_autovacuum when a table has been dropped Fix problems with whole-row references (foo.*) to subquery results 2005-10-04 This release contains a variety of fixes from 8.0.3. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.3, see . Fix error that allowed VACUUM to remove ctid chains too soon, and add more checking in code that follows ctid links This fixes a long-standing problem that could cause crashes in very rare circumstances. Fix CHAR() to properly pad spaces to the specified length when using a multiple-byte character set (Yoshiyuki Asaba) In prior releases, the padding of CHAR() was incorrect because it only padded to the specified number of bytes without considering how many characters were stored. Force a checkpoint before committing CREATE DATABASE This should fix recent reports of index is not a btree failures when a crash occurs shortly after CREATE DATABASE. Fix the sense of the test for read-only transaction in COPY The code formerly prohibited COPY TO, where it should prohibit COPY FROM. Handle consecutive embedded newlines in COPY CSV-mode input Fix date_trunc(week) for dates near year end Fix planning problem with outer-join ON clauses that reference only the inner-side relation Further fixes for x FULL JOIN y ON true corner cases Fix overenthusiastic optimization of x IN (SELECT DISTINCT ...) and related cases Fix mis-planning of queries with small LIMIT values due to poorly thought out fuzzy cost comparison Make array_in and array_recv more paranoid about validating their OID parameter Fix missing rows in queries like UPDATE a=... WHERE a... with GiST index on column a Improve robustness of datetime parsing Improve checking for partially-written WAL pages Improve robustness of signal handling when SSL is enabled Improve MIPS and M68K spinlock code Don't try to open more than max_files_per_process files during postmaster startup Various memory leakage fixes Various portability improvements Update timezone data files Improve handling of DLL load failures on Windows Improve random-number generation on Windows Make psql -f filename return a nonzero exit code when opening the file fails Change pg_dump to handle inherited check constraints more reliably Fix password prompting in pg_restore on Windows Fix PL/pgSQL to handle var := var correctly when the variable is of pass-by-reference type Fix PL/Perl %_SHARED so it's actually shared Fix contrib/pg_autovacuum to allow sleep intervals over 2000 sec Update contrib/tsearch2 to use current Snowball code 2005-05-09 This release contains a variety of fixes from 8.0.2, including several security-related issues. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.X. However, it is one possible way of handling two significant security problems that have been found in the initial contents of 8.0.X system catalogs. A dump/initdb/reload sequence using 8.0.3's initdb will automatically correct these problems. The larger security problem is that the built-in character set encoding conversion functions can be invoked from SQL commands by unprivileged users, but the functions were not designed for such use and are not secure against malicious choices of arguments. The fix involves changing the declared parameter list of these functions so that they can no longer be invoked from SQL commands. (This does not affect their normal use by the encoding conversion machinery.) The lesser problem is that the contrib/tsearch2 module creates several functions that are improperly declared to return internal when they do not accept internal arguments. This breaks type safety for all functions using internal arguments. It is strongly recommended that all installations repair these errors, either by initdb or by following the manual repair procedure given below. The errors at least allow unprivileged database users to crash their server process, and might allow unprivileged users to gain the privileges of a database superuser. If you wish not to do an initdb, perform the same manual repair procedures shown in the 7.4.8 release notes. Change encoding function signature to prevent misuse Change contrib/tsearch2 to avoid unsafe use of INTERNAL function results Guard against incorrect second parameter to record_out Repair ancient race condition that allowed a transaction to be seen as committed for some purposes (eg SELECT FOR UPDATE) slightly sooner than for other purposes This is an extremely serious bug since it could lead to apparent data inconsistencies being briefly visible to applications. Repair race condition between relation extension and VACUUM This could theoretically have caused loss of a page's worth of freshly-inserted data, although the scenario seems of very low probability. There are no known cases of it having caused more than an Assert failure. Fix comparisons of TIME WITH TIME ZONE values The comparison code was wrong in the case where the --enable-integer-datetimes configuration switch had been used. NOTE: if you have an index on a TIME WITH TIME ZONE column, it will need to be REINDEXed after installing this update, because the fix corrects the sort order of column values. Fix EXTRACT(EPOCH) for TIME WITH TIME ZONE values Fix mis-display of negative fractional seconds in INTERVAL values This error only occurred when the --enable-integer-datetimes configuration switch had been used. Fix pg_dump to dump trigger names containing % correctly (Neil) Still more 64-bit fixes for contrib/intagg Prevent incorrect optimization of functions returning RECORD Prevent crash on COALESCE(NULL,NULL) Fix Borland makefile for libpq Fix contrib/btree_gist for timetz type (Teodor) Make pg_ctl check the PID found in postmaster.pid to see if it is still a live process Fix pg_dump/pg_restore problems caused by addition of dump timestamps Fix interaction between materializing holdable cursors and firing deferred triggers during transaction commit Fix memory leak in SQL functions returning pass-by-reference data types 2005-04-07 This release contains a variety of fixes from 8.0.1. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.*. This release updates the major version number of the PostgreSQL libraries, so it might be necessary to re-link some user applications if they cannot find the properly-numbered shared library. Increment the major version number of all interface libraries (Bruce) This should have been done in 8.0.0. It is required so 7.4.X versions of PostgreSQL client applications, like psql, can be used on the same machine as 8.0.X applications. This might require re-linking user applications that use these libraries. Add Windows-only wal_sync_method setting of fsync_writethrough (Magnus, Bruce) This setting causes PostgreSQL to write through any disk-drive write cache when writing to WAL. This behavior was formerly called fsync, but was renamed because it acts quite differently from fsync on other platforms. Enable the wal_sync_method setting of open_datasync on Windows, and make it the default for that platform (Magnus, Bruce) Because the default is no longer fsync_writethrough, data loss is possible during a power failure if the disk drive has write caching enabled. To turn off the write cache on Windows, from the Device Manager, choose the drive properties, then Policies. New cache management algorithm 2Q replaces ARC (Tom) This was done to avoid a pending US patent on ARC. The 2Q code might be a few percentage points slower than ARC for some work loads. A better cache management algorithm will appear in 8.1. Planner adjustments to improve behavior on freshly-created tables (Tom) Allow plpgsql to assign to an element of an array that is initially NULL (Tom) Formerly the array would remain NULL, but now it becomes a single-element array. The main SQL engine was changed to handle UPDATE of a null array value this way in 8.0, but the similar case in plpgsql was overlooked. Convert \r\n and \r to \n in plpython function bodies (Michael Fuhr) This prevents syntax errors when plpython code is written on a Windows or Mac client. Allow SPI cursors to handle utility commands that return rows, such as EXPLAIN (Tom) Fix CLUSTER failure after ALTER TABLE SET WITHOUT OIDS (Tom) Reduce memory usage of ALTER TABLE ADD COLUMN (Neil) Fix ALTER LANGUAGE RENAME (Tom) Document the Windows-only register and unregister options of pg_ctl (Magnus) Ensure operations done during backend shutdown are counted by statistics collector This is expected to resolve reports of pg_autovacuum not vacuuming the system catalogs often enough — it was not being told about catalog deletions caused by temporary table removal during backend exit. Change the Windows default for configuration parameter log_destination to eventlog (Magnus) By default, a server running on Windows will now send log output to the Windows event logger rather than standard error. Make Kerberos authentication work on Windows (Magnus) Allow ALTER DATABASE RENAME by superusers who aren't flagged as having CREATEDB privilege (Tom) Modify WAL log entries for CREATE and DROP DATABASE to not specify absolute paths (Tom) This allows point-in-time recovery on a different machine with possibly different database location. Note that CREATE TABLESPACE still poses a hazard in such situations. Fix crash from a backend exiting with an open transaction that created a table and opened a cursor on it (Tom) Fix array_map() so it can call PL functions (Tom) Several contrib/tsearch2 and contrib/btree_gist fixes (Teodor) Fix crash of some contrib/pgcrypto functions on some platforms (Marko Kreen) Fix contrib/intagg for 64-bit platforms (Tom) Fix ecpg bugs in parsing of CREATE statement (Michael) Work around gcc bug on powerpc and amd64 causing problems in ecpg (Christof Petig) Do not use locale-aware versions of upper(), lower(), and initcap() when the locale is C (Bruce) This allows these functions to work on platforms that generate errors for non-7-bit data when the locale is C. Fix quote_ident() to quote names that match keywords (Tom) Fix to_date() to behave reasonably when CC and YY fields are both used (Karel) Prevent to_char(interval) from failing when given a zero-month interval (Tom) Fix wrong week returned by date_trunc('week') (Bruce) date_trunc('week') returned the wrong year for the first few days of January in some years. Use the correct default mask length for class D addresses in INET data types (Tom) 2005-01-31 This release contains a variety of fixes from 8.0.0, including several security-related issues. For information about new features in the 8.0 major release, see . A dump/restore is not required for those running 8.0.0. Disallow LOAD to non-superusers On platforms that will automatically execute initialization functions of a shared library (this includes at least Windows and ELF-based Unixen), LOAD can be used to make the server execute arbitrary code. Thanks to NGS Software for reporting this. Check that creator of an aggregate function has the right to execute the specified transition functions This oversight made it possible to bypass denial of EXECUTE permission on a function. Fix security and 64-bit issues in contrib/intagg Add needed STRICT marking to some contrib functions (Kris Jurka) Avoid buffer overrun when plpgsql cursor declaration has too many parameters (Neil) Make ALTER TABLE ADD COLUMN enforce domain constraints in all cases Fix planning error for FULL and RIGHT outer joins The result of the join was mistakenly supposed to be sorted the same as the left input. This could not only deliver mis-sorted output to the user, but in case of nested merge joins could give outright wrong answers. Improve planning of grouped aggregate queries ROLLBACK TO savepoint closes cursors created since the savepoint Fix inadequate backend stack size on Windows Avoid SHGetSpecialFolderPath() on Windows (Magnus) Fix some problems in running pg_autovacuum as a Windows service (Dave Page) Multiple minor bug fixes in pg_dump/pg_restore Fix ecpg segfault with named structs used in typedefs (Michael) 2005-01-19 Major changes in this release: Microsoft Windows Native Server This is the first PostgreSQL release to run natively on Microsoft Windows as a server. It can run as a Windows service. This release supports NT-based Windows releases like Windows 2000 SP4, Windows XP, and Windows 2003. Older releases like Windows 95, Windows 98, and Windows ME are not supported because these operating systems do not have the infrastructure to support PostgreSQL. A separate installer project has been created to ease installation on Windows — see . Although tested throughout our release cycle, the Windows port does not have the benefit of years of use in production environments that PostgreSQL has on Unix platforms. Therefore it should be treated with the same level of caution as you would a new product. Previous releases required the Unix emulation toolkit Cygwin in order to run the server on Windows operating systems. PostgreSQL has supported native clients on Windows for many years. Savepoints Savepoints allow specific parts of a transaction to be aborted without affecting the remainder of the transaction. Prior releases had no such capability; there was no way to recover from a statement failure within a transaction except by aborting the whole transaction. This feature is valuable for application writers who require error recovery within a complex transaction. Point-In-Time Recovery In previous releases there was no way to recover from disk drive failure except to restore from a previous backup or use a standby replication server. Point-in-time recovery allows continuous backup of the server. You can recover either to the point of failure or to some transaction in the past. Tablespaces Tablespaces allow administrators to select different file systems for storage of individual tables, indexes, and databases. This improves performance and control over disk space usage. Prior releases used initlocation and manual symlink management for such tasks. Improved Buffer Management, CHECKPOINT, VACUUM This release has a more intelligent buffer replacement strategy, which will make better use of available shared buffers and improve performance. The performance impact of vacuum and checkpoints is also lessened. Change Column Types A column's data type can now be changed with ALTER TABLE. New Perl Server-Side Language A new version of the plperl server-side language now supports a persistent shared storage area, triggers, returning records and arrays of records, and SPI calls to access the database. Comma-separated-value (CSV) support in COPY COPY can now read and write comma-separated-value files. It has the flexibility to interpret nonstandard quoting and separation characters too. A dump/restore using pg_dump is required for those wishing to migrate data from any previous release. Observe the following incompatibilities: In READ COMMITTED serialization mode, volatile functions now see the results of concurrent transactions committed up to the beginning of each statement within the function, rather than up to the beginning of the interactive command that called the function. Functions declared STABLE or IMMUTABLE always use the snapshot of the calling query, and therefore do not see the effects of actions taken after the calling query starts, whether in their own transaction or other transactions. Such a function must be read-only, too, meaning that it cannot use any SQL commands other than SELECT. Nondeferred AFTER triggers are now fired immediately after completion of the triggering query, rather than upon finishing the current interactive command. This makes a difference when the triggering query occurred within a function: the trigger is invoked before the function proceeds to its next operation. Server configuration parameters virtual_host and tcpip_socket have been replaced with a more general parameter listen_addresses. Also, the server now listens on localhost by default, which eliminates the need for the -i postmaster switch in many scenarios. Server configuration parameters SortMem and VacuumMem have been renamed to work_mem and maintenance_work_mem to better reflect their use. The original names are still supported in SET and SHOW. Server configuration parameters log_pid, log_timestamp, and log_source_port have been replaced with a more general parameter log_line_prefix. Server configuration parameter syslog has been replaced with a more logical log_destination variable to control the log output destination. Server configuration parameter log_statement has been changed so it can selectively log just database modification or data definition statements. Server configuration parameter log_duration now prints only when log_statement prints the query. Server configuration parameter max_expr_depth parameter has been replaced with max_stack_depth which measures the physical stack size rather than the expression nesting depth. This helps prevent session termination due to stack overflow caused by recursive functions. The length() function no longer counts trailing spaces in CHAR(n) values. Casting an integer to BIT(N) selects the rightmost N bits of the integer, not the leftmost N bits as before. Updating an element or slice of a NULL array value now produces a nonnull array result, namely an array containing just the assigned-to positions. Syntax checking of array input values has been tightened up considerably. Junk that was previously allowed in odd places with odd results now causes an error. Empty-string element values must now be written as "", rather than writing nothing. Also changed behavior with respect to whitespace surrounding array elements: trailing whitespace is now ignored, for symmetry with leading whitespace (which has always been ignored). Overflow in integer arithmetic operations is now detected and reported as an error. The arithmetic operators associated with the single-byte "char" data type have been removed. The extract() function (also called date_part) now returns the proper year for BC dates. It previously returned one less than the correct year. The function now also returns the proper values for millennium and century. CIDR values now must have their nonmasked bits be zero. For example, we no longer allow 204.248.199.1/31 as a CIDR value. Such values should never have been accepted by PostgreSQL and will now be rejected. EXECUTE now returns a completion tag that matches the executed statement. psql's \copy command now reads or writes to the query's stdin/stdout, rather than psql's stdin/stdout. The previous behavior can be accessed via new pstdin/pstdout parameters. The JDBC client interface has been removed from the core distribution, and is now hosted at . The Tcl client interface has also been removed. There are several Tcl interfaces now hosted at . The server now uses its own time zone database, rather than the one supplied by the operating system. This will provide consistent behavior across all platforms. In most cases, there should be little noticeable difference in time zone behavior, except that the time zone names used by SET/SHOW TimeZone might be different from what your platform provides. Configure's threading option no longer requires users to run tests or edit configuration files; threading options are now detected automatically. Now that tablespaces have been implemented, initlocation has been removed. The API for user-defined GiST indexes has been changed. The Union and PickSplit methods are now passed a pointer to a special GistEntryVector structure, rather than a bytea. Some aspects of PostgreSQL's behavior have been determined to be suboptimal. For the sake of backward compatibility these have not been removed in 8.0, but they are considered deprecated and will be removed in the next major release. The 8.1 release will remove the to_char() function for intervals. The server now warns of empty strings passed to oid/float4/float8 data types, but continues to interpret them as zeroes as before. In the next major release, empty strings will be considered invalid input for these data types. By default, tables in PostgreSQL 8.0 and earlier are created with OIDs. In the next release, this will not be the case: to create a table that contains OIDs, the WITH OIDS clause must be specified or the default_with_oids configuration parameter must be set. Users are encouraged to explicitly specify WITH OIDS if their tables require OIDs for compatibility with future releases of PostgreSQL. Below you will find a detailed account of the changes between release 8.0 and the previous major release. Support cross-data-type index usage (Tom) Before this change, many queries would not use an index if the data types did not match exactly. This improvement makes index usage more intuitive and consistent. New buffer replacement strategy that improves caching (Jan) Prior releases used a least-recently-used (LRU) cache to keep recently referenced pages in memory. The LRU algorithm did not consider the number of times a specific cache entry was accessed, so large table scans could force out useful cache pages. The new cache algorithm uses four separate lists to track most recently used and most frequently used cache pages and dynamically optimize their replacement based on the work load. This should lead to much more efficient use of the shared buffer cache. Administrators who have tested shared buffer sizes in the past should retest with this new cache replacement policy. Add subprocess to write dirty buffers periodically to reduce checkpoint writes (Jan) In previous releases, the checkpoint process, which runs every few minutes, would write all dirty buffers to the operating system's buffer cache then flush all dirty operating system buffers to disk. This resulted in a periodic spike in disk usage that often hurt performance. The new code uses a background writer to trickle disk writes at a steady pace so checkpoints have far fewer dirty pages to write to disk. Also, the new code does not issue a global sync() call, but instead fsync()s just the files written since the last checkpoint. This should improve performance and minimize degradation during checkpoints. Add ability to prolong vacuum to reduce performance impact (Jan) On busy systems, VACUUM performs many I/O requests which can hurt performance for other users. This release allows you to slow down VACUUM to reduce its impact on other users, though this increases the total duration of VACUUM. Improve B-tree index performance for duplicate keys (Dmitry Tkach, Tom) This improves the way indexes are scanned when many duplicate values exist in the index. Use dynamically-generated table size estimates while planning (Tom) Formerly the planner estimated table sizes using the values seen by the last VACUUM or ANALYZE, both as to physical table size (number of pages) and number of rows. Now, the current physical table size is obtained from the kernel, and the number of rows is estimated by multiplying the table size by the row density (rows per page) seen by the last VACUUM or ANALYZE. This should produce more reliable estimates in cases where the table size has changed significantly since the last housekeeping command. Improved index usage with OR clauses (Tom) This allows the optimizer to use indexes in statements with many OR clauses that would not have been indexed in the past. It can also use multi-column indexes where the first column is specified and the second column is part of an OR clause. Improve matching of partial index clauses (Tom) The server is now smarter about using partial indexes in queries involving complex WHERE clauses. Improve performance of the GEQO optimizer (Tom) The GEQO optimizer is used to plan queries involving many tables (by default, twelve or more). This release speeds up the way queries are analyzed to decrease time spent in optimization. Miscellaneous optimizer improvements There is not room here to list all the minor improvements made, but numerous special cases work better than in prior releases. Improve lookup speed for C functions (Tom) This release uses a hash table to lookup information for dynamically loaded C functions. This improves their speed so they perform nearly as quickly as functions that are built into the server executable. Add type-specific ANALYZE statistics capability (Mark Cave-Ayland) This feature allows more flexibility in generating statistics for nonstandard data types. ANALYZE now collects statistics for expression indexes (Tom) Expression indexes (also called functional indexes) allow users to index not just columns but the results of expressions and function calls. With this release, the optimizer can gather and use statistics about the contents of expression indexes. This will greatly improve the quality of planning for queries in which an expression index is relevant. New two-stage sampling method for ANALYZE (Manfred Koizar) This gives better statistics when the density of valid rows is very different in different regions of a table. Speed up TRUNCATE (Tom) This buys back some of the performance loss observed in 7.4, while still keeping TRUNCATE transaction-safe. Add WAL file archiving and point-in-time recovery (Simon Riggs) Add tablespaces so admins can control disk layout (Gavin) Add a built-in log rotation program (Andreas Pflug) It is now possible to log server messages conveniently without relying on either syslog or an external log rotation program. Add new read-only server configuration parameters to show server compile-time settings: block_size, integer_datetimes, max_function_args, max_identifier_length, max_index_keys (Joe) Make quoting of sameuser, samegroup, and all remove special meaning of these terms in pg_hba.conf (Andrew) Use clearer IPv6 name ::1/128 for localhost in default pg_hba.conf (Andrew) Use CIDR format in pg_hba.conf examples (Andrew) Rename server configuration parameters SortMem and VacuumMem to work_mem and maintenance_work_mem (Old names still supported) (Tom) This change was made to clarify that bulk operations such as index and foreign key creation use maintenance_work_mem, while work_mem is for workspaces used during query execution. Allow logging of session disconnections using server configuration log_disconnections (Andrew) Add new server configuration parameter log_line_prefix to allow control of information emitted in each log line (Andrew) Available information includes user name, database name, remote IP address, and session start time. Remove server configuration parameters log_pid, log_timestamp, log_source_port; functionality superseded by log_line_prefix (Andrew) Replace the virtual_host and tcpip_socket parameters with a unified listen_addresses parameter (Andrew, Tom) virtual_host could only specify a single IP address to listen on. listen_addresses allows multiple addresses to be specified. Listen on localhost by default, which eliminates the need for the -i postmaster switch in many scenarios (Andrew) Listening on localhost (127.0.0.1) opens no new security holes but allows configurations like Windows and JDBC, which do not support local sockets, to work without special adjustments. Remove syslog server configuration parameter, and add more logical log_destination variable to control log output location (Magnus) Change server configuration parameter log_statement to take values all, mod, ddl, or none to select which queries are logged (Bruce) This allows administrators to log only data definition changes or only data modification statements. Some logging-related configuration parameters could formerly be adjusted by ordinary users, but only in the more verbose direction. They are now treated more strictly: only superusers can set them. However, a superuser can use ALTER USER to provide per-user settings of these values for non-superusers. Also, it is now possible for superusers to set values of superuser-only configuration parameters via PGOPTIONS. Allow configuration files to be placed outside the data directory (mlw) By default, configuration files are kept in the cluster's top directory. With this addition, configuration files can be placed outside the data directory, easing administration. Plan prepared queries only when first executed so constants can be used for statistics (Oliver Jowett) Prepared statements plan queries once and execute them many times. While prepared queries avoid the overhead of re-planning on each use, the quality of the plan suffers from not knowing the exact parameters to be used in the query. In this release, planning of unnamed prepared statements is delayed until the first execution, and the actual parameter values of that execution are used as optimization hints. This allows use of out-of-line parameter passing without incurring a performance penalty. Allow DECLARE CURSOR to take parameters (Oliver Jowett) It is now useful to issue DECLARE CURSOR in a Parse message with parameters. The parameter values sent at Bind time will be substituted into the execution of the cursor's query. Fix hash joins and aggregates of inet and cidr data types (Tom) Release 7.4 handled hashing of mixed inet and cidr values incorrectly. (This bug did not exist in prior releases because they wouldn't try to hash either data type.) Make log_duration print only when log_statement prints the query (Ed L.) Add savepoints (nested transactions) (Alvaro) Unsupported isolation levels are now accepted and promoted to the nearest supported level (Peter) The SQL specification states that if a database doesn't support a specific isolation level, it should use the next more restrictive level. This change complies with that recommendation. Allow BEGIN WORK to specify transaction isolation levels like START TRANSACTION does (Bruce) Fix table permission checking for cases in which rules generate a query type different from the originally submitted query (Tom) Implement dollar quoting to simplify single-quote usage (Andrew, Tom, David Fetter) In previous releases, because single quotes had to be used to quote a function's body, the use of single quotes inside the function text required use of two single quotes or other error-prone notations. With this release we add the ability to use "dollar quoting" to quote a block of text. The ability to use different quoting delimiters at different nesting levels greatly simplifies the task of quoting correctly, especially in complex functions. Dollar quoting can be used anywhere quoted text is needed. Make CASE val WHEN compval1 THEN ... evaluate val only once (Tom) CASE no longer evaluates the tested expression multiple times. This has benefits when the expression is complex or is volatile. Test HAVING before computing target list of an aggregate query (Tom) Fixes improper failure of cases such as SELECT SUM(win)/SUM(lose) ... GROUP BY ... HAVING SUM(lose) > 0. This should work but formerly could fail with divide-by-zero. Replace max_expr_depth parameter with max_stack_depth parameter, measured in kilobytes of stack size (Tom) This gives us a fairly bulletproof defense against crashing due to runaway recursive functions. Instead of measuring the depth of expression nesting, we now directly measure the size of the execution stack. Allow arbitrary row expressions (Tom) This release allows SQL expressions to contain arbitrary composite types, that is, row values. It also allows functions to more easily take rows as arguments and return row values. Allow LIKE/ILIKE to be used as the operator in row and subselect comparisons (Fabien Coelho) Avoid locale-specific case conversion of basic ASCII letters in identifiers and keywords (Tom) This solves the Turkish problem with mangling of words containing I and i. Folding of characters outside the 7-bit-ASCII set is still locale-aware. Improve syntax error reporting (Fabien, Tom) Syntax error reports are more useful than before. Change EXECUTE to return a completion tag matching the executed statement (Kris Jurka) Previous releases return an EXECUTE tag for any EXECUTE call. In this release, the tag returned will reflect the command executed. Avoid emitting NATURAL CROSS JOIN in rule listings (Tom) Such a clause makes no logical sense, but in some cases the rule decompiler formerly produced this syntax. Add COMMENT ON for casts, conversions, languages, operator classes, and large objects (Christopher) Add new server configuration parameter default_with_oids to control whether tables are created with OIDs by default (Neil) This allows administrators to control whether CREATE TABLE commands create tables with or without OID columns by default. (Note: the current factory default setting for default_with_oids is TRUE, but the default will become FALSE in future releases.) Add WITH / WITHOUT OIDS clause to CREATE TABLE AS (Neil) Allow ALTER TABLE DROP COLUMN to drop an OID column (ALTER TABLE SET WITHOUT OIDS still works) (Tom) Allow composite types as table columns (Tom) Allow ALTER ... ADD COLUMN with defaults and NOT NULL constraints; works per SQL spec (Rod) It is now possible for ADD COLUMN to create a column that is not initially filled with NULLs, but with a specified default value. Add ALTER COLUMN TYPE to change column's type (Rod) It is now possible to alter a column's data type without dropping and re-adding the column. Allow multiple ALTER actions in a single ALTER TABLE command (Rod) This is particularly useful for ALTER commands that rewrite the table (which include ALTER COLUMN TYPE and ADD COLUMN with a default). By grouping ALTER commands together, the table need be rewritten only once. Allow ALTER TABLE to add SERIAL columns (Tom) This falls out from the new capability of specifying defaults for new columns. Allow changing the owners of aggregates, conversions, databases, functions, operators, operator classes, schemas, types, and tablespaces (Christopher, Euler Taveira de Oliveira) Previously this required modifying the system tables directly. Allow temporary object creation to be limited to SECURITY DEFINER functions (Sean Chittenden) Add ALTER TABLE ... SET WITHOUT CLUSTER (Christopher) Prior to this release, there was no way to clear an auto-cluster specification except to modify the system tables. Constraint/Index/SERIAL names are now table_column_type with numbers appended to guarantee uniqueness within the schema (Tom) The SQL specification states that such names should be unique within a schema. Add pg_get_serial_sequence() to return a SERIAL column's sequence name (Christopher) This allows automated scripts to reliably find the SERIAL sequence name. Warn when primary/foreign key data type mismatch requires costly lookup New ALTER INDEX command to allow moving of indexes between tablespaces (Gavin) Make ALTER TABLE OWNER change dependent sequence ownership too (Alvaro) Allow CREATE SCHEMA to create triggers, indexes, and sequences (Neil) Add ALSO keyword to CREATE RULE (Fabien Coelho) This allows ALSO to be added to rule creation to contrast it with INSTEAD rules. Add NOWAIT option to LOCK (Tatsuo) This allows the LOCK command to fail if it would have to wait for the requested lock. Allow COPY to read and write comma-separated-value (CSV) files (Andrew, Bruce) Generate error if the COPY delimiter and NULL string conflict (Bruce) GRANT/REVOKE behavior follows the SQL spec more closely Avoid locking conflict between CREATE INDEX and CHECKPOINT (Tom) In 7.3 and 7.4, a long-running B-tree index build could block concurrent CHECKPOINTs from completing, thereby causing WAL bloat because the WAL log could not be recycled. Database-wide ANALYZE does not hold locks across tables (Tom) This reduces the potential for deadlocks against other backends that want exclusive locks on tables. To get the benefit of this change, do not execute database-wide ANALYZE inside a transaction block (BEGIN block); it must be able to commit and start a new transaction for each table. REINDEX does not exclusively lock the index's parent table anymore The index itself is still exclusively locked, but readers of the table can continue if they are not using the particular index being rebuilt. Erase MD5 user passwords when a user is renamed (Bruce) PostgreSQL uses the user name as salt when encrypting passwords via MD5. When a user's name is changed, the salt will no longer match the stored MD5 password, so the stored password becomes useless. In this release a notice is generated and the password is cleared. A new password must then be assigned if the user is to be able to log in with a password. New pg_ctl kill option for Windows (Andrew) Windows does not have a kill command to send signals to backends so this capability was added to pg_ctl. Information schema improvements Add --pwfile option to initdb so the initial password can be set by GUI tools (Magnus) Detect locale/encoding mismatch in initdb (Peter) Add register command to pg_ctl to register Windows operating system service (Dave Page) More complete support for composite types (row types) (Tom) Composite values can be used in many places where only scalar values worked before. Reject nonrectangular array values as erroneous (Joe) Formerly, array_in would silently build a surprising result. Overflow in integer arithmetic operations is now detected (Tom) The arithmetic operators associated with the single-byte "char" data type have been removed. Formerly, the parser would select these operators in many situations where an unable to select an operator error would be more appropriate, such as null * null. If you actually want to do arithmetic on a "char" column, you can cast it to integer explicitly. Syntax checking of array input values considerably tightened up (Joe) Junk that was previously allowed in odd places with odd results now causes an ERROR, for example, non-whitespace after the closing right brace. Empty-string array element values must now be written as "", rather than writing nothing (Joe) Formerly, both ways of writing an empty-string element value were allowed, but now a quoted empty string is required. The case where nothing at all appears will probably be considered to be a NULL element value in some future release. Array element trailing whitespace is now ignored (Joe) Formerly leading whitespace was ignored, but trailing whitespace between an element value and the delimiter or right brace was significant. Now trailing whitespace is also ignored. Emit array values with explicit array bounds when lower bound is not one (Joe) Accept YYYY-monthname-DD as a date string (Tom) Make netmask and hostmask functions return maximum-length mask length (Tom) Change factorial function to return numeric (Gavin) Returning numeric allows the factorial function to work for a wider range of input values. to_char/to_date() date conversion improvements (Kurt Roeckx, Fabien Coelho) Make length() disregard trailing spaces in CHAR(n) (Gavin) This change was made to improve consistency: trailing spaces are semantically insignificant in CHAR(n) data, so they should not be counted by length(). Warn about empty string being passed to OID/float4/float8 data types (Neil) 8.1 will throw an error instead. Allow leading or trailing whitespace in int2/int4/int8/float4/float8 input routines (Neil) Better support for IEEE Infinity and NaN values in float4/float8 (Neil) These should now work on all platforms that support IEEE-compliant floating point arithmetic. Add week option to date_trunc() (Robert Creager) Fix to_char for 1 BC (previously it returned 1 AD) (Bruce) Fix date_part(year) for BC dates (previously it returned one less than the correct year) (Bruce) Fix date_part() to return the proper millennium and century (Fabien Coelho) In previous versions, the century and millennium results had a wrong number and started in the wrong year, as compared to standard reckoning of such things. Add ceiling() as an alias for ceil(), and power() as an alias for pow() for standards compliance (Neil) Change ln(), log(), power(), and sqrt() to emit the correct SQLSTATE error codes for certain error conditions, as specified by SQL:2003 (Neil) Add width_bucket() function as defined by SQL:2003 (Neil) Add generate_series() functions to simplify working with numeric sets (Joe) Fix upper/lower/initcap() functions to work with multibyte encodings (Tom) Add boolean and bitwise integer AND/OR aggregates (Fabien Coelho) New session information functions to return network addresses for client and server (Sean Chittenden) Add function to determine the area of a closed path (Sean Chittenden) Add function to send cancel request to other backends (Magnus) Add interval plus datetime operators (Tom) The reverse ordering, datetime plus interval, was already supported, but both are required by the SQL standard. Casting an integer to BIT(N) selects the rightmost N bits of the integer (Tom) In prior releases, the leftmost N bits were selected, but this was deemed unhelpful, not to mention inconsistent with casting from bit to int. Require CIDR values to have all nonmasked bits be zero (Kevin Brintnall) In READ COMMITTED serialization mode, volatile functions now see the results of concurrent transactions committed up to the beginning of each statement within the function, rather than up to the beginning of the interactive command that called the function. Functions declared STABLE or IMMUTABLE always use the snapshot of the calling query, and therefore do not see the effects of actions taken after the calling query starts, whether in their own transaction or other transactions. Such a function must be read-only, too, meaning that it cannot use any SQL commands other than SELECT. There is a considerable performance gain from declaring a function STABLE or IMMUTABLE rather than VOLATILE. Nondeferred AFTER triggers are now fired immediately after completion of the triggering query, rather than upon finishing the current interactive command. This makes a difference when the triggering query occurred within a function: the trigger is invoked before the function proceeds to its next operation. For example, if a function inserts a new row into a table, any nondeferred foreign key checks occur before proceeding with the function. Allow function parameters to be declared with names (Dennis Björklund) This allows better documentation of functions. Whether the names actually do anything depends on the specific function language being used. Allow PL/pgSQL parameter names to be referenced in the function (Dennis Björklund) This basically creates an automatic alias for each named parameter. Do minimal syntax checking of PL/pgSQL functions at creation time (Tom) This allows us to catch simple syntax errors sooner. More support for composite types (row and record variables) in PL/pgSQL For example, it now works to pass a rowtype variable to another function as a single variable. Default values for PL/pgSQL variables can now reference previously declared variables Improve parsing of PL/pgSQL FOR loops (Tom) Parsing is now driven by presence of ".." rather than data type of FOR variable. This makes no difference for correct functions, but should result in more understandable error messages when a mistake is made. Major overhaul of PL/Perl server-side language (Command Prompt, Andrew Dunstan) In PL/Tcl, SPI commands are now run in subtransactions. If an error occurs, the subtransaction is cleaned up and the error is reported as an ordinary Tcl error, which can be trapped with catch. Formerly, it was not possible to catch such errors. Accept ELSEIF in PL/pgSQL (Neil) Previously PL/pgSQL only allowed ELSIF, but many people are accustomed to spelling this keyword ELSEIF. Improve psql information display about database objects (Christopher) Allow psql to display group membership in \du and \dg (Markus Bertheau) Prevent psql \dn from showing temporary schemas (Bruce) Allow psql to handle tilde user expansion for file names (Zach Irmen) Allow psql to display fancy prompts, including color, via readline (Reece Hart, Chet Ramey) Make psql \copy match COPY command syntax fully (Tom) Show the location of syntax errors (Fabien Coelho, Tom) Add CLUSTER information to psql \d display (Bruce) Change psql \copy stdin/stdout to read from command input/output (Bruce) Add pstdin/pstdout to read from psql's stdin/stdout (Mark Feit) Add global psql configuration file, psqlrc.sample (Bruce) This allows a central file where global psql startup commands can be stored. Have psql \d+ indicate if the table has an OID column (Neil) On Windows, use binary mode in psql when reading files so control-Z is not seen as end-of-file Have \dn+ show permissions and description for schemas (Dennis Björklund) Improve tab completion support (Stefan Kaltenbrunn, Greg Sabino Mullane) Allow boolean settings to be set using upper or lower case (Michael Paesold) Use dependency information to improve the reliability of pg_dump (Tom) This should solve the longstanding problems with related objects sometimes being dumped in the wrong order. Have pg_dump output objects in alphabetical order if possible (Tom) This should make it easier to identify changes between dump files. Allow pg_restore to ignore some SQL errors (Fabien Coelho) This makes pg_restore's behavior similar to the results of feeding a pg_dump output script to psql. In most cases, ignoring errors and plowing ahead is the most useful thing to do. Also added was a pg_restore option to give the old behavior of exiting on an error. pg_restore -l display now includes objects' schema names New begin/end markers in pg_dump text output (Bruce) Add start/stop times for pg_dump/pg_dumpall in verbose mode (Bruce) Allow most pg_dump options in pg_dumpall (Christopher) Have pg_dump use ALTER OWNER rather than SET SESSION AUTHORIZATION by default (Christopher) Make libpq's SIGPIPE handling thread-safe (Bruce) Add PQmbdsplen() which returns the display length of a character (Tatsuo) Add thread locking to SSL and Kerberos connections (Manfred Spraul) Allow PQoidValue(), PQcmdTuples(), and PQoidStatus() to work on EXECUTE commands (Neil) Add PQserverVersion() to provide more convenient access to the server version number (Greg Sabino Mullane) Add PQprepare/PQsendPrepared() functions to support preparing statements without necessarily specifying the data types of their parameters (Abhijit Menon-Sen) Many ECPG improvements, including SET DESCRIPTOR (Michael) Allow the database server to run natively on Windows (Claudio, Magnus, Andrew) Shell script commands converted to C versions for Windows support (Andrew) Create an extension makefile framework (Fabien Coelho, Peter) This simplifies the task of building extensions outside the original source tree. Support relocatable installations (Bruce) Directory paths for installed files (such as the /share directory) are now computed relative to the actual location of the executables, so that an installation tree can be moved to another place without reconfiguring and rebuilding. Use --with-docdir to choose installation location of documentation; also allow --infodir (Peter) Add --without-docdir to prevent installation of documentation (Peter) Upgrade to DocBook V4.2 SGML (Peter) New PostgreSQL CVS tag (Marc) This was done to make it easier for organizations to manage their own copies of the PostgreSQL CVS repository. File version stamps from the master repository will not get munged by checking into or out of a copied repository. Clarify locking code (Manfred Koizar) Buffer manager cleanup (Neil) Decouple platform tests from CPU spinlock code (Bruce, Tom) Add inlined test-and-set code on PA-RISC for gcc (ViSolve, Tom) Improve i386 spinlock code (Manfred Spraul) Clean up spinlock assembly code to avoid warnings from newer gcc releases (Tom) Remove JDBC from source tree; now a separate project Remove the libpgtcl client interface; now a separate project More accurately estimate memory and file descriptor usage (Tom) Improvements to the macOS startup scripts (Ray A.) New fsync() test program (Bruce) Major documentation improvements (Neil, Peter) Remove pg_encoding; not needed anymore Remove pg_id; not needed anymore Remove initlocation; not needed anymore Auto-detect thread flags (no more manual testing) (Bruce) Use Olson's public domain timezone library (Magnus) With threading enabled, use thread flags on Unixware for backend executables too (Bruce) Unixware cannot mix threaded and nonthreaded object files in the same executable, so everything must be compiled as threaded. psql now uses a flex-generated lexical analyzer to process command strings Reimplement the linked list data structure used throughout the backend (Neil) This improves performance by allowing list append and length operations to be more efficient. Allow dynamically loaded modules to create their own server configuration parameters (Thomas Hallgren) New Brazilian version of FAQ (Euler Taveira de Oliveira) Add French FAQ (Guillaume Lelarge) New pgevent for Windows logging Make libpq and ECPG build as proper shared libraries on macOS (Tom) Overhaul of contrib/dblink (Joe) contrib/dbmirror improvements (Steven Singer) New contrib/xml2 (John Gray, Torchbox) Updated contrib/mysql New version of contrib/btree_gist (Teodor) New contrib/trgm, trigram matching for PostgreSQL (Teodor) Many contrib/tsearch2 improvements (Teodor) Add double metaphone to contrib/fuzzystrmatch (Andrew) Allow contrib/pg_autovacuum to run as a Windows service (Dave Page) Add functions to contrib/dbsize (Andreas Pflug) Removed contrib/pg_logger: obsoleted by integrated logging subprocess Removed contrib/rserv: obsoleted by various separate projects