| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2007-02-02 | Stamp release 7.4.16.REL7_4_16 | Tom Lane | |
| Security: CVE-2007-0555, CVE-2007-0556 | |||
| 2007-02-02 | Update release notes for security-related releases in all active branches. | Tom Lane | |
| Security: CVE-2007-0555, CVE-2007-0556 | |||
| 2007-01-06 | Fix markup because older releases couldn't link to the reference section. | Bruce Momjian | |
| 2007-01-06 | Remove extra character added to top. | Bruce Momjian | |
| 2007-01-06 | Fix markup because lc_numeric didn't have an SGML tag in this release. | Bruce Momjian | |
| 2007-01-05 | Minor copy-editing for release note updates. | Tom Lane | |
| 2007-01-05 | Stamp release 7.4.15. | Bruce Momjian | |
| 2007-01-05 | Create release notes for 7.4.15. | Bruce Momjian | |
| 2006-10-11 | A bit of copy-editing on back-branch release notes. | Tom Lane | |
| 2006-10-09 | Stamp releases 7.3.16, 7.4.14, 8.0.9, and 8.1.5. | Bruce Momjian | |
| 2006-10-09 | Update release notes for releases 7.3.16, 7.4.14, 8.0.9, and 8.1.5. | Bruce Momjian | |
| 2006-10-01 | date_trunc also accepts 'quarter'. Noted by Yoshihisa Nakano. | Tom Lane | |
| 2006-07-31 | Fix confusion between COPY FROM and COPY TO, per Gavin Sharry and Arul Shaji. | Alvaro Herrera | |
| 2006-05-22 | Costmetic fix for bug template version stamp. | Bruce Momjian | |
| 2006-05-21 | Update release notes for upcoming releases. | Tom Lane | |
| 2006-05-21 | Stamp releases 7.3.15, 7.4.13, and 8.0.8. | Bruce Momjian | |
| 2006-05-21 | Modify libpq's string-escaping routines to be aware of encoding considerations | Tom Lane | |
| and standard_conforming_strings. The encoding changes are needed for proper escaping in multibyte encodings, as per the SQL-injection vulnerabilities noted in CVE-2006-2313 and CVE-2006-2314. Concurrent fixes are being applied to the server to ensure that it rejects queries that may have been corrupted by attempted SQL injection, but this merely guarantees that unpatched clients will fail rather than allow injection. An actual fix requires changing the client-side code. While at it we have also fixed these routines to understand about standard_conforming_strings, so that the upcoming changeover to SQL-spec string syntax can be somewhat transparent to client code. Since the existing API of PQescapeString and PQescapeBytea provides no way to inform them which settings are in use, these functions are now deprecated in favor of new functions PQescapeStringConn and PQescapeByteaConn. The new functions take the PGconn to which the string will be sent as an additional parameter, and look inside the connection structure to determine what to do. So as to provide some functionality for clients using the old functions, libpq stores the latest encoding and standard_conforming_strings values received from the backend in static variables, and the old functions consult these variables. This will work reliably in clients using only one Postgres connection at a time, or even multiple connections if they all use the same encoding and string syntax settings; which should cover many practical scenarios. Clients that use homebrew escaping methods, such as PHP's addslashes() function or even hardwired regexp substitution, will require extra effort to fix :-(. It is strongly recommended that such code be replaced by use of PQescapeStringConn/PQescapeByteaConn if at all feasible. | |||
| 2006-05-21 | Add a new GUC parameter backslash_quote, which determines whether the SQL | Tom Lane | |
| parser will allow "\'" to be used to represent a literal quote mark. The "\'" representation has been deprecated for some time in favor of the SQL-standard representation "''" (two single quote marks), but it has been used often enough that just disallowing it immediately won't do. Hence backslash_quote allows the settings "on", "off", and "safe_encoding", the last meaning to allow "\'" only if client_encoding is a valid server encoding. That is now the default, and the reason is that in encodings such as SJIS that allow 0x5c (ASCII backslash) to be the last byte of a multibyte character, accepting "\'" allows SQL-injection attacks as per CVE-2006-2314 (further details will be published after release). The "on" setting is available for backward compatibility, but it must not be used with clients that are exposed to untrusted input. Thanks to Akio Ishida and Yasuo Ohgaki for identifying this security issue. | |||
| 2006-02-12 | Update release notes. | Tom Lane | |
| 2006-02-12 | Update FAQ latest version | Bruce Momjian | |
| 2006-02-12 | Stamp releases for 2006-02-14 release | Bruce Momjian | |
| 2006-02-12 | Update release notes for 2006-02-14 release | Bruce Momjian | |
| 2006-01-06 | Release-note updates and copy editing.REL7_4_11 | Tom Lane | |
| 2006-01-05 | New pgcrypto item wording. | Bruce Momjian | |
| 2006-01-05 | Wording improvements. | Bruce Momjian | |
| 2006-01-05 | Improve markup. | Bruce Momjian | |
| 2006-01-05 | *** empty log message *** | Bruce Momjian | |
| 2006-01-05 | Stamp release 7.4.11. | Bruce Momjian | |
| 2005-12-09 | Stamp 7.4.10. | Tom Lane | |
| 2005-12-09 | Add release notes for back branches (7.3 and up). | Tom Lane | |
| Also minor improvements to 8.1.1 release notes. | |||
| 2005-12-08 | Documentation fix: s/event_object_name/event_object_table/g | Peter Eisentraut | |
| 2005-11-16 | Properly document return value of strpos(). | Bruce Momjian | |
| 2005-10-03 | COPY's test for read-only transaction was backward; it prohibited COPY TOREL7_4_9 | Tom Lane | |
| where it should prohibit COPY FROM. Found by Alon Goldshuv. | |||
| 2005-10-03 | Stamp release 7.4.9. | Tom Lane | |
| 2005-10-03 | Update release notes for pending back-branch releases. | Tom Lane | |
| 2005-09-12 | Fix a mistake in the documentation for SPI_getbinval(), per Michael Fuhr. | Neil Conway | |
| 2005-06-09 | Repair error in description of nonblocking usage of PQgetCopyData(). | Tom Lane | |
| Per Volkan Yazici. | |||
| 2005-05-09 | Update release notes for upcoming re-releases.REL7_4_8 | Tom Lane | |
| 2005-05-05 | Stamp release 7.4.8. | Tom Lane | |
| 2005-05-03 | Alter the signature for encoding conversion functions to declare the | Tom Lane | |
| output area as INTERNAL not CSTRING. This is to prevent people from calling the functions by hand. This is a permanent solution for the back branches but I hope it is just a stopgap for HEAD. | |||
| 2005-02-22 | Document that only a table's owner may TRUNCATE it. Per Keith Worthington. | Tom Lane | |
| 2005-01-30 | Recommend security@postgresql.org as the contact point for security-related ↵REL7_4_7 | Tom Lane | |
| bugs. | |||
| 2005-01-30 | Stamp release 7.4.7. | Tom Lane | |
| 2005-01-29 | We haven't had a fixed limit on rule recursion depth since 7.3 ... | Tom Lane | |
| but the documentation still said so. | |||
| 2004-10-22 | Stamp release 7.4.6.REL7_4_6 | Tom Lane | |
| 2004-10-21 | Update obsolete comments about COPY vs INSERT options, per Uwe Schroeder. | Tom Lane | |
| 2004-09-18 | Put the brackets in the right places in timestamp entries in table 8-1. | Tom Lane | |
| Spotted by Josh Purinton. | |||
| 2004-09-13 | Due to popular domand, backport fix for a typo in the SELECT reference | Neil Conway | |
| page, per Thomas F. O'Connell. | |||
| 2004-09-11 | Fix bogus example for bit-string XOR (already fixed in HEAD). | Tom Lane | |
| Per Grzegorz Wojdyla. | |||
| 2004-08-18 | Brand 7.4.5 ... now that was our shortest-lived release ever ...REL7_4_5 | Tom Lane | |
 |
index : postgresql.git | |
| This is the main PostgreSQL git repository. | git repository user |
| summaryrefslogtreecommitdiff |