From 848e2c6abc941267a4b2eb00a57c34ef3165ffb3 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 16 Feb 2025 14:20:33 -0500 Subject: [PATCH] Release notes for 17.4, 16.8, 15.12, 14.17, 13.20. --- doc/src/sgml/release-17.sgml | 117 +++++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) diff --git a/doc/src/sgml/release-17.sgml b/doc/src/sgml/release-17.sgml index 755ecd9d569..2f1bed2e290 100644 --- a/doc/src/sgml/release-17.sgml +++ b/doc/src/sgml/release-17.sgml @@ -1,6 +1,123 @@ + + Release 17.4 + + + Release date: + 2025-02-20 + + + + This release contains a few fixes from 17.3. + For information about new features in major release 17, see + . + + + + Migration to Version 17.4 + + + A dump/restore is not required for those running 17.X. + + + + However, if you are upgrading from a version earlier than 17.1, + see . + + + + + Changes + + + + + + + Improve behavior of libpq's quoting + functions (Andres Freund, Tom Lane) + § + § + § + + + + The changes made for CVE-2025-1094 had one serious oversight: + PQescapeLiteral() + and PQescapeIdentifier() failed to honor their + string length parameter, instead always reading to the input + string's trailing null. This resulted in including unwanted text in + the output, if the caller intended to truncate the string via the + length parameter. With very bad luck it could cause a crash due to + reading off the end of memory. + + + + In addition, modify all these quoting functions so that when invalid + encoding is detected, an invalid sequence is substituted for just + the first byte of the presumed character, not all of it. This + reduces the risk of problems if a calling application performs + additional processing on the quoted string. + + + + + + + Fix small memory leak + in pg_createsubscriber (Ranier Vilela) + § + + + + + + + Fix meson build system to correctly detect availability of + the bsd_auth.h system header + (Nazir Bilal Yavuz) + § + + + + + + + + Release 17.3 -- 2.39.5