Last-minute updates for release notes.

Security: CVE-2021-3393, CVE-2021-20229

diff --git a/doc/src/sgml/release-12.sgml b/doc/src/sgml/release-12.sgml
index 2fcd00411886d860f11708da276ffccfb0a48715..142f2721c81ba37cce2106be2f0be159939dca45 100644 (file)
--- a/doc/src/sgml/release-12.sgml
+++ b/doc/src/sgml/release-12.sgml
@@ -23,7 +23,7 @@
    </para>
 
    <para>
-    However, see the first two changelog items below,
+    However, see the second and third changelog items below,
     which describe cases in which reindexing indexes after the upgrade
     may be advisable.
    </para>
@@ -42,6 +42,30 @@
     <listitem>
 <!--
 Author: Heikki Linnakangas <heikki.linnakangas@iki.fi>
+Branch: master [6214e2b22] 2021-02-08 11:01:51 +0200
+Branch: REL_13_STABLE [8e56684d5] 2021-02-08 11:01:55 +0200
+Branch: REL_12_STABLE [f50e88899] 2021-02-08 11:01:55 +0200
+Branch: REL_11_STABLE [cb5868cc1] 2021-02-08 11:01:55 +0200
+-->
+     <para>
+      Fix information leakage in constraint-violation error messages
+      (Heikki Linnakangas)
+     </para>
+
+     <para>
+      If an <command>UPDATE</command> command attempts to move a row to a
+      different partition but finds that it violates some constraint on
+      the new partition, and the columns in that partition are in
+      different physical positions than in the parent table, the error
+      message could reveal the contents of columns that the user does not
+      have <literal>SELECT</literal> privilege on.
+      (CVE-2021-3393)
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
+Author: Heikki Linnakangas <heikki.linnakangas@iki.fi>
 Branch: master [6b4d3046f] 2021-01-20 11:58:03 +0200
 Branch: REL_13_STABLE [b8403d140] 2021-01-20 11:58:25 +0200
 Branch: REL_12_STABLE [0326635dd] 2021-01-20 11:58:27 +0200