Revisions

Reported-by: Noah Misch <noah@leadboat.com>

diff --git a/update_releases/current/20250213securityrelease.md b/update_releases/current/20250213securityrelease.md
index 6e4052aa252bef1676bab1eee5bc77358bb8df95..503f719d7e0bcb7f807ad765663a0f78ce867796 100644 (file)
--- a/update_releases/current/20250213securityrelease.md
+++ b/update_releases/current/20250213securityrelease.md
@@ -1,6 +1,6 @@
 The PostgreSQL Global Development Group has released an update to all supported
 versions of PostgreSQL, including 17.3, 16.7, 15.11, 14.16, and 13.19.
-This release fixes 1 security vulnerabilities and over 70 bugs reported over the
+This release fixes 1 security vulnerability and over 70 bugs reported over the
 last several months.
 
 For the full list of changes, please review the
@@ -22,7 +22,8 @@ injection in certain usage patterns. Specifically, SQL injection requires the
 application to use the function result to construct input to psql, the
 PostgreSQL interactive terminal. Similarly, improper neutralization of quoting
 syntax in PostgreSQL command line utility programs allows a source of command
-line arguments to achieve SQL injection when client_encoding is `BIG5` and
+line arguments to achieve SQL injection when [`client_encoding`](https://www.postgresql.org/docs/current/runtime-config-client.html#GUC-CLIENT-ENCODING)
+is `BIG5` and
 [`server_encoding`](https://www.postgresql.org/docs/current/runtime-config-preset.html#GUC-SERVER-ENCODING)
 is one of `EUC_TW` or `MULE_INTERNAL`. Versions before PostgreSQL 17.3, 16.7,
 15.11, 14.16, and 13.19 are affected.
@@ -37,18 +38,17 @@ This update fixes over 70 bugs that were reported in the last several months.
 The issues listed below affect PostgreSQL 17. Some of these issues may also
 affect other supported versions of PostgreSQL.
 
-
-* Use pre-v17 behavior for truncating database and usernames in connection
-requests.
+* Restore pre-v17 truncation behavior for >63-byte database names and usernames
+in connection requests.
 * Don't perform connection privilege checks and limits on parallel workers, and
 instead inherit these from the leader process.
 * Remove `Lock` suffix from `LWLock` wait event names. 
 * Fix possible re-use of stale results in window aggregates, which could lead
 to incorrect results.
 * Several race condition fixes for [vacuum](https://www.postgresql.org/docs/current/sql-vacuum.html)
-that in the worst cas could cause corruption to a system catalog.
+that in the worst case could cause corruption to a system catalog.
 * Several fixes for [truncating](https://www.postgresql.org/docs/current/sql-truncate.html)
-tables and indexs that prevent potential corruption.
+tables and indexes that prevent potential corruption.
 * Fix for detaching a partition where its own foreign-key constraint references
 a partitioned table.
 * Fix for the `FFn` (e.g., `FF1`) format codes for `to_timestamp`, where an integer format code before the `FFn` would consume all available digits.
@@ -57,7 +57,7 @@ necessary.
 * Include the `ldapscheme` option in
 [`pg_hba_file_rules()`](https://www.postgresql.org/docs/current/view-pg-hba-file-rules.html).
 * Several fixes for [`UNION`](https://www.postgresql.org/docs/current/queries-union.html),
-including not merging columns with noncompatible collations.
+including not merging columns with non-compatible collations.
 * Several fixes that could impact availability or speed of starting a connection
 to PostgreSQL.
 * Fix multiple memory leaks in logical decoding output.