The PostgreSQL project thanks Tom Lane for reporting this problem.
-### [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/): PostgreSQL PL/Perl environment variable changes execute arbitrary code
+### [CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/): PostgreSQL PL/Perl environment variable changes execute arbitrary code
CVSS v3.1 Base Score: [8.8](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?version=3.1&vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
while `LC_COLLATE` is a different locale. This could lead to incorrect query
results. If you have these settings in your database, please reindex any
affected indexes after updating to this release. This issue impacted 17.0 only.
-* Several query planner fixes.
+* Several query planner fixes, including disallowing joining partitions
+([partitionwise join](https://www.postgresql.org/docs/current/runtime-config-query.html#GUC-ENABLE-PARTITIONWISE-JOIN))
+if the collations of the partitions don't match.
* Fix possible wrong answers or `wrong varnullingrels` planner errors for
[`MERGE ... WHEN NOT MATCHED BY SOURCE`](https://www.postgresql.org/docs/current/sql-merge.html)
actions.
statement's argument list and the `CALL` is within a
[PL/pgSQL `EXCEPTION`](https://www.postgresql.org/docs/current/plpgsql-control-structures.html#PLPGSQL-ERROR-TRAPPING)
block.
-* The `psql` `\watch` now treats values that are less than 1ms to be an interval
-of 0 (no wait between executions).
+* Fix for JIT crashes on ARM (aarch64) systems.
+* The `psql` `\watch` now treats values that are less than 1ms to be 0
+(no wait between executions).
* Fix failure to use credentials for a replication user in the
[password file](https://www.postgresql.org/docs/current/libpq-pgpass.html)
([`pgpass`](https://www.postgresql.org/docs/current/libpq-pgpass.html))
projects / press.git / commitdiff