Last-minute updates for release notes.

Security: CVE-2023-2454, CVE-2023-2455

diff --git a/doc/src/sgml/release-15.sgml b/doc/src/sgml/release-15.sgml
index a95395ee15f18b258b7f72c92b9f243fd8fc52ae..52d11a06b1e3c34d39f37daf989b7c4da6205d0c 100644 (file)
--- a/doc/src/sgml/release-15.sgml
+++ b/doc/src/sgml/release-15.sgml
@@ -35,6 +35,76 @@
 
     <listitem>
 <!--
+Author: Noah Misch <noah@leadboat.com>
+Branch: master [681d9e462] 2023-05-08 06:14:07 -0700
+Branch: REL_15_STABLE [dbd5795e7] 2023-05-08 06:14:11 -0700
+Branch: REL_14_STABLE [01e8182c7] 2023-05-08 06:14:11 -0700
+Branch: REL_13_STABLE [2212f7db8] 2023-05-08 06:14:12 -0700
+Branch: REL_12_STABLE [78119a0bf] 2023-05-08 06:14:12 -0700
+Branch: REL_11_STABLE [23cb8eaeb] 2023-05-08 06:14:12 -0700
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Branch: master [8d525d7b9] 2023-05-08 11:24:47 -0400
+Branch: REL_15_STABLE [1b761d896] 2023-05-08 11:24:47 -0400
+Branch: REL_14_STABLE [1913f63dc] 2023-05-08 11:24:47 -0400
+Branch: REL_13_STABLE [feb9e7fbb] 2023-05-08 11:24:47 -0400
+Branch: REL_12_STABLE [2cd843cc9] 2023-05-08 11:24:47 -0400
+Branch: REL_11_STABLE [766e06140] 2023-05-08 11:24:47 -0400
+-->
+     <para>
+      Prevent <command>CREATE SCHEMA</command> from defeating changes
+      in <varname>search_path</varname> (Alexander Lakhin)
+     </para>
+
+     <para>
+      Within a <command>CREATE SCHEMA</command> command, objects in the
+      prevailing <varname>search_path</varname>, as well as those in the
+      newly-created schema, would be visible even within a called
+      function or script that attempted to set a
+      secure <varname>search_path</varname>.  This could allow any user
+      having permission to create a schema to hijack the privileges of a
+      security definer function or extension script.
+     </para>
+
+     <para>
+      The <productname>PostgreSQL</productname> Project thanks
+      Alexander Lakhin for reporting this problem.
+      (CVE-2023-2454)
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Branch: master [ca73753b0] 2023-05-08 10:12:44 -0400
+Branch: REL_15_STABLE [04e560604] 2023-05-08 10:12:44 -0400
+Branch: REL_14_STABLE [f8d799eda] 2023-05-08 10:12:44 -0400
+Branch: REL_13_STABLE [b8e28f04f] 2023-05-08 10:12:44 -0400
+Branch: REL_12_STABLE [ee87b482c] 2023-05-08 10:12:45 -0400
+Branch: REL_11_STABLE [473626cf0] 2023-05-08 10:12:45 -0400
+-->
+     <para>
+      Enforce row-level security policies correctly after inlining a
+      set-returning function (Stephen Frost, Tom Lane)
+     </para>
+
+     <para>
+      If a set-returning SQL-language function refers to a table having
+      row-level security policies, and it can be inlined into a calling
+      query, those RLS policies would not get enforced properly in some
+      cases involving re-using a cached plan under a different role.
+      This could allow a user to see or modify rows that should have been
+      invisible.
+     </para>
+
+     <para>
+      The <productname>PostgreSQL</productname> Project thanks
+      Wolfgang Walther for reporting this problem.
+      (CVE-2023-2455)
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
 Author: Michael Paquier <michael@paquier.xyz>
 Branch: master [8a8661828] 2023-02-22 10:14:52 +0900
 Branch: REL_15_STABLE [fa5dd460c] 2023-02-22 10:14:56 +0900