E.230. Release 7.3.19
Release date: 2007-04-23
This release contains fixes from 7.3.18, including a security
fix.
E.230.1. Migration to Version 7.3.19
A dump/restore is not required for those running 7.3.X.
However, if you are upgrading from a version earlier than
7.3.13, see Section E.236,
« Release 7.3.13 ».
E.230.2. Changes
-
Support explicit placement of the temporary-table
schema within search_path, and
disable searching it for functions and operators (Tom)
This is needed to allow a security-definer function to
set a truly secure value of search_path. Without it, an unprivileged
SQL user can use temporary objects to execute code with
the privileges of the security-definer function
(CVE-2007-2138). See CREATE FUNCTION for
more information.
-
Fix potential-data-corruption bug in how VACUUM FULL handles
UPDATE
chains (Tom, Pavan Deolasee)