From df5aa4e5b9ab1bd0d999c6c23747a64fc44d0cac Mon Sep 17 00:00:00 2001 From: gvasquezvargas Date: Mon, 9 Dec 2024 11:31:13 -0500 Subject: [PATCH] Added CVEs to EPAS and PGE releases --- .../epas_rel_notes/epas12_22_00_rel_notes.mdx | 18 +++++----- .../epas_rel_notes/epas13_18_00_rel_notes.mdx | 16 +++++---- .../epas_rel_notes/epas14_15_0_rel_notes.mdx | 16 +++++---- .../epas_rel_notes/epas15_10_0_rel_notes.mdx | 20 ++++++----- .../epas_rel_notes/epas16_6_0_rel_notes.mdx | 22 ++++++------ .../17/epas_rel_notes/epas17_2_rel_notes.mdx | 36 ++++++++++--------- .../docs/pge/13/release_notes/index.mdx | 8 +++++ .../docs/pge/14/release_notes/index.mdx | 9 +++++ .../pge/15/release_notes/rel_notes15.10.mdx | 8 +++-- .../pge/16/release_notes/rel_notes16.6.mdx | 8 +++-- .../pge/17/release_notes/rel_notes17.2.mdx | 8 +++-- 11 files changed, 102 insertions(+), 67 deletions(-) diff --git a/product_docs/docs/epas/12/epas_rel_notes/epas12_22_00_rel_notes.mdx b/product_docs/docs/epas/12/epas_rel_notes/epas12_22_00_rel_notes.mdx index e1eaf057251..f0cd2785eaa 100644 --- a/product_docs/docs/epas/12/epas_rel_notes/epas12_22_00_rel_notes.mdx +++ b/product_docs/docs/epas/12/epas_rel_notes/epas12_22_00_rel_notes.mdx @@ -5,12 +5,14 @@ navTitle: "Version 12.22.00" Released: 21 Nov 2024 -EDB Postgres Advanced Server 12.21.26 includes the following enhancements and bug fixes: +EDB Postgres Advanced Server 12.22 includes the following enhancements and bug fixes: -| Type | Description | Addresses                | -|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------| -| Upstream merge | Merged with community PostgreSQL 12.22. This release includes a fix for [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). See the [PostgreSQL 12.22 Release Notes](https://www.postgresql.org/docs/release/12.22/) for more information. | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | -| Bug fix | Fixed an issue for Auditing. With `edb_audit`, now you can audit the initial connection process or authentication messages as well. | #39540 | -| Bug fix | Fixed an issue for EDB*Loader. Now the `negative bitmapset member not allowed` error is resolved for partitioned tables. | #39562 | -| Bug fix | Fixed an issue for `Oracle Proc*c`and `ecpg with PROC` . Corrected the macro definition in `sqlda-proc.h` to fix the compilation errors when used. | #40573 | -| Bug fix | Fixed an issue for replication. Now the login of locked account on the physical replica is not allowed. | | +| Type | Description | Addresses                | +|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Upstream merge | Merged with community PostgreSQL 12.22. See the [PostgreSQL 12.22 Release Notes](https://www.postgresql.org/docs/release/12.22/) for more information. | | +| Bug fix | Fixed an issue for Auditing. With `edb_audit`, now you can audit the initial connection process or authentication messages as well. | #39540 | +| Bug fix | Fixed an issue for EDB*Loader. Now the `negative bitmapset member not allowed` error is resolved for partitioned tables. | #39562 | +| Bug fix | Fixed an issue for `Oracle Proc*c`and `ecpg with PROC` . Corrected the macro definition in `sqlda-proc.h` to fix the compilation errors when used. | #40573 | +| Bug fix | Fixed an issue for replication. Now the login of locked account on the physical replica is not allowed. | | +| Security fix | This release includes the fixes that were incorporated in [12.21](https://www.postgresql.org/docs/release/12.21/):
[CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/), [CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/), [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/), [CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) | [CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/)
[CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/)
[CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/)
[CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) for #43051 | +| Security fix | This release includes a remediation to issues caused by the 12.21 fix to [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | \ No newline at end of file diff --git a/product_docs/docs/epas/13/epas_rel_notes/epas13_18_00_rel_notes.mdx b/product_docs/docs/epas/13/epas_rel_notes/epas13_18_00_rel_notes.mdx index cb8c9ab8974..777db3c472c 100644 --- a/product_docs/docs/epas/13/epas_rel_notes/epas13_18_00_rel_notes.mdx +++ b/product_docs/docs/epas/13/epas_rel_notes/epas13_18_00_rel_notes.mdx @@ -7,10 +7,12 @@ Released: 21 Nov 2024 EDB Postgres Advanced Server 13.18.00 includes the following enhancements and bug fixes: -| Type | Description | Addresses                | -|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------| -| Upstream merge | Merged with community PostgreSQL 13.18. This release includes a fix for [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). See the [PostgreSQL 13.18 Release Notes](https://www.postgresql.org/docs/release/13.18/) for more information. | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | -| Bug fix | Fixed an issue for Auditing. With `edb_audit`, now you can audit the initial connection process or authentication messages as well. | #39540 | -| Bug fix | Fixed an issue for EDB*Loader. Now the `negative bitmapset member not allowed` error is resolved for partitioned tables. | #39562 | -| Bug fix | Fixed an issue for `Oracle Proc*c`and `ecpg with PROC` . Corrected the macro definition in `sqlda-proc.h` to fix the compilation errors when used. | #40573 | -| Bug fix | Fixed an issue for replication. Now the login of locked account on the physical replica is not allowed. | | +| Type | Description | Addresses                | +|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Upstream merge | Merged with community PostgreSQL 13.18. See the [PostgreSQL 13.18 Release Notes](https://www.postgresql.org/docs/release/13.18/) for more information. | | +| Bug fix | Fixed an issue for Auditing. With `edb_audit`, now you can audit the initial connection process or authentication messages as well. | #39540 | +| Bug fix | Fixed an issue for EDB*Loader. Now the `negative bitmapset member not allowed` error is resolved for partitioned tables. | #39562 | +| Bug fix | Fixed an issue for `Oracle Proc*c`and `ecpg with PROC` . Corrected the macro definition in `sqlda-proc.h` to fix the compilation errors when used. | #40573 | +| Bug fix | Fixed an issue for replication. Now the login of locked account on the physical replica is not allowed. | | +| Security fix | This release includes the fixes that were incorporated in [13.17](https://www.postgresql.org/docs/release/13.17/):
[CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/), [CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/), [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/), [CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) | [CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/)
[CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/)
[CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/)
[CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) for #43051 | +| Security fix | This release includes a remediation to issues caused by the 13.17 fix to [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | \ No newline at end of file diff --git a/product_docs/docs/epas/14/epas_rel_notes/epas14_15_0_rel_notes.mdx b/product_docs/docs/epas/14/epas_rel_notes/epas14_15_0_rel_notes.mdx index 0e7a6ce14eb..f4c97bcd7d1 100644 --- a/product_docs/docs/epas/14/epas_rel_notes/epas14_15_0_rel_notes.mdx +++ b/product_docs/docs/epas/14/epas_rel_notes/epas14_15_0_rel_notes.mdx @@ -7,10 +7,12 @@ Released: 21 Nov 2024 EDB Postgres Advanced Server 14.15.0 includes the following enhancements and bug fixes: -| Type | Description | Addresses                | -|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------| -| Upstream merge | Merged with community PostgreSQL 14.15. This release includes a fix for [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). See the [PostgreSQL 14.15 Release Notes](https://www.postgresql.org/docs/release/14.15/) for more information. | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | -| Bug fix | Fixed an issue for Auditing. With `edb_audit`, now you can audit the initial connection process or authentication messages as well. | #39540 | -| Bug fix | Fixed an issue for EDB*Loader. Now the `negative bitmapset member not allowed` error is resolved for partitioned tables. | #39562 | -| Bug fix | Fixed an issue for `Oracle Proc*c`and `ecpg with PROC` . Corrected the macro definition in `sqlda-proc.h` to fix the compilation errors when used. | #40573 | -| Bug fix | Fixed an issue for replication. Now the login of locked account on the physical replica is not allowed. | | +| Type | Description | Addresses                | +|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Upstream merge | Merged with community PostgreSQL 14.15. See the [PostgreSQL 14.15 Release Notes](https://www.postgresql.org/docs/release/14.15/) for more information. | | +| Bug fix | Fixed an issue for Auditing. With `edb_audit`, now you can audit the initial connection process or authentication messages as well. | #39540 | +| Bug fix | Fixed an issue for EDB*Loader. Now the `negative bitmapset member not allowed` error is resolved for partitioned tables. | #39562 | +| Bug fix | Fixed an issue for `Oracle Proc*c`and `ecpg with PROC` . Corrected the macro definition in `sqlda-proc.h` to fix the compilation errors when used. | #40573 | +| Bug fix | Fixed an issue for replication. Now the login of locked account on the physical replica is not allowed. | | +| Security fix | This release includes the fixes that were incorporated in [14.14](https://www.postgresql.org/docs/release/14.14/):
[CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/), [CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/), [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/), [CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) | [CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/)
[CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/)
[CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/)
[CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) for #43051 | +| Security fix | This release includes a remediation to issues caused by the 14.14 fix to [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | \ No newline at end of file diff --git a/product_docs/docs/epas/15/epas_rel_notes/epas15_10_0_rel_notes.mdx b/product_docs/docs/epas/15/epas_rel_notes/epas15_10_0_rel_notes.mdx index 299ba80aac6..d9e923da3b7 100644 --- a/product_docs/docs/epas/15/epas_rel_notes/epas15_10_0_rel_notes.mdx +++ b/product_docs/docs/epas/15/epas_rel_notes/epas15_10_0_rel_notes.mdx @@ -7,12 +7,14 @@ Released: 21 Nov 2024 EDB Postgres Advanced Server 15.10.0 includes the following enhancements and bug fixes: -| Type | Description | Addresses | -|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------| -| Upstream merge | Merged with community PostgreSQL 15.10. This release includes a fix for [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). See the [PostgreSQL 15.10 Release Notes](https://www.postgresql.org/docs/release/15.10/) for more information. | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | -| Bug fix | Fixed an issue for Auditing. With `edb_audit`, now you can audit the initial connection process or authentication messages as well. | #39540 | -| Bug fix | Fixed an issue for `EDB*Loader`. Now the `negative bitmapset member not allowed` error is resolved for partitioned tables. | #39562 | -| Bug fix | Fixed an issue for `Oracle Proc*c`and `ecpg with PROC` . Corrected the macro definition in `sqlda-proc.h` to fix the compilation errors when used. | #40573 | -| Bug fix | Fixed an issue for replication. Now the login of locked account on the physical replica is not allowed. | | -| Bug fix | Fixed an issue for `COPY` and `EDB*Loader`. Now the server is not crashed while using dynamic partitioning in `COPY` and `EDB*Loader`. | #38963 | -| Bug fix | Fixed an issue with tab completion for the object names while using in SQL statements. | | +| Type | Description | Addresses                | +|-------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Upstream merge | Merged with community PostgreSQL 15.10. See the [PostgreSQL 15.10 Release Notes](https://www.postgresql.org/docs/release/15.10/) for more information. | | +| Bug fix | Fixed an issue for Auditing. With `edb_audit`, now you can audit the initial connection process or authentication messages as well. | #39540 | +| Bug fix | Fixed an issue for `EDB*Loader`. Now the `negative bitmapset member not allowed` error is resolved for partitioned tables. | #39562 | +| Bug fix | Fixed an issue for `Oracle Proc*c`and `ecpg with PROC` . Corrected the macro definition in `sqlda-proc.h` to fix the compilation errors when used. | #40573 | +| Bug fix | Fixed an issue for replication. Now the login of locked account on the physical replica is not allowed. | | +| Bug fix | Fixed an issue for `COPY` and `EDB*Loader`. Now the server is not crashed while using dynamic partitioning in `COPY` and `EDB*Loader`. | #38963 | +| Bug fix | Fixed an issue with tab completion for the object names while using in SQL statements. | | +| Security fix | This release includes the fixes that were incorporated in [15.9](https://www.postgresql.org/docs/release/15.9/):
[CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/), [CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/), [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/), [CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) | [CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/)
[CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/)
[CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/)
[CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) for #43051 | +| Security fix | This release includes a remediation to issues caused by the 15.9 fix to [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | \ No newline at end of file diff --git a/product_docs/docs/epas/16/epas_rel_notes/epas16_6_0_rel_notes.mdx b/product_docs/docs/epas/16/epas_rel_notes/epas16_6_0_rel_notes.mdx index 150677ac410..67cb1b1ef78 100644 --- a/product_docs/docs/epas/16/epas_rel_notes/epas16_6_0_rel_notes.mdx +++ b/product_docs/docs/epas/16/epas_rel_notes/epas16_6_0_rel_notes.mdx @@ -7,13 +7,15 @@ Released: 21 Nov 2024 EDB Postgres Advanced Server 16.6.0 includes the following enhancements and bug fixes: -| Type | Description | Addresses                | -|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------| -| Upstream merge | Merged with community PostgreSQL 16.6. This release includes a fix for [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). See the [PostgreSQL 16.6 Release Notes](https://www.postgresql.org/docs/release/16.6/) for more information. | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | -| Bug fix | Fixed an issue for Auditing. With `edb_audit`, now you can audit the initial connection process or authentication messages as well. | #39540 | -| Bug fix | Fixed an issue for `EDB*Loader`. Now the `negative bitmapset member not allowed` error is resolved for partitioned tables. | #39562 | -| Bug fix | Fixed an issue for `Oracle Proc*c`and `ecpg with PROC` . Corrected the macro definition in `sqlda-proc.h` to fix the compilation errors when used. | #40573 | -| Bug fix | Fixed an issue for replication. Now the login of locked account on the physical replica is not allowed. | | -| Bug fix | Fixed an issue for `COPY` and `EDB*Loader`. Now the server is not crashed while using dynamic partitioning in `COPY` and `EDB*Loader`. | #38963 | -| Bug fix | Fixed an issue with tab completion for the object names while using in SQL statements. | | -| Bug fix | Fixed an issue with `ecpg`. Now it supports `EXEC SQL INCLUDE` in Pro*C (`-C PROC`) mode. | #41438 | \ No newline at end of file +| Type | Description | Addresses                | +|-------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Upstream merge | Merged with community PostgreSQL 16.6. See the [PostgreSQL 16.6 Release Notes](https://www.postgresql.org/docs/17/release-16-6.html) for more information. | | +| Bug fix | Fixed an issue for Auditing. With `edb_audit`, now you can audit the initial connection process or authentication messages as well. | #39540 | +| Bug fix | Fixed an issue for `EDB*Loader`. Now the `negative bitmapset member not allowed` error is resolved for partitioned tables. | #39562 | +| Bug fix | Fixed an issue for `Oracle Proc*c`and `ecpg with PROC` . Corrected the macro definition in `sqlda-proc.h` to fix the compilation errors when used. | #40573 | +| Bug fix | Fixed an issue for replication. Now the login of locked account on the physical replica is not allowed. | | +| Bug fix | Fixed an issue for `COPY` and `EDB*Loader`. Now the server is not crashed while using dynamic partitioning in `COPY` and `EDB*Loader`. | #38963 | +| Bug fix | Fixed an issue with tab completion for the object names while using in SQL statements. | | +| Bug fix | Fixed an issue with `ecpg`. Now it supports `EXEC SQL INCLUDE` in Pro*C (`-C PROC`) mode. | #41438 | +| Security fix | This release includes the fixes that were incorporated in [16.5](https://www.postgresql.org/docs/release/16.5/):
[CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/), [CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/), [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/), [CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) | [CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/)
[CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/)
[CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/)
[CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) for #43051 | +| Security fix | This release includes a remediation to issues caused by the 16.5 fix to [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | \ No newline at end of file diff --git a/product_docs/docs/epas/17/epas_rel_notes/epas17_2_rel_notes.mdx b/product_docs/docs/epas/17/epas_rel_notes/epas17_2_rel_notes.mdx index dd23db89dcf..72df40755b2 100644 --- a/product_docs/docs/epas/17/epas_rel_notes/epas17_2_rel_notes.mdx +++ b/product_docs/docs/epas/17/epas_rel_notes/epas17_2_rel_notes.mdx @@ -15,20 +15,22 @@ With the release of EPAS 17, the DRITA is being deprecated and will not be inclu The `pgAgent` and `adminpack` packages are end of life from EPAS 17 and later. !!! -| Type | Description | Category | -|----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------| -| Upstream merge | Merged with community PostgreSQL 17.2. See the [PostgreSQL 17 Release Notes](https://www.postgresql.org/docs/17/release-17-2.html) for more information. | | -| Feature | Added support for the Oracle-compatible `BFILE` native datatype and the `DBMS_LOB` package APIs. See the [DBMS_LOB](../reference/oracle_compatibility_reference/epas_compat_bip_guide/03_built-in_packages/06_dbms_lob/) for more information. | | -| Feature | Added support for the Oracle-compatible `DBMS_XMLDOM` package to provide interface for HTML and XML documents. See the [DBMS_XMLDOM](../reference/oracle_compatibility_reference/epas_compat_bip_guide/03_built-in_packages/18_dbms_xmldom) for more information. | | -| Feature | Added support for the Oracle-compatible `DBMS_ASSERT` package to validate input properties and sanitize user input, thereby reducing the risk of SQL injections. See the [DBMS_ASSERT](../reference/oracle_compatibility_reference/epas_compat_bip_guide/03_built-in_packages/01a_dbms_assert) for more information. | | -| Feature | Added support for the Oracle-equivalent `NLS_UPPER`,`NLS_LOWER`, and `NLS_INITCAP` functions. See the [NLS functions](../reference/sql_reference/03_functions_and_operators/nls_functions) for more information. | | -| Feature | Implemented `alteruser` utility to modify roles in the clusters. See the [alteruser utility](/tools/alteruser_utility/) for more information. | | -| Enhancement | Added support for the Oracle-compatible `FORALL..MERGE` and `FORALL..SAVE EXCEPTIONS`. See the [FORALL statement](../application_programming/epas_compat_spl/12_working_with_collections/03_using_the_forall_statement/) for more information. | | -| Enhancement | Added support for the `XMLType` data type to be called as an object type and has predefined member functions and constructors on it. See the [XMLType datatype](../reference/sql_reference/02_data_types/06_xml_type) for more information. | | -| Enhancement | Added support for JSON log format in the EDB Auditing. This enables to create audit reports in XML, CSV, or JSON format. | | -| Enhancement | Added support for READ and WRITE privileges for the directory objects. | | -| Enhancement | Added support for READ and WRITE directory permissions in UTL_FILE APIs. | | -| Enhancement | Implemented `IMPORT FOREIGN SCHEMA`. This command imports a foreign schema from a foreign server or a database link. | | -| Enhancement | Added support for `ANYCOMPATIBLE` and "any" pseudo type to NVL function. This allows NVL function to support more types of argument combinations now. | | -| Enhancement | Added support to audit all the EDB Postgres Advanced Server's modified external function signatures so that PostgreSQL compatible extensions can be compiled along with EDB Postgres Advanced Server. | | -| Enhancement | EDB*Loader: Enhanced terminator and delimiter matching behavior to consider the server encoding. | | +| Type | Description | Addresses                | +|-------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Upstream merge | Merged with community PostgreSQL 17.2. See the [PostgreSQL 17.2 Release Notes](https://www.postgresql.org/docs/17/release-17-2.html) for more information. | | +| Feature | Added support for the Oracle-compatible `BFILE` native datatype and the `DBMS_LOB` package APIs. See the [DBMS_LOB](../reference/oracle_compatibility_reference/epas_compat_bip_guide/03_built-in_packages/06_dbms_lob/) for more information. | | +| Feature | Added support for the Oracle-compatible `DBMS_XMLDOM` package to provide interface for HTML and XML documents. See the [DBMS_XMLDOM](../reference/oracle_compatibility_reference/epas_compat_bip_guide/03_built-in_packages/18_dbms_xmldom) for more information. | | +| Feature | Added support for the Oracle-compatible `DBMS_ASSERT` package to validate input properties and sanitize user input, thereby reducing the risk of SQL injections. See the [DBMS_ASSERT](../reference/oracle_compatibility_reference/epas_compat_bip_guide/03_built-in_packages/01a_dbms_assert) for more information. | | +| Feature | Added support for the Oracle-equivalent `NLS_UPPER`,`NLS_LOWER`, and `NLS_INITCAP` functions. See the [NLS functions](../reference/sql_reference/03_functions_and_operators/nls_functions) for more information. | | +| Feature | Implemented `alteruser` utility to modify roles in the clusters. See the [alteruser utility](/tools/alteruser_utility/) for more information. | | +| Enhancement | Added support for the Oracle-compatible `FORALL..MERGE` and `FORALL..SAVE EXCEPTIONS`. See the [FORALL statement](../application_programming/epas_compat_spl/12_working_with_collections/03_using_the_forall_statement/) for more information. | | +| Enhancement | Added support for the `XMLType` data type to be called as an object type and has predefined member functions and constructors on it. See the [XMLType datatype](../reference/sql_reference/02_data_types/06_xml_type) for more information. | | +| Enhancement | Added support for JSON log format in the EDB Auditing. This enables to create audit reports in XML, CSV, or JSON format. | | +| Enhancement | Added support for READ and WRITE privileges for the directory objects. | | +| Enhancement | Added support for READ and WRITE directory permissions in UTL_FILE APIs. | | +| Enhancement | Implemented `IMPORT FOREIGN SCHEMA`. This command imports a foreign schema from a foreign server or a database link. | | +| Enhancement | Added support for `ANYCOMPATIBLE` and "any" pseudo type to NVL function. This allows NVL function to support more types of argument combinations now. | | +| Enhancement | Added support to audit all the EDB Postgres Advanced Server's modified external function signatures so that PostgreSQL compatible extensions can be compiled along with EDB Postgres Advanced Server. | | +| Enhancement | EDB*Loader: Enhanced terminator and delimiter matching behavior to consider the server encoding. | | +| Security fix | This release includes the fixes that were incorporated in [17.1](https://www.postgresql.org/docs/release/17.1/):
[CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/), [CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/), [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/), [CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) | [CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/)
[CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/)
[CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/)
[CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) for #43051 | +| Security fix | This release includes a remediation to issues caused by the 17.1 fix to [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | \ No newline at end of file diff --git a/product_docs/docs/pge/13/release_notes/index.mdx b/product_docs/docs/pge/13/release_notes/index.mdx index f92750561f1..eec41796661 100644 --- a/product_docs/docs/pge/13/release_notes/index.mdx +++ b/product_docs/docs/pge/13/release_notes/index.mdx @@ -12,6 +12,14 @@ This release is primarily an upstream merge. Merged with community PostgreSQL 13.18. See the [PostgreSQL 13.18 Release Notes](https://www.postgresql.org/docs/13/release-13-18.html) for more information. +It also includes the security fixes that were incorporated in [13.17](https://www.postgresql.org/docs/release/13.17/): +- [CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/) +- [CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/) +- [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) +- [CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) + +And a remediation to issues caused by the 13.17 fix to [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). + ## 2ndQuadrant Postgres 13.16.1r1.1.19 Release date: 2024-08-22 diff --git a/product_docs/docs/pge/14/release_notes/index.mdx b/product_docs/docs/pge/14/release_notes/index.mdx index b571d80f2e3..7b1e0979342 100644 --- a/product_docs/docs/pge/14/release_notes/index.mdx +++ b/product_docs/docs/pge/14/release_notes/index.mdx @@ -12,6 +12,15 @@ This release is primarily an upstream merge. Merged with community PostgreSQL 14.15. See the [PostgreSQL 14.15 Release Notes](https://www.postgresql.org/docs/14/release-14-15.html) for more information. +It also includes the security fixes that were incorporated in [14.14](https://www.postgresql.org/docs/release/14.14/): +- [CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/) +- [CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/) +- [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) +- [CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) + +And a remediation to issues caused by the 14.14 fix to [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). + + ## EDB Postgres Extended Server 14.13.1 Release date: 2024-08-22 diff --git a/product_docs/docs/pge/15/release_notes/rel_notes15.10.mdx b/product_docs/docs/pge/15/release_notes/rel_notes15.10.mdx index fb3bc8cdbf0..435f4f70d75 100644 --- a/product_docs/docs/pge/15/release_notes/rel_notes15.10.mdx +++ b/product_docs/docs/pge/15/release_notes/rel_notes15.10.mdx @@ -7,6 +7,8 @@ Released: 21 Nov 2024 New features, enhancements, bug fixes, and other changes in EDB Postgres Extended Server 15.10 include: -| Type | Description | Ticket | -|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------| -| Upstream merge | Merged with community PostgreSQL 15.10. This release includes a fix for [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). See the [PostgreSQL 15.10 Release Notes](https://www.postgresql.org/docs/15/release-15-10.html) for more information. | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | +| Type | Description | Ticket | +|-------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Upstream merge | Merged with community PostgreSQL 15.10. This release includes a fix for [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). See the [PostgreSQL 15.10 Release Notes](https://www.postgresql.org/docs/15/release-15-10.html) for more information. | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | +| Security fix | This release includes the fixes that were incorporated in [15.9](https://www.postgresql.org/docs/release/15.9/):
[CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/), [CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/), [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/), [CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) | [CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/)
[CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/)
[CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/)
[CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) for #43051 | +| Security fix | This release includes a remediation to issues caused by the 15.9 fix to [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | \ No newline at end of file diff --git a/product_docs/docs/pge/16/release_notes/rel_notes16.6.mdx b/product_docs/docs/pge/16/release_notes/rel_notes16.6.mdx index d63003701d5..d32c6d714cb 100644 --- a/product_docs/docs/pge/16/release_notes/rel_notes16.6.mdx +++ b/product_docs/docs/pge/16/release_notes/rel_notes16.6.mdx @@ -7,6 +7,8 @@ Released: 21 Nov 2024 EDB Postgres Extended Server 16.6 includes the following enhancements and bug fixes: -| Type | Description | Ticket | -|----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------| -| Upstream merge | Merged with community PostgreSQL 16.6. This release includes a fix for [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). See the [PostgreSQL 16.6 Release Notes](https://www.postgresql.org/docs/16/release-16-6.html) for more information. | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | +| Type | Description | Ticket | +|-------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Upstream merge | Merged with community PostgreSQL 16.6. This release includes a fix for [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). See the [PostgreSQL 16.6 Release Notes](https://www.postgresql.org/docs/16/release-16-6.html) for more information. | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | +| Security fix | This release includes the fixes that were incorporated in [16.5](https://www.postgresql.org/docs/release/16.5/):
[CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/), [CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/), [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/), [CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) | [CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/)
[CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/)
[CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/)
[CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) for #43051 | +| Security fix | This release includes a remediation to issues caused by the 16.5 fix to [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | \ No newline at end of file diff --git a/product_docs/docs/pge/17/release_notes/rel_notes17.2.mdx b/product_docs/docs/pge/17/release_notes/rel_notes17.2.mdx index 90883c2a010..0261858aae3 100644 --- a/product_docs/docs/pge/17/release_notes/rel_notes17.2.mdx +++ b/product_docs/docs/pge/17/release_notes/rel_notes17.2.mdx @@ -7,6 +7,8 @@ Released: 22 Nov 2024 EDB Postgres Extended Server 17.2 includes the following enhancements and bug fixes: -| Type | Description | Addresses | -|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------| -| Upstream merge | Merged with community PostgreSQL 17.2. See the [PostgreSQL 17.2 Release Notes](https://www.postgresql.org/docs/17/release-17-2.html) for more information. | | +| Type | Description | Addresses | +|-------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Upstream merge | Merged with community PostgreSQL 17.2. See the [PostgreSQL 17.2 Release Notes](https://www.postgresql.org/docs/17/release-17-2.html) for more information. | | +| Security fix | This release includes the fixes that were incorporated in [17.1](https://www.postgresql.org/docs/release/17.1/):
[CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/), [CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/), [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/), [CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) | [CVE-2024-10976](https://www.postgresql.org/support/security/CVE-2024-10976/)
[CVE-2024-10977](https://www.postgresql.org/support/security/CVE-2024-10977/)
[CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/)
[CVE-2024-10979](https://www.postgresql.org/support/security/CVE-2024-10979/) for #43051 | +| Security fix | This release includes a remediation to issues caused by the 17.1 fix to [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/). | [CVE-2024-10978](https://www.postgresql.org/support/security/CVE-2024-10978/) | \ No newline at end of file