PostgreSQL 8.4 Released: Now Easier to Use than Ever

2009-07-05T10:27:29Z

The PostgreSQL Global Development Group has released version 8.4, continuing the rapid development of the world's most advanced open source database. This release contains an abundance of enhancements to make administering, querying, and programming of PostgreSQL databases easier than ever before. Our development team has spent 16 months adding over two hundred improvements to all aspects of database functionality, helping every PostgreSQL user in small or large ways.

Many of the changes in PostgreSQL 8.4 are new or improved administration and monitoring tools and commands. Each user has their own favorite features which will make day-to-day work with PostgreSQL easier and more productive for them. Among the most popular enhancements are:

* Parallel Database Restore, speeding up recovery from backup up to 8 times

* Per-Column Permissions, allowing more granular control of sensitive data

* Per-database Collation Support, making PostgreSQL more useful in multi-lingual environments

* In-place Upgrades through pg_migrator (beta), enabling upgrades from 8.3 to 8.4 without extensive downtime

* New Query Monitoring Tools, giving administrators more insight into query activity

* Greatly Reduced VACUUM Overhead through the Visibility Map

* New Monitoring Tools for current queries, query load and
deadlocks

Version 8.4 also makes data analysis easier through the advanced ANSI SQL2003 features of windowing functions, common table expressions and recursive queries. Enhancements to stored procedures, such as default parameters and variadic parameters, make database server programming simpler and more compact. Of course, there are also performance improvements included in this version.

Download version 8.4 today and start enjoying using PostgreSQL even more!

http://www.PostgreSQL.org

PostgreSQL 2009-02-06 Update Releases Available Now

2009-04-04T21:05:00Z

The PostgreSQL Project released updates to all active branches of the PostgreSQL object-relational database system, including versions 8.3.6, 8.2.12, 8.1.16, 8.0.20 and 7.4.24. These updates include two serious fixes, for autovacuum crashes in version 8.1 and GiST indexing data loss in 8.3, and those two versions should be updated as soon as possible.

These update releases also include patches for several low-risk security holes, as well as up to 17 other minor fixes, depending on your major version of PostgreSQL. Included as well are Daylight Savings Time changes for Nepal, Switzerland and Cuba. See the release notes for full details.

The first serious issue affects users who are using version 8.1 with Autovacuum, which will fail when XID rollover is required. The second serious issue can cause data loss when CLUSTER is used with GiST indexes (such as full text indexes) on version 8.3. Both issues are fixed in these releases.

As with other minor releases, users are not required to dump and reload their database in order to apply this update release; you can simply shut down PostgreSQL and update its binaries. Users skipping more than one update should check the release notes for extra, post-update steps. As previously announced, only versions 8.2.12 and 8.3.6 of the Windows binaries are being released, as we no longer support 8.0 and 8.1 on Windows.

PostgreSQL 2009-02-06 Update Releases Available Now

2009-04-04T21:04:58Z

PostgreSQL 8.3.3, 8.2.9, etc. Updates Released

2008-06-13T01:07:36Z

Updates for all maintained versions of PostgreSQL are available today: 8.3.3,
8.2.9, 8.1.13, 8.0.17 and 7.4.21. These releases fix more than two dozen minor issues reported and patched over the last few months. All PostgreSQL
users should plan to update at their earliest convenience. Users of UTF-8
databases on Windows and people in affected time zones, in particular, should
upgrade as soon as possible.

The issues fixed include a crash caused by encoding mismatch on Windows, possible crash when decompressing corrupted data, non-optimization of some parameterized queries, new time zone updates, SIGTERM-caused memory
corruption, runaway LWLocks with GIN indexes, and several more. Read the
release notes to see if any of the issues affect you.

As with other minor releases, users are not required to dump and reload their
database in order to apply this update release; you may simply upgrade the
PostgreSQL binaries. Users skipping more than one update may need to check the release notes for extra, post-update steps. As previously announced, only versions 8.2.9 and 8.3.3 of the Windows binaries are being released, as we no longer support 8.0 and 8.1 on Windows.

For more download options, including binary packages, please visit the PostgreSQL website.

PostgreSQL 8.3.0 released

2008-02-04T21:15:17Z

The most advanced, fully featured, stable, Open Source SQL-compliant database server available, bar none.

Today the PostgreSQL Global Development Group releases the long-awaited version 8.3 of the most advanced open source database, which cements our place as the best performing open source database. Among the performance features you'll be excited about in 8.3 are:

* Heap Only Tuples
* BGWriter Autotuning
* Asynchronous Commit
* Spread Checkpoints
* Synchronous Scan
* "Var-Varlena"
* L2 Cache Protection
* Lazy XID

8.3 also has a lot of cool features for PostgreSQL DBAs and developers, including:

* CSV Logging
* SQL/XML
* MS Visual C++ support
* ENUMs
* Integrated Tsearch
* SSPI & GSSAPI
* Composite Type Arrays
* pg_standby

There are many, many other features included in this release. Visit the features list and the features matrix for more information, and browse the release notes to see the more than 300 patches that went into the release. You can even visit the press page.

Or just go ahead and download and install 8.3:

http://www.postgresql.org/ftp

All of the more than 200 contributors to 8.3 are excited and relieved to deliver this version after 15 months of work. Upgrade, and enjoy the new features and faster performance!

Cumulative Security Update Release

2008-01-07T18:18:58Z

*
* Case Studies
* Quotes
* Featured Users
* History
* Sponsors
o Servers
* Latest News
* Upcoming Events
* Press
* License

2008-01-07 Cumulative Security Update Release
Posted on 2008-01-06
Posted by josh@postgresql.org

Today the PostgreSQL Global Development Group is releasing updated versions which patch five security vulnerabilities. These releases update all current PostgreSQL versions, including 8.2, 8.1, 8.0, 7.4 and 7.3. They are considered critical and PostgreSQL DBAs and sysadmins should install the update as soon as they reasonably can. Our security team has made all efforts to make these patches backwards-compatible, and upgrading does not require converting your data files.

Please read the remainder of this message for further important details and announcements.
Details of Security Fixes

There are five security fixes included in this release. None of these issues are known to have been exploited in the field; they were discovered through security analysis.

Index Functions Privilege Escalation (CVE-2007-6600): as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as "expression indexes". This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Both of these holes have now been closed.

Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067, CVE-2007-4769): three separate issues in the regular expression libraries used by PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. All of these issues have been patched.

DBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle (see CVE-2007-3278), but that patch failed to close all forms of the loophole.
EOL Notices

Minor release 7.3.21 for PostgreSQL version 7.3 will be the last update to the 7.3 branch. As version 7.3 is now over five years old, the community will no longer release patches for it after today's release. Users of version 7.3 are encouraged to upgrade to a more current version as soon as possible, or to seek support from a commercial support vendor who is willing to continue backpatching for them.

8.1.11 and 8.0.15 are also the last 8.1 and 8.0 update releases for which the PostgreSQL community will produce binary packages for Windows. Windows users are encouraged to move to 8.2.6 or later, since there are Windows-specific fixes in 8.2 that are impractical to back-port. 8.1 and 8.0 updates will continue to be supported on other platforms and in source form.
Download and Install

PostgreSQL minor releases 8.2.6, 8.1.11, 8.0.15, 7.4.19 and 7.3.21 are available through our FTP mirror network:

* Source Code
* Binaries for some platforms

If you need additional information on the included updates, it's available in our <a href="http://www.postgresql.org/docs/current/static/release.html">Release Notes</a>. These upgrades can be copied directly over existing PostgreSQL binaries and do not require dump-and-reload for any system which has been updated in the last six months (older versions may require some specific post-update steps; see the release notes).

As always, PostgreSQL update releases are cumulative. All security fixes will be included in the upcoming version 8.3 release candidate. This notice will be posted to the <a href="http://www.postgresql.org/support/security">PostgreSQL security page</a>.

PostgreSQL 8.2.5, 8.1.10 etc. Minor Releases

2007-09-28T09:55:49Z

The PostgreSQL Global Development Group has released the minor update versions updating all current and recent versions of PostgreSQL, including 8.2, 8.1, 8.0, 7.4 and 7.3. The primary fix in these versions is updating PostgreSQL for the upcoming New Zealand time zone change; users in that country are urged to update their database servers immediately. Other users are encouraged to update their installations at their earliest convenience.

Additional fixes contained in this release include minor security fixes for dblink and pgstattuple, a potential index-corruption issue with vacuum, fixes for GIN indexing, and logging improvements. For a full list of fixes contained in the release, see the release notes.

The PGDG urges all users, in New Zealand or otherwise, to update ther servers as soon as possible. PostgreSQL users should always run the latest minor release of their major PostgreSQL version. The first two digits of your PostgreSQL version are the major version, and the last digit is the minor (or "patch") release.

Those latest versions are now:

* 8.2.5
* 8.1.10
* 8.0.14
* 7.4.18
* 7.3.20

No dump & reload or additional steps are required for those upgrading from any recent minor release. For users upgrading from much older minor releases, please read the release notes..

New update for all PostgreSQL versions

2007-01-18T14:40:26Z

The PostgreSQL Global Development Group today released minor versions updating all releases from 8.2 back to 7.3. Users are urged to upgrade at the earliest opportunity.

Releases 8.1.6 and 8.2.1 fix a number of error issues with versions 8.1 and 8.2, including several issues that can cause unexpected aborts in 8.2. Further, all versions have been updated for the new Australian and Canadian daylight-saving time rules. See the release notes for further information.

Source code and Windows and Red Hat binaries can be downloaded from the download page. Binaries for other operating systems will be distributed by their respective vendors.

Dump and reload is not necessary for users staying with the same major version, but see the 7.4.2 release notes if you are using versions 7.4.0 or 7.4.1. The versions released are: 8.2.1, 8.1.6, 8.0.10, 7.4.15 and 7.3.17.

PostgreSQL 8.2 released

2006-12-05T21:19:02Z

After eight months of development and five months of integration and testing, the PostgreSQL Global Development Group now announces the availability of PostgreSQL version 8.2 (our 14th public release).

Among the features of this new version are:

* Higher performance (+20% on OLTP tests)
* Improved Warm standby databases
* Online index builds
* SQL2003 aggregates
* Improved TSearch2 with Generalized Inverted Indexes
* Support for DTrace probes
* Advisory Locks
* New ISN/ISBN and pgCrypto modules
* Selective pg_dump options

... and many more included in the over 300 patches which went into this version.

For highlights of the release, please see the press kit

Downloads:
Source
Windows Binaries
Red Hat RPMs

Packages and ports for OSX, Solaris, Ubuntu, Debian, SuSE and other operating systems will be available in the weeks and months to come, either from postgresql.org or from the platform vendor.

Version 8.2 will be announced and discussed at the LISA conference in Washington DC, at the PostgreSQL booth and BOF.

PostgreSQL Bugfix Releases: 8.1.5, 8.0.9, 7.4.14, 7.3.16

2006-11-15T04:15:56Z

The PostgreSQL project today is releasing the following minor versions, which fix three different crash vulnerabilities as well as an assortment of minor issues. Users of all PostgreSQL versions are urged to upgrade at the earliest opportunity.

The versions being released are: 8.1.5, 8.0.9, 7.4.14, 7.3.16. These are cumulative patch releases which simply replace the PostgreSQL binaries for major versions 8.1, 8.0, 7.4 and 7.3. Note that users of versions 7.4.0, 7.4.1, 8.0.0 and 8.0.1 may have to take additional steps in the course of upgrading -- see the release notes for details.

The three crash conditions are not considered critical vulnerabilities, because all three require authenticated access to the database with the ability to run ad-hoc queries, and none can be exploited for privilege escalation. As a result, we have NOT filed a CVE for these issues.

Downloads are available here on SourceForge and on the download page, and binaries from third party platform distributors should be already available.

Recent posts to news

PostgreSQL 8.4 Released: Now Easier to Use than Ever

PostgreSQL 2009-02-06 Update Releases Available Now

PostgreSQL 2009-02-06 Update Releases Available Now

PostgreSQL 8.3.3, 8.2.9, etc. Updates Released

PostgreSQL 8.3.0 released

Cumulative Security Update Release

PostgreSQL 8.2.5, 8.1.10 etc. Minor Releases

New update for all PostgreSQL versions

PostgreSQL 8.2 released

PostgreSQL Bugfix Releases: 8.1.5, 8.0.9, 7.4.14, 7.3.16