EDB Postgres Advanced Server 15.4.0 release notes v16

Released: 21 Aug 2023

Updated: 30 Aug 2023

Upgrading

Once you have upgraded to this version of EDB Postgres Advanced Server, you will need to run edb_sqlpatch on all your databases to complete the upgrade. This application will check that your databases system objects are up to date with this version. See the EDB SQL Patch documentation for more information on how to deploy this tool.

After applying patches

Users making use of the UTL_MAIL package now require EXECUTE permission on the UTL_SMTP and UTL_TCP packages in addition to EXECUTE permission on UTL_MAIL.

Users making use of the UTL_SMTP package now require EXECUTE permission on the UTL_TCP packages in addition to EXECUTE permission on UTL_SMTP.

EDB Postgres Advanced Server 15.4.0 includes the following enhancements and bug fixes:

TypeDescriptionAddresses               
Upstream mergeMerged with community PostgreSQL 15.4. See the PostgreSQL 15 Release Notes for more information.
Security fixEDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path.CVE-2023-XXXXX-111+
Security fixEDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser.CVE-2023-XXXXX-211+
Security fixEDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory()CVE-2023-XXXXX-311+
Security fixEDB Postgres Advanced Server (EPAS) UTL_FILE permission bypassCVE-2023-XXXXX-411+
Security fixEDB Postgres Advanced Server (EPAS) permission bypass for materialized viewsCVE-2023-XXXXX-511+
Security fixEDB Postgres Advanced Server (EPAS) authenticated users may fetch any URLCVE-2023-XXXXX-611+
Security fixEDB Postgres Advanced Server (EPAS) permission bypass for large objectsCVE-2023-XXXXX-711+
Security fixEDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permissionCVE-2023-XXXXX-811+
Bug fixAllowed subtypes in INDEX BY clause of the packaged collection.#137111+
Bug fixFixed %type resolution when pointing to a packaged type field.#124311+
Bug fixProfile: Fixed upgrade when REUSE constraints were ENABLED/DISABLED.#9273911+
Bug fixSet correct collation for packaged cursor parameters.#9273911+
Bug fixRolled back autonomous transaction creating pg_temp in case of error.#9161411+
Bug fixAdded checks to ensure required WAL logging in EXCHANGE PARTITION command.13+
Bug fixDumped/restored the sequences created for GENERATED AS IDENTITY constraint.#9065814+
Bug fixSkipped updating the last DDL time for the parent table in CREATE INDEX.#9127014+
Bug fixRemoved existing package private procedure or function entries from the edb_last_ddl_time while replacing the package body.14+
Bug fixFixed libpq to allow multiple PQprepare() calls under the same transaction.#9473514+
Bug fixFixed a memory leak experienced when using EDB Postgres Distributed (PGD) with Transparent Data Encryption (TDE).#93936
Addresses

Entries in the Addresses column are either CVE numbers or, if preceded by #, a customer case number.