PostgreSQL 2011-09-26 Cumulative Bug-Fix Release

Posted on 2011-09-25

The PostgreSQL Global Development Group today released minor version updates for all active branches of the PostgreSQL object-relational database system, including versions 9.1.1, 9.0.5, 8.4.9, 8.3.16 and 8.2.22.

All users are strongly urged to update their installations at the next scheduled downtime.

The PostgreSQL community will stop releasing updates for version 8.2 later this year. Users are encouraged to upgrade to a newer version as soon as possible. See our Release support policy.

This release fixes a long list of bugs, including several potential crash and data-corruption issues, including:

  • Applied upstream fix in contrib/pg_crypto for blowfish signed-character bug (CVE-2011-2483), where encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be;
  • Work-around for gcc 4.6.0 bug that breaks WAL replay;
  • Fixed memory leak at end of a GiST index scan;
  • Improved handling of SSL errors;
  • Fixed SSPI login when multiple roundtrips are required (typical error reported was "The function requested is not supported");
  • Fixed VACUUM so that it always updates pg_class.reltuples and pg_class.relpages;
  • Allowed the planner to assume that empty parent tables really are empty;
  • Disallowed SELECT FOR UPDATE/SHARE on sequences;
  • Fixed failure when DROP OWNED BY attempts to remove default privileges on sequences.

The releases included 11 patches to 9.1, 147 patches to 9.0, 96 patches to 8.4, 73 patches to 8.3 and 52 patches to 8.2.

See the release notes for each version for a full list of changes with details.

As with other minor releases, users are not required to dump and reload their database in order to apply this update release; you may simply shut down PostgreSQL

and update its binaries. Users skipping more than one update may need to check the release notes for extra, post-update steps.

Download new versions now:

This post has been migrated from a previous version of the PostgreSQL website. We apologise for any formatting issues caused by the migration.