The PostgreSQL Project today released minor versions updating all active branches of the PostgreSQL object-relational database system, including versions 8.4.3, 8.3.10, 8.2.16, 8.1.20, 8.0.24, and 7.4.28. This release provides a workaround for some third-party SSL libraries, as well as multiple fixes for minor uptime and data integrity issues. All database administrators are urged to update your version of PostgreSQL at your next scheduled downtime.
The SSL security issue CVE-2009-3555 in some SSL libraries has caused many vendors to release security patches. To enable PostgreSQL to work with these patched versions for SSL database connections, we have added the new parameter "ssl_renegotiation_limit" to control how often the database server will renegotiate session keys.
There are 47 other bug fixes in this release, many of which apply only to version 8.4. These are generally fixes for minor issues and combinational errors, including:
See the release notes for a full list of changes with details. The PostgreSQL Global Development Group thanks all of our users whose bug reports over the last 3 months enabled us to find and fix these issues.
As with other minor releases, users are not required to dump and reload their database in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users skipping more than one update may need to check the release notes for extra, post-update steps.
The PostgreSQL Global Development Group will stop releasing updates for PostgreSQL versions 7.4 and 8.0 after June of 2010. We urge users of those versions to start planning to upgrade now.
This post has been migrated from a previous version of the PostgreSQL website. We apologise for any formatting issues caused by the migration.