The PostgreSQL Global Development Group has released an update with multiple functionality and security fixes to all supported versions of the PostgreSQL database system, which includes minor versions 9.4.2, 9.3.7, 9.2.11, 9.1.16, and 9.0.20. The update contains a critical fix for a potential data corruption issue in PostgreSQL 9.3 and 9.4; users of those versions should update their servers at the next possible opportunity.
Please see the FAQ about a potential issue with this update for some users before applying it.
For users of PostgreSQL versions 9.3 or 9.4, this release fixes a problem where the database will fail to protect against "multixact wraparound", resulting in data corruption or loss. Users with a high transaction rate (1 million or more per hour) in a database with many foreign keys are especially vulnerable. We strongly urge all users of 9.4 and 9.3 to update their installations in the next few days.
Users of versions 9.2 and earlier are not affected by this issue.
This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. None of these issues are seen as particularly urgent. However, users should examine them in case their installations are vulnerable:
Additionally, we are recommending that all users who use Kerberos, GSSAPI, or SSPI authentication set include_realm to 1 in pg_hba.conf, which will become the default in future versions.
More information about these issues, as well as older patched issues, is available on the PostgreSQL Security Page.
A new, non-default version of the citext extension fixes its previously undocumented regexp_matches() functions to align with the ordinary text version of those functions. The fixed version has a different return type than the old version, so users of CIText should test their applications before updating the function by running "ALTER EXTENSION citext UPDATE".
In addition to the above, more than 50 reported issues have been fixed in this cumulative update release. Most of the issues named affect all supported versions. These fixes include:
This release includes an update to tzdata release 2015d, with updates to Egypt, Mongolia, and Palestine, plus historical changes in Canada and Chile.
Version 9.0 will become End-Of-Life in September 2015. This means that this update is likely to be the next-to-last update for that version. Users of PostgreSQL 9.0 should start planning to upgrade to a more current version before then. See our versioning policy for more information about EOL dates.
As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.