Release date: 2022-11-10
This release contains a variety of fixes from 10.22. For information about new features in major release 10, see Section E.24.
This is expected to be the last PostgreSQL release in the 10.X series. Users are encouraged to update to a newer release branch soon.
A dump/restore is not required for those running 10.X.
However, if you are upgrading from a version earlier than 10.19, see Section E.5.
VACUUM to press on if an attempted page deletion in a btree index fails to find the page's parent downlink (Peter Geoghegan)
Rather than throwing an error, just log the issue and continue without deleting the empty page. Previously, a buggy operator class or corrupted index could indefinitely prevent completion of vacuuming of the index, eventually leading to transaction wraparound problems.
Fix handling of
DEFAULT tokens that appear in a multi-row
VALUES clause of an
INSERT on an updatable view (Tom Lane)
This oversight could lead to “cache lookup failed for type” errors, or in older branches even to crashes.
Disallow rules named
_RETURN that are not
ON SELECT (Tom Lane)
This avoids confusion between a view's
ON SELECT rule and any other rules it may have.
Repair rare failure of MULTIEXPR_SUBLINK subplans in inherited updates (Tom Lane)
Use of the syntax
UPDATE tab SET (c1, ...) = (SELECT ...) with an inherited or partitioned target table could result in failure if the child tables are sufficiently dissimilar. This typically manifested as failure of consistency checks in the executor; but a crash or incorrect data updates are also possible.
FROM-less subqueries when the outer query has grouping sets (Tom Lane)
This oversight could lead to assertion failures or planner errors such as “variable not found in subplan target list”.
Prevent WAL corruption after a standby promotion (Dilip Kumar, Robert Haas)
When a PostgreSQL instance performing archive recovery (but not using standby mode) is promoted, and the last WAL segment that it attempted to read ended in a partial record, the instance would write an invalid WAL segment on the new timeline.
Fix mis-ordering of WAL operations in fast insert path for GIN indexes (Matthias van de Meent, Zhang Mingli)
This mistake is not known to have any negative consequences within core PostgreSQL, but it did cause issues for some extensions.
Fix bugs in logical decoding when replay starts from a point between the beginning of a transaction and the beginning of its subtransaction (Masahiko Sawada, Kuroda Hayato)
These errors could lead to assertion failures in debug builds, and otherwise to memory leaks.
Prevent examining system catalogs with the wrong snapshot during logical decoding (Masahiko Sawada)
If decoding begins partway through a transaction that modifies system catalogs, the decoder may not recognize that, causing it to fail to treat that transaction as in-progress for catalog lookups.
Accept interrupts in more places during logical decoding (Amit Kapila, Masahiko Sawada)
This ameliorates problems with slow shutdown of replication workers.
Avoid crash after function syntax error in replication workers (Maxim Orlov, Anton Melnikov, Masahiko Sawada, Tom Lane)
If a syntax error occurred in a SQL-language or PL/pgSQL-language
CREATE FUNCTION or
DO command executed in a logical replication worker, the worker process would crash with a null pointer dereference or assertion failure.
Fix handling of read-write expanded datums that are passed to SQL functions (Tom Lane)
If a non-inlined SQL function uses a parameter in more than one place, and one of those functions expects to be able to modify read-write datums in place, then later uses of the parameter would observe the wrong value. (Within core PostgreSQL, the expanded-datum mechanism is only used for array and composite-type values; but extensions might use it for other structured types.)
In Snowball dictionaries, don't try to stem excessively-long words (Olly Betts, Tom Lane)
If the input word exceeds 1000 bytes, return it as-is after case folding, rather than trying to run it through the Snowball code. This restriction protects against a known recursion-to-stack-overflow problem in the Turkish stemmer, and it seems like good insurance against any other safety or performance issues that may exist in the Snowball stemmers. Such a long string is surely not a word in any human language, so it's doubtful that the stemmer would have done anything desirable with it anyway.
Fix use-after-free hazard in string comparisons (Tom Lane)
Improper memory management in the string comparison functions could result in scribbling on no-longer-allocated buffers, potentially breaking things for whatever is using that memory now. This would only happen with fairly long strings (more than 1kB), and only if an ICU collation is in use.
Prevent postmaster crash when shared-memory state is corrupted (Tom Lane)
The postmaster process is supposed to survive and initiate a database restart if shared memory becomes corrupted, but one bit of code was being insufficiently cautious about that.
Add some more defenses against recursion till stack overrun (Richard Guo, Tom Lane)
Avoid long-term memory leakage in the autovacuum launcher process (Reid Thompson)
The lack of field reports suggests that this problem is only latent in pre-v15 branches; but it's not very clear why, so back-patch the fix anyway.
Add missing guards for
NULL connection pointer in libpq (Daniele Varrazzo, Tom Lane)
There's a convention that libpq functions should check for a NULL PGconn argument, and fail gracefully instead of crashing.
PQisnonblocking() didn't get that memo, so fix them.
In ecpg, fix omission of variable storage classes when multiple
bytea variables are declared in the same declaration (Andrey Sokolov)
For example, ecpg translated
static varchar str1, str2, str3; in such a way that only
str1 was marked
Allow cross-platform tablespace relocation in pg_basebackup (Robert Haas)
Allow the remote path in
--tablespace-mapping to be either a Unix-style or Windows-style absolute path, since the source server could be on a different OS than the local system.
In pg_stat_statements, fix access to already-freed memory (zhaoqigui)
This occurred if pg_stat_statements tracked a
ROLLBACK command issued via extended query protocol. In debug builds it consistently led to an assertion failure. In production builds there would often be no visible ill effect; but if the freed memory had already been reused, the likely result would be to store garbage for the query string.
In postgres_fdw, ensure that target lists constructed for EvalPlanQual plans will have all required columns (Richard Guo, Etsuro Fujita)
This avoids “variable not found in subplan target list” errors in rare cases.
Reject unwanted output from the platform's
uuid_create() function (Nazir Bilal Yavuz)
The uuid-ossp module expects libc's
uuid_create() to produce a version-1 UUID, but recent NetBSD releases produce a version-4 (random) UUID instead. Check for that, and complain if so. Drop the documentation's claim that the NetBSD implementation is usable for uuid-ossp. (If a version-4 UUID is okay for your purposes, you don't need uuid-ossp at all; just use
Include new Perl test modules in standard installations (Álvaro Herrera)
PostgreSQL/Test/Utils.pm to the standard installation file set in pre-version-15 branches. This is for the benefit of extensions that want to use newly-written test code in older branches.
On NetBSD, force dynamic symbol resolution at postmaster start (Andres Freund, Tom Lane)
This avoids a risk of deadlock in the dynamic linker on NetBSD 10.
Allow use of
__sync_lock_test_and_set() for spinlocks on any machine (Tom Lane)
This eases porting to new machine architectures, at least if you're using a compiler that supports this GCC builtin function.
REF_P to avoid compile failure on recent macOS (Tom Lane)
Silence assorted compiler warnings from clang 15 and later (Tom Lane)
Update time zone data files to tzdata release 2022f for DST law changes in Chile, Fiji, Iran, Jordan, Mexico, Palestine, and Syria, plus historical corrections for Chile, Crimea, Iran, and Mexico.
Also, the Europe/Kiev zone has been renamed to Europe/Kyiv. Also, the following zones have been merged into nearby, more-populous zones whose clocks have agreed with them since 1970: Antarctica/Vostok, Asia/Brunei, Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam, Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo, Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake and Pacific/Wallis. (This indirectly affects zones that were already links to one of these: Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland, Pacific/Ponape, Pacific/Truk, and Pacific/Yap.) America/Nipigon, America/Rainy_River, America/Thunder_Bay, Europe/Uzhgorod, and Europe/Zaporozhye were also merged into nearby zones after discovering that their claimed post-1970 differences from those zones seem to have been errors. In all these cases, the previous zone name remains as an alias; but the actual data is that of the zone that was merged into.
These zone mergers result in loss of pre-1970 timezone history for the merged zones, which may be troublesome for applications expecting consistency of
timestamptz display. As an example, the stored value
1944-06-01 12:00 UTC would previously display as
1944-06-01 13:00:00+01 if the Europe/Stockholm zone is selected, but now it will read out as
It is possible to build the time zone data files with options that will restore the older zone data, but that choice also inserts a lot of other old (and typically poorly-attested) zone data, resulting in more total changes from the previous release than accepting these upstream changes does. PostgreSQL has chosen to ship the tzdb data as-recommended, and so far as we are aware most major operating system distributions are doing likewise. However, if these changes cause significant problems for your application, a possible solution is to install a local build of the time zone data files using tzdb's backwards-compatibility options (see their