Release date: 2020-02-13
This release contains a variety of fixes from 9.6.16. For information about new features in the 9.6 major release, see Section E.21.
A dump/restore is not required for those running 9.6.X.
However, if you are upgrading from a version earlier than 9.6.16, see Section E.5.
Add missing permissions checks for ALTER ... DEPENDS ON EXTENSION (Álvaro Herrera)
Marking an object as dependent on an extension did not have any privilege check whatsoever. This oversight allowed any user to mark routines, triggers, materialized views, or indexes as droppable by anyone able to drop an extension. Require that the calling user own the specified object (and hence have privilege to drop it). (CVE-2020-1720)
Avoid failure in logical decoding when a large transaction must be spilled into many separate temporary files (Amit Khandekar)
Fix failure in logical replication publisher after a database crash and restart (Vignesh C)
Prevent premature shutdown of a Gather or GatherMerge plan node that is underneath a Limit node (Amit Kapila)
This avoids failure if such a plan node needs to be scanned more than once, as for instance if it is on the inside of a nestloop.
Avoid memory leak when there are no free dynamic shared memory slots (Thomas Munro)
Ignore the CONCURRENTLY option when performing an index creation, drop, or rebuild on a temporary table (Michael Paquier, Heikki Linnakangas, Andres Freund)
This avoids strange failures if the temporary table has an ON COMMIT action. There is no benefit in using CONCURRENTLY for a temporary table anyway, since other sessions cannot access the table, making the extra processing pointless.
Fix possible failure when resetting expression indexes on temporary tables that are marked ON COMMIT DELETE ROWS (Tom Lane)
Fix possible crash in BRIN index operations with box, range and inet data types (Heikki Linnakangas)
Fix handling of deleted pages in GIN indexes (Alexander Korotkov)
Avoid possible deadlocks, incorrect updates of a deleted page's state, and failure to traverse through a recently-deleted page.
Fix possible crash with a SubPlan (sub-SELECT) within a multi-row VALUES list (Tom Lane)
Fix unlikely crash with pass-by-reference aggregate transition states (Andres Freund, Teodor Sigaev)
Improve error reporting in
to_timestamp() (Tom Lane, Álvaro Herrera)
Reports about incorrect month or day names in input strings could truncate the input in the middle of a multi-byte character, leading to an improperly encoded error message that could cause follow-on failures. Truncate at the next whitespace instead.
Fix off-by-one result for EXTRACT(ISOYEAR FROM timestamp) for BC dates (Tom Lane)
Avoid stack overflow in information_schema views when a self-referential view exists in the system catalogs (Tom Lane)
A self-referential view can't work; it will always result in infinite recursion. We handled that situation correctly when trying to execute the view, but not when inquiring whether it is automatically updatable.
Improve performance of hash joins with very large inner relations (Thomas Munro)
Fix edge-case crashes and misestimations in selectivity calculations for the <@ and @> range operators (Michael Paquier, Andrey Borodin, Tom Lane)
Improve error reporting for attempts to use automatic updating of views with conditional INSTEAD rules (Dean Rasheed)
This has never been supported, but previously the error was thrown only at execution time, so that it could be masked by planner errors.
Prevent a composite type from being included in itself indirectly via a range type (Tom Lane, Julien Rouhaud)
Fix error reporting for index expressions of prohibited types (Amit Langote)
Fix dumping of views that contain only a VALUES list to handle cases where a view output column has been renamed (Tom Lane)
Transmit incoming NOTIFY messages to the client before sending ReadyForQuery, rather than after (Tom Lane)
This change ensures that, with libpq and other client libraries that act similarly to it, any notifications received during a transaction will be available by the time the client thinks the transaction is complete. This probably makes no difference in practical applications (which would need to cope with asynchronous notifications in any case); but it makes it easier to build test cases with reproducible behavior.
Allow libpq to parse all GSS-related connection parameters even when the GSSAPI code hasn't been compiled in (Tom Lane)
This makes the behavior similar to our SSL support, where it was long ago deemed to be a good idea to always accept all the related parameters, even if some are ignored or restricted due to lack of the feature in a particular build.
Fix incorrect handling of %b and %B format codes in ecpg's
PGTYPEStimestamp_fmt_asc() function (Tomas Vondra)
Due to an off-by-one error, these codes would print the wrong month name, or possibly crash.
Fix parallel pg_dump/pg_restore to more gracefully handle failure to create worker processes (Tom Lane)
Prevent possible crash or lockup when attempting to terminate a parallel pg_dump/pg_restore run via a signal (Tom Lane)
In pg_upgrade, look inside arrays and ranges while searching for non-upgradable data types in tables (Tom Lane)
Apply more thorough syntax checking to createuser's --connection-limit option (Álvaro Herrera)
Avoid crash in postgres_fdw when trying to send a command like UPDATE remote_tab SET (x,y) = (SELECT ...) to the remote server (Tom Lane)
In contrib/dict_int, reject maxlen settings less than one (Tomas Vondra)
This prevents a possible crash with silly settings for that parameter.
Disallow NULL category values in contrib/tablefunc's
crosstab() function (Joe Conway)
This case never worked usefully, and it would crash on some platforms.
Mark some timeout and statistics-tracking GUC variables as PGDLLIMPORT, to allow extensions to access them on Windows (Pascal Legrand)
This applies to idle_in_transaction_session_timeout, lock_timeout, statement_timeout, track_activities, track_counts, and track_functions.
Fix race condition that led to delayed delivery of interprocess signals on Windows (Amit Kapila)
This caused visible timing oddities in NOTIFY, and perhaps other misbehavior.
On Windows, retry a few times after an ERROR_ACCESS_DENIED file access failure (Alexander Lakhin, Tom Lane)
This helps cope with cases where a file open attempt fails because the targeted file is flagged for deletion but not yet actually gone. pg_ctl, for example, frequently failed with such an error when probing to see if the postmaster had shut down yet.
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.