Release date: 2018-02-08
This release contains a variety of fixes from 10.1. For information about new features in major release 10, see Section E.9.
A dump/restore is not required for those running 10.X.
However, if you use
~> operator, see the entry below about
Also, if you are upgrading from a version earlier than 10.1, see Section E.8.
Fix processing of partition keys containing multiple expressions (Álvaro Herrera, David Rowley)
This error led to crashes or, with carefully crafted input, disclosure of arbitrary backend memory. (CVE-2018-1052)
Ensure that all temporary files made by pg_upgrade are non-world-readable (Tom Lane, Noah Misch)
restricts its temporary files to be readable and writable
only by the calling user. But the temporary file
output would be group- or world-readable, or even
writable, if the user's
umask setting allows. In typical usage
on multi-user machines, the
umask and/or the working directory's
permissions would be tight enough to prevent problems;
but there may be people using pg_upgrade in scenarios where this
oversight would permit disclosure of database passwords
to unfriendly eyes. (CVE-2018-1053)
Fix vacuuming of tuples that were updated while key-share locked (Andres Freund, Álvaro Herrera)
In some cases
would fail to remove such tuples even though they are now
dead, leading to assorted data corruption scenarios.
Fix failure to mark a hash index's metapage dirty after adding a new overflow page, potentially leading to index corruption (Lixian Zou, Amit Kapila)
Ensure that vacuum will always clean up the pending-insertions list of a GIN index (Masahiko Sawada)
This is necessary to ensure that dead index entries get removed. The old code got it backwards, allowing vacuum to skip the cleanup if some other process were running cleanup concurrently, thus risking invalid entries being left behind in the index.
Fix inadequate buffer locking in some LSN fetches (Jacob Champion, Asim Praveen, Ashwin Agrawal)
These errors could result in misbehavior under concurrent load. The potential consequences have not been characterized fully.
Fix incorrect query results from cases involving
flattening of subqueries whose outputs are used in
GROUPING SETS (Heikki
Fix handling of list partitioning constraints for partition keys of boolean or array types (Amit Langote)
Avoid unnecessary failure in a query on an inheritance
tree that occurs concurrently with some child table being
removed from the tree by
TABLE NO INHERIT (Tom Lane)
Fix spurious deadlock failures when multiple sessions
CONCURRENTLY (Jeff Janes)
update the table's size fields in
pg_class sooner (Amit Kapila)
This prevents poor behavior when rebuilding hash
indexes on the table, since those use the
pg_class statistics to govern the
initial hash size.
EXCEPT over zero columns (Tom Lane)
Disallow identity columns on typed tables and partitions (Michael Paquier)
These cases will be treated as unsupported features for now.
Fix assorted failures to apply the correct default value when inserting into an identity column (Michael Paquier, Peter Eisentraut)
In several contexts, notably
TABLE ADD COLUMN, the expected default value was
not applied and instead a null value was inserted.
Fix failures when an inheritance tree contains foreign child tables (Etsuro Fujita)
A mix of regular and foreign tables in an inheritance
tree resulted in creation of incorrect plans for
DELETE queries. This led to visible
failures in some cases, notably when there are row-level
triggers on a foreign child table.
Repair failure with correlated sub-
VALUES inside a
LATERAL subquery (Tom Lane)
Fix “could not
devise a query plan for the given query”
planner failure for some cases involving nested
UNION ALL inside a lateral
subquery (Tom Lane)
Allow functional dependency statistics to be used for boolean columns (Tom Lane)
Previously, although extended statistics could be declared and collected on boolean columns, the planner failed to apply them.
Avoid underestimating the number of groups emitted by subqueries containing set-returning functions in their grouping columns (Tom Lane)
Cases similar to
unnest(foo) got a lower output rowcount estimate
in 10.0 than they did in earlier releases, possibly
resulting in unfavorable plan choices. Restore the prior
Fix use of triggers in logical replication workers (Petr Jelinek)
Fix logical decoding to correctly clean up disk files for crashed transactions (Atsushi Torikoshi)
Logical decoding may spill WAL records to disk for transactions generating many WAL records. Normally these files are cleaned up after the transaction's commit or abort record arrives; but if no such record is ever seen, the removal code misbehaved.
Fix walsender timeout failure and failure to respond to interrupts when processing a large transaction (Petr Jelinek)
Fix race condition during replication origin drop that could allow the dropping process to wait indefinitely (Tom Lane)
Allow members of the
pg_read_all_stats role to see walsender
statistics in the
pg_stat_replication view (Feike
Show walsenders that are sending base backups as
active in the
pg_stat_activity view (Magnus
Fix reporting of
scram-sha-256 authentication method in
view (Michael Paquier)
Previously this was printed as
scram-sha256, possibly confusing users
as to the correct spelling.
has_sequence_privilege() to support
WITH GRANT OPTION tests, as
other privilege-testing functions do (Joe Conway)
In databases using UTF8 encoding, ignore any XML declaration that asserts a different encoding (Pavel Stehule, Noah Misch)
We always store XML strings in the database encoding,
so allowing libxml to act on a declaration of another
encoding gave wrong results. In encodings other than
UTF8, we don't promise to support non-ASCII XML data
anyway, so retain the previous behavior for bug
compatibility. This change affects only
xpath() and related functions; other
XML code paths already acted this way.
Provide for forward compatibility with future minor protocol versions (Robert Haas, Badrul Chowdhury)
Up to now, PostgreSQL servers simply rejected requests to use protocol versions newer than 3.0, so that there was no functional difference between the major and minor parts of the protocol version number. Allow clients to request versions 3.x without failing, sending back a message showing that the server only understands 3.0. This makes no difference at the moment, but back-patching this change should allow speedier introduction of future minor protocol upgrades.
Allow a client that supports SCRAM channel binding (such as v11 or later libpq) to connect to a v10 server (Michael Paquier)
v10 does not have this feature, and the connection-time negotiation about whether to use it was done incorrectly.
Avoid live-lock in
ConditionVariableBroadcast() (Tom Lane,
Given repeatedly-unlucky timing, a process attempting to awaken all waiters for a condition variable could loop indefinitely. Due to the limited usage of condition variables in v10, this affects only parallel index scans and some operations on replication slots.
Clean up waits for condition variables correctly during subtransaction abort (Robert Haas)
Ensure that child processes that are waiting for a condition variable will exit promptly if the postmaster process dies (Tom Lane)
Fix crashes in parallel queries using more than one Gather node (Thomas Munro)
Fix hang in parallel index scan when processing a deleted or half-dead index page (Amit Kapila)
Avoid crash if parallel bitmap heap scan is unable to allocate a shared memory segment (Robert Haas)
Cope with failure to start a parallel worker process (Amit Kapila, Robert Haas)
Parallel query previously tended to hang indefinitely
if a worker could not be started, as the result of
fork() failure or other
Avoid unnecessary failure when no parallel workers can be obtained during parallel query startup (Robert Haas)
Fix collection of
statistics from parallel workers (Amit Kapila, Thomas
Ensure that query strings passed to parallel workers are correctly null-terminated (Thomas Munro)
This prevents emitting garbage in postmaster log output from such workers.
Avoid unsafe alignment assumptions when working with
__int128 (Tom Lane)
Typically, compilers assume that
__int128 variables are aligned on 16-byte
boundaries, but our memory allocation infrastructure
isn't prepared to guarantee that, and increasing the
setting of MAXALIGN seems infeasible for multiple
reasons. Adjust the code to allow use of
__int128 only when we can tell the compiler
to assume lesser alignment. The only known symptom of
this problem so far is crashes in some parallel
Prevent stack-overflow crashes when planning extremely
deeply nested set operations (
EXCEPT) (Tom Lane)
Avoid crash during an EvalPlanQual recheck of an indexscan that is the inner child of a merge join (Tom Lane)
This could only happen during an update or
SELECT FOR UPDATE of a join,
when there is a concurrent update of some selected
Fix crash in autovacuum when extended statistics are defined for a table but can't be computed (Álvaro Herrera)
Fix null-pointer crashes for some types of LDAP URLs
Prevent out-of-memory failures due to excessive growth of simple hash tables (Tomas Vondra, Andres Freund)
functions in the PL/pgSQL documentation (Yugo Nagata, Tom
These functions are stated to be Oracle® compatible, but they weren't exactly. In particular, there was a discrepancy in the interpretation of a negative third parameter: Oracle thinks that a negative value indicates the last place where the target substring can begin, whereas our functions took it as the last place where the target can end. Also, Oracle throws an error for a zero or negative fourth parameter, whereas our functions returned zero.
The sample code has been adjusted to match Oracle's behavior more precisely. Users who have copied this code into their applications may wish to update their copies.
Fix pg_dump to make ACL (permissions), comment, and security label entries reliably identifiable in archive output formats (Tom Lane)
The “tag” portion of an ACL archive
entry was usually just the name of the associated object.
Make it start with the object type instead, bringing ACLs
into line with the convention already used for comment
and security label archive entries. Also, fix the comment
and security label entries for the whole database, if
present, to make their tags start with
DATABASE so that they also follow this
convention. This prevents false matches in code that
tries to identify large-object-related entries by seeing
if the tag starts with
OBJECT. That could have resulted in misclassifying
entries as data rather than schema, with undesirable
results in a schema-only or data-only dump.
Note that this change has user-visible results in the
copy_file_range function to
avoid conflict with new Linux system call of that name
This change prevents build failures with newer glibc versions.
In ecpg, detect indicator arrays that do not have the correct length and report an error (David Rader)
Change the behavior of
int operator to make it
compatible with KNN search (Alexander Korotkov)
The meaning of the second argument (the dimension selector) has been changed to make it predictable which value is selected even when dealing with cubes of varying dimensionalities.
This is an incompatible change, but since the point of the operator was to be used in KNN searches, it seems rather useless as-is. After installing this update, any expression indexes or materialized views using this operator will need to be reindexed/refreshed.
Avoid triggering a libc assertion in
contrib/hstore, due to use of
memcpy() with equal source
and destination pointers (Tomas Vondra)
Fix incorrect display of tuples' null bitmaps in
Fix incorrect output from
hash_page_items() function (Masahiko
pathkeys do not match mergeclauses” planner
error when constructing a plan involving a remote join
avoid planner failure when there are duplicate
GROUP BY entries (Jeevan
Provide modern examples of how to auto-start Postgres on macOS (Tom Lane)
The scripts in
infrastructure that's been deprecated for over a decade,
and which no longer works at all in macOS releases of the
last couple of years. Add a new subdirectory
scripts that use the newer launchd infrastructure.
Fix incorrect selection of configuration-specific libraries for OpenSSL on Windows (Andrew Dunstan)
Support linking to MinGW-built versions of libperl (Noah Misch)
This allows building PL/Perl with some common Perl distributions for Windows.
Fix MSVC build to test whether 32-bit libperl needs
Available Perl distributions are inconsistent about what they expect, and lack any reliable means of reporting it, so resort to a build-time test on what the library being used actually does.
On Windows, install the crash dump handler earlier in postmaster startup (Takayuki Tsunakawa)
This may allow collection of a core dump for some early-startup failures that did not produce a dump before.
On Windows, avoid encoding-conversion-related crashes when emitting messages very early in postmaster startup (Takayuki Tsunakawa)
Use our existing Motorola 68K spinlock code on OpenBSD as well as NetBSD (David Carlier)
Add support for spinlocks on Motorola 88K (David Carlier)
Update time zone data files to tzdata release 2018c for DST law
changes in Brazil, Sao Tome and Principe, plus historical
corrections for Bolivia, Japan, and South Sudan. The
US/Pacific-New zone has been
removed (it was only an alias for
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.