Release date: 2019-02-14
This release contains a variety of fixes from 10.6. For information about new features in major release 10, see Section E.20.
A dump/restore is not required for those running 10.X.
However, if you are upgrading from a version earlier than 10.6, see Section E.14.
By default, panic instead of retrying after
fsync() failure, to avoid possible data corruption (Craig Ringer, Thomas Munro)
Some popular operating systems discard kernel data buffers when unable to write them out, reporting this as
fsync() failure. If we reissue the
fsync() request it will succeed, but in fact the data has been lost, so continuing risks database corruption. By raising a panic condition instead, we can replay from WAL, which may contain the only remaining copy of the data in such a situation. While this is surely ugly and inefficient, there are few alternatives, and fortunately the case happens very rarely.
A new server parameter data_sync_retry has been added to control this; if you are certain that your kernel does not discard dirty data buffers in such scenarios, you can set
on to restore the old behavior.
Include each major release branch's release notes in the documentation for only that branch, rather than that branch and all later ones (Tom Lane)
The duplication induced by the previous policy was getting out of hand. Our plan is to provide a full archive of release notes on the project's web site, but not duplicate it within each release.
NOT NULL constraints of a partitioned table are honored within its partitions (Álvaro Herrera, Amit Langote)
Use a safe table lock level when detaching a partition (Álvaro Herrera)
The previous locking level was too weak and might allow concurrent DDL on the table, with bad results.
Fix problems with applying
ON COMMIT DROP and
ON COMMIT DELETE ROWS to partitioned tables and tables with inheritance children (Michael Paquier)
COPY FREEZE on partitioned tables (David Rowley)
This should eventually be made to work, but it may require a patch that's too complicated to risk back-patching.
Avoid possible deadlock when acquiring multiple buffer locks (Nishant Fnu)
Avoid deadlock between GIN vacuuming and concurrent index insertions (Alexander Korotkov, Andrey Borodin, Peter Geoghegan)
This change partially reverts a performance improvement, introduced in version 10.0, that attempted to reduce the number of index pages locked during deletion of a GIN posting tree page. That's now been found to lead to deadlocks, so we've removed it pending closer analysis.
Avoid deadlock between hot-standby queries and replay of GIN index page deletion (Alexander Korotkov)
Fix possible crashes in logical replication when index expressions or predicates are in use (Peter Eisentraut)
Avoid useless and expensive logical decoding of TOAST data during a table rewrite (Tomas Vondra)
Fix logic for stopping a subset of WAL senders when synchronous replication is enabled (Paul Guo, Michael Paquier)
Avoid possibly writing an incorrect replica identity field in a tuple deletion WAL record (Stas Kelvich)
Prevent incorrect use of WAL-skipping optimization during
COPY to a view or foreign table (Amit Langote, Michael Paquier)
Make the archiver prioritize WAL history files over WAL data files while choosing which file to archive next (David Steele)
Fix possible crash in
UPDATE with a multiple
SET clause using a sub-
SELECT as source (Tom Lane)
Avoid crash if libxml2 returns a null error message (Sergio Conde Gómez)
Fix spurious grouping-related parser errors caused by inconsistent handling of collation assignment (Andrew Gierth)
In some cases, expressions that should be considered to match were not seen as matching, if they included operations on collatable data types.
Check whether the comparison function underlying
GREATEST() is leakproof, rather than just assuming it is (Tom Lane)
Actual information leaks from btree comparison functions are typically hard to provoke, but in principle they could happen.
Fix incorrect planning of queries involving nested loops both above and below a Gather plan node (Tom Lane)
If both levels of nestloop needed to pass the same variable into their right-hand sides, an incorrect plan would be generated.
Fix incorrect planning of queries in which a lateral reference must be evaluated at a foreign table scan (Tom Lane)
Fix corner-case underestimation of the cost of a merge join (Tom Lane)
The planner could prefer a merge join when the outer key range is much smaller than the inner key range, even if there are so many duplicate keys on the inner side that this is a poor choice.
Avoid O(N^2) planning time growth when a query contains many thousand indexable clauses (Tom Lane)
ANALYZE's handling of concurrently-updated rows (Jeff Janes, Tom Lane)
Previously, rows deleted by an in-progress transaction were omitted from
ANALYZE's sample, but this has been found to lead to more inconsistency than including them would do. In effect, the sample now corresponds to an MVCC snapshot as of
ANALYZE's start time.
TRUNCATE ignore inheritance child tables that are temporary tables of other sessions (Amit Langote, Michael Paquier)
TRUNCATE into line with the behavior of other commands. Previously, such cases usually ended in failure.
TRUNCATE to update the statistics counters for the right table (Tom Lane)
If the truncated table had a TOAST table, that table's counters were reset instead.
ALTER TABLE ONLY ADD COLUMN IF NOT EXISTS correctly (Greg Stark)
UNLISTEN in hot-standby mode (Shay Rojansky)
This is necessarily a no-op, because
LISTEN isn't allowed in hot-standby mode; but allowing the dummy operation simplifies session-state-reset logic in clients.
Fix missing role dependencies in some schema and data type permissions lists (Tom Lane)
In some cases it was possible to drop a role to which permissions had been granted. This caused no immediate problem, but a subsequent dump/reload or upgrade would fail, with symptoms involving attempts to grant privileges to all-numeric role names.
Prevent use of a session's temporary schema within a two-phase transaction (Michael Paquier)
Accessing a temporary table within such a transaction has been forbidden for a long time, but it was still possible to cause problems with other operations on temporary objects.
Ensure relation caches are updated properly after adding or removing foreign key constraints (Álvaro Herrera)
This oversight could result in existing sessions failing to enforce a newly-created constraint, or continuing to enforce a dropped one.
Ensure relation caches are updated properly after renaming constraints (Amit Langote)
Make autovacuum more aggressive about removing leftover temporary tables, and also remove leftover temporary tables during
DISCARD TEMP (Álvaro Herrera)
This helps ensure that remnants from a crashed session are cleaned up more promptly.
Fix replay of GiST index micro-vacuum operations so that concurrent hot-standby queries do not see inconsistent state (Alexander Korotkov)
Prevent empty GIN index pages from being reclaimed too quickly, causing failures of concurrent searches (Andrey Borodin, Alexander Korotkov)
Fix edge-case failures in float-to-integer coercions (Andrew Gierth, Tom Lane)
Values very slightly above the maximum valid integer value might not be rejected, and then would overflow, producing the minimum valid integer instead. Also, values that should round to the minimum or maximum integer value might be incorrectly rejected.
When making a PAM authentication request, don't set the
PAM_RHOST variable if the connection is via a Unix socket (Thomas Munro)
Previously that variable would be set to
[local], which is at best unhelpful, since it's supposed to be a host name.
client_min_messages higher than
ERROR (Jonah Harris, Tom Lane)
Previously, it was possible to set this variable to
PANIC, which had the effect of suppressing transmission of ordinary error messages to the client. However, that's contrary to guarantees that are given in the PostgreSQL wire protocol specification, and it caused some clients to become very confused. In released branches, fix this by silently treating such settings as meaning
ERROR instead. Version 12 and later will reject those alternatives altogether.
Fix ecpglib to use
_configthreadlocale() in preference to
setlocale() (Michael Meskes, Tom Lane)
setlocale() is not thread-local, and might not even be thread-safe, the previous coding caused problems in multi-threaded ecpg applications.
Fix incorrect results for numeric data passed through an ecpg SQLDA (SQL Descriptor Area) (Daisuke Higuchi)
Values with leading zeroes were not copied correctly.
target meta-command to work with
COPY TO STDOUT (Daniel Vérité)
target option was ignored, so that the copy data always went to the current query output target.
Make psql's LaTeX output formats render special characters properly (Tom Lane)
Backslash and some other ASCII punctuation characters were not rendered correctly, leading to document syntax errors or wrong characters in the output.
Fix pg_dump's handling of materialized views with indirect dependencies on primary keys (Tom Lane)
This led to mis-labeling of such views' dump archive entries, causing harmless warnings about “archive items not in correct section order”; less harmlessly, selective-restore options depending on those labels, such as
--section, might misbehave.
Avoid null-pointer-dereference crash on some platforms when pg_dump or pg_restore tries to report an error (Tom Lane)
SIGPIPE errors if
COPY FROM PROGRAM stops reading the program's output early (Tom Lane)
This case isn't actually reachable directly with
COPY, but it can happen when using
contrib/hstore to calculate correct hash values for empty
hstore values that were created in version 8.4 or before (Andrew Gierth)
The previous coding did not give the same result as for an empty
hstore value created by a newer version, thus potentially causing wrong results in hash joins or hash aggregation. It is advisable to reindex any hash indexes built on
hstore columns, if the table might contain data that was originally stored as far back as 8.4 and was never dumped/reloaded since then.
Avoid crashes and excessive runtime with large inputs to
gist__int_ops index support (Andrew Gierth)
In configure, look for
python3 and then
python isn't found (Peter Eisentraut)
This allows PL/Python to be configured without explicitly specifying
PYTHON on platforms that no longer provide an unversioned
Support new Makefile variables
PG_LDFLAGS in pgxs builds (Christoph Berg)
This simplifies customization of extension build processes.
Fix Perl-coded build scripts to not assume “
.” is in the search path, since recent Perl versions don't include that (Andrew Dunstan)
Fix server command-line option parsing problems on OpenBSD (Tom Lane)
Relocate call of
set_rel_pathlist_hook so that extensions can use it to supply partial paths for parallel queries (KaiGai Kohei)
This is not expected to affect existing use-cases.
Rename red-black tree support functions to use
rbt prefix not
rb prefix (Tom Lane)
This avoids name collisions with Ruby functions, which broke PL/Ruby. It's hoped that there are no other affected extensions.
Update time zone data files to tzdata release 2018i for DST law changes in Kazakhstan, Metlakatla, and Sao Tome and Principe. Kazakhstan's Qyzylorda zone is split in two, creating a new zone Asia/Qostanay, as some areas did not change UTC offset. Historical corrections for Hong Kong and numerous Pacific islands.