# E.2. Release 14.1

E.2.1. Migration to Version 14.1E.2.2. Changes

**Release date:**2021-11-11

This release contains a variety of fixes from 14.0. For information about new features in major release 14, seeSection E.3.

# E.2.1. Migration to Version 14.1

A dump/restore is not required for those running 14.X.

However, note that installations using physical replication should update standby servers before the primary server, as explained in the third changelog entry below.

Also, several bugs have been found that may have resulted in corrupted indexes, as explained in the next several changelog entries. If any of those cases apply to you, it's recommended to reindex possibly-affected indexes after updating.

# E.2.2. Changes

  • Make the server reject extraneous data after an SSL or GSS encryption handshake (Tom Lane)

    A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could be abused to send faked SQL commands to the server, although that would only work if the server did not demand any authentication data. (However, a server relying on SSL certificate authentication might well not do so.)

    The PostgreSQL Project thanks Jacob Champion for reporting this problem. (CVE-2021-23214)

  • Make libpq reject extraneous data after an SSL or GSS encryption handshake (Tom Lane)

    A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could probably be abused to inject faked responses to the client's first few queries, although other details of libpq's behavior make that harder than it sounds. A different line of attack is to exfiltrate the client's password, or other sensitive data that might be sent early in the session. That has been shown to be possible with a server vulnerable to CVE-2021-23214.

    The PostgreSQL Project thanks Jacob Champion for reporting this problem. (CVE-2021-23222)

  • Fix physical replication for cases where the primary crashes after shipping a WAL segment that ends with a partial WAL record (Álvaro Herrera)

    If the primary did not survive long enough to finish writing the rest of the incomplete WAL record, then the previous crash-recovery logic had it back up and overwrite WAL starting from the beginning of the incomplete WAL record. This is problematic since standby servers may already have copies of that WAL segment. They will then see an inconsistent next segment, and will not be able to recover without manual intervention. To fix, do not back up over a WAL segment boundary when restarting after a crash. Instead write a new type of WAL record at the start of the next WAL segment, informing readers that the incomplete WAL record will never be finished and must be disregarded.

    When applying this update, it's best to update standby servers before the primary, so that they will be ready to handle this new WAL record type if the primary happens to crash.

  • Ensure that parallelVACUUMdoesn't miss any indexes (Peter Geoghegan, Masahiko Sawada)

    A parallelVACUUMwould fail to process indexes that are below themin_parallel_index_scan_size截止,如果表还具有至少两个大于该大小的索引。这可能会导致这些索引损坏,因为它们仍然包含对由真空;使用此类索引的后续查询可能会返回不应返回的行。这个问题不会影响 autovacuum,因为它不使用并行清理。但是,建议重新索引任何具有正确索引大小组合的手动清理表。

  • 使固定并发创建索引等待最新的准备交易(Andrey Borodin)

    刚刚准备好的事务插入的行可能会从新索引中省略,导致依赖索引的查询错过这些行。以前对此类问题的修复未能解决准备交易仍在执行的命令并发创建索引检查了他们。和以前一样,在启用准备事务的安装中(max_prepared_transactions >0),建议重新索引任何并发构建的索引,以防在构建时出现此问题。

  • 避免可能导致后端无法将新行的条目添加到同时构建的索引的竞争条件(Noah Misch,Andrey Borodin)

    虽然这在该领域显然很少见,但这种情况可能会影响任何使用同时选项。建议重新索引任何此类索引以确保它们是正确的。

  • 使固定同时重新索引保留附加到目标索引的运算符类参数 (Michael Paquier)

  • 修复克隆包含非内置对象的数据库时不正确地创建共享依赖项 (Aleksander Alekseev)

    这个错误的影响在实践中可能是有限的。原则上,它可以允许角色在仍然拥有对象的情况下被删除;但大多数安装永远不会想要删除已用于他们添加到的对象的角色模板1.

  • 确保关系缓存对于附加到分区表或从分区表分离的表无效(Amit Langote,Álvaro Herrera)

    这种疏忽可能导致直接针对分区的后续插入/更新的不当行为,但仅限于当前存在的会话中。

  • 在创建范围类型时修复解析树的损坏(Alex Kozhemyakin,Sergey Shinderuk)

    创建类型错误地释放了解析树的一个元素,这可能会导致稍后的事件触发器出现问题,或者如果创建类型命令存储在计划缓存中并稍后再次使用。

  • 修复复合域数组中元素字段的更新 (Tom Lane)

    一个命令如更新选项卡 SET fld[1].subfld = val如果数组的元素是域而不是普通组合,则失败。

  • 禁止组合先取 TIES对于更新跳过锁定(大卫克里斯滕森)

    先取 TIES必然会比请求的多获取一行,因为它在找到不是平局的行之前无法停止。在我们当前的实现中,如果更新使用然后该行也将被锁定,即使它没有返回。这会导致不良行为,如果跳过锁定选项被指定。如果不引入一组不同的不良行为,很难改变这一点,所以现在,禁止组合。

  • 不允许ALTER INDEX 索引 ALTER COLUMN col SET(选项)(内森·博萨特,迈克尔·帕奎尔)

    虽然解析器接受了这一点,但它没有记录并且实际上不起作用。

  • 修复数字精度的极端情况损失力量()(院长拉希德)

    当第一个参数非常接近 1 时,结果可能不准确。

  • 避免为 Memoize 计划选择错误的哈希相等运算符 (David Rowley)

    此错误可能导致崩溃或不正确的查询结果。

  • 通过将子查询表达式拉入函数范围表条目来修复规划器错误 (Tom Lane)

    如果一个函数在横向参考一些子的输出选择在早些时候子句,我们能够展平那个子选择在外部查询中,复制到函数表达式中的表达式未完全处理。这可能导致执行时崩溃。

  • 避免使用仅 MCV 的统计信息来估计列的范围 (Tom Lane)

    在某些极端情况下分析将构建最常见值 (MCV) 列表,但不会构建直方图,即使 MCV 列表未考虑所有观察到的值。在这种情况下,不要让计划器单独使用 MCV 列表来估计列值的范围。

  • 修复子事务中 Portal 快照的恢复 (Bertrand Drouvot)

    如果一个过程提交或回滚一个事务,然后它的下一个重要动作是在一个新的子事务中,快照管理出错,导致悬空指针和可能的崩溃。PL/pgSQL 中的一个典型例子是犯罪紧随其后的是开始...例外执行查询的块。

  • 如果事务在导出其快照后失败,则正确清理 (Dilip Kumar)

    如果同一会话再次尝试导出快照,这种疏忽只会导致问题。最可能的情况是创建一个复制槽(随后是回滚),然后创建另一个复制槽。

  • 防止备用服务器上溢出子事务跟踪的环绕(Kyotaro Horiguchi,Alexander Korotkov)

    这种疏忽可能会导致备用服务器上的性能显着下降(表现为过多的 SubtransSLRU 流量)。

  • 确保在升级备用服务器期间正确考虑准备好的交易(Michael Paquier,Andres Freund)

    有一个狭窄的窗口,可以从并发运行的会话拍摄的快照中省略准备好的事务。如果该会话随后使用快照执行数据更新,则可能会出现错误结果或数据损坏。

  • 修复“could not find RecursiveUnion”错误解释尝试打印附加到 WorkTableScan 节点的过滤条件 (Tom Lane)

  • 确保重命名表时使用正确的锁定级别 (Nathan Bossart, Álvaro Herrera)

    由于历史原因,更改索引...重命名可以应用于任何类型的关系。重命名索引所需的锁定级别低于重命名表或其他类型的关系所需的锁定级别,但是代码出错了,并且在拼写命令时会使用较弱的锁定级别更改索引.

  • 删除同时删除拥有对象的角色时避免空指针取消引用崩溃 (Álvaro Herrera)

  • 防止出现“快照参考泄漏”警告lo_export()或相关功能失败 (Heikki Linnakangas)

  • 修复 CoerceToDomain 表达式节点的低效代码生成 (Ranier Vilela)

  • 在某些列表操作操作中避免 O(N^2) 行为 (Nathan Bossart, Tom Lane)

    这些更改修复了几种情况下的缓慢处理,包括:当许多文件在检查点后被取消链接时;当哈希聚合涉及多个批次时;什么时候pg_trgm从复杂的正则表达式中提取可索引条件。实际上,只有第一种情况已经从现场报道过,但它们似乎都是低效列表删除的合理后果。

  • 围绕 B-tree 发布列表拆分添加更多防御性检查 (Peter Geoghegan)

    此更改应有助于检测涉及重复表 TID 的索引损坏。

  • 将 NaN 插入 BRIN float8 或 float4 minmax 时避免断言失败_多_操作索引 (Tomas Vondra)

    在生产构建中,这种情况会导致索引效率低下,但实际上并非不正确。

  • 允许 autovacuum 启动器进程响应pg_log_backend_memory_contexts()请求更快(Koyu Tanigawa)

  • 修复 HMAC 哈希计算中的内存泄漏 (Sergey Shinderuk)

  • 禁止设置巨大的页面什么时候共享内存类型系统(托马斯·门罗)

    以前,此设置被接受,但由于缺乏任何实现,它什么也没做。

  • 修复 PL/pgSQL 中查询类型的检查返回查询声明(汤姆·莱恩)

    返回查询应该接受任何可以返回元组的查询,例如更新返回.v14 意外禁止了除选择;此外,返回查询执行变体根本无法应用任何查询类型检查。

  • 修复 pg_dump 以正确转储非全局默认权限 (Neil Chen, Masahiko Sawada)

    如果一个全局(无限制)更改默认权限command revoked some present-by-default privilege, for exampleEXECUTEfor functions, and then a restrictedALTER DEFAULT PRIVILEGEScommand granted that privilege again for a selected role or schema, pg_dump failed to dump the restricted privilege grant correctly.

  • Make pg_dump acquire shared lock on partitioned tables that are to be dumped (Tom Lane)

    This oversight was usually pretty harmless, since once pg_dump has locked any of the leaf partitions, that would suffice to prevent significant DDL on the partitioned table itself. However problems could ensue when dumping a childless partitioned table, since no relevant lock would be held.

  • Fix crash in pg_dump when attempting to dump trigger definitions from a pre-8.3 server (Tom Lane)

  • Fix incorrect filename in pg_restore's error message about an invalid large object TOC file (Daniel Gustafsson)

  • Ensure that pgbench exits with non-zero status after a socket-level failure (Yugo Nagata, Fabien Coelho)

    The desired behavior is to finish out the run but then exit with status 2. Also, fix the reporting of such errors.

  • Prevent pg_amcheck from checking temporary relations, as well as indexes that are invalid or not ready (Mark Dilger)

    This avoids unhelpful checks of relations that will almost certainly appear inconsistent.

  • Makecontrib/amcheckskip unlogged tables when running on a standby server (Mark Dilger)

    It's appropriate to do this since such tables will be empty, and unlogged indexes were already handled similarly.

  • Changecontrib/pg_stat_statementsto read its “query texts” file in units of at most 1GB (Tom Lane)

    Such large query text files are very unusual, but if they do occur, the previous coding would fail on Windows 64 (which rejects individual read requests of more than 2GB).

  • Fix null-pointer crash whencontrib/postgres_fdwtries to report a data conversion error (Tom Lane)

  • Ensure thatGetSharedSecurityLabel()can be used in a newly-started session that has not yet built its critical relation cache entries (Jeff Davis)

  • When running a TAP test, include the module's own directory inPATH(Andrew Dunstan)

    This allows tests to find built programs that are not installed, such as custom test drivers.

  • Use the CLDR project's data to map Windows time zone names to IANA time zones (Tom Lane)

    When running on Windows, initdb attempts to set the new cluster'stimezoneparameter to the IANA time zone matching the system's prevailing time zone. We were using a mapping table that we'd generated years ago and updated only fitfully; unsurprisingly, it contained a number of errors as well as omissions of recently-added zones. It turns out that CLDR has been tracking the most appropriate mappings, so start using their data. This change will not affect any existing installation, only newly-initialized clusters.

  • Update time zone data files to tzdata release 2021e for DST law changes in Fiji, Jordan, Palestine, and Samoa, plus historical corrections for Barbados, Cook Islands, Guyana, Niue, Portugal, and Tonga.

    Also, the Pacific/Enderbury zone has been renamed to Pacific/Kanton. Also, the following zones have been merged into nearby, more-populous zones whose clocks have agreed with them since 1970: Africa/Accra, America/Atikokan, America/Blanc-Sablon, America/Creston, America/Curacao, America/Nassau, America/Port_of_Spain, Antarctica/DumontDUrville, and Antarctica/Syowa. In all these cases, the previous zone name remains as an alias.