Replace last PushOverrideSearchPath() call with set_config_option().
The two methods don't cooperate, so set_config_option("search_path",
...) has been ineffective under non-empty overrideStack. This defect
enabled an attacker having database-level CREATE privilege to execute
arbitrary code as th
Replace last PushOverrideSearchPath() call with set_config_option().
The two methods don't cooperate, so set_config_option("search_path",
...) has been ineffective under non-empty overrideStack. This defect
enabled an attacker having database-level CREATE privilege to execute
arbitrary code as th
Replace last PushOverrideSearchPath() call with set_config_option().
The two methods don't cooperate, so set_config_option("search_path",
...) has been ineffective under non-empty overrideStack. This defect
enabled an attacker having database-level CREATE privilege to execute
arbitrary code as th
Handle RLS dependencies in inlined set-returning functions properly.
If an SRF in the FROM clause references a table having row-level
security policies, and we inline that SRF into the calling query,
we neglected to mark the plan as potentially dependent on which
role is executing it. This could
Replace last PushOverrideSearchPath() call with set_config_option().
The two methods don't cooperate, so set_config_option("search_path",
...) has been ineffective under non-empty overrideStack. This defect
enabled an attacker having database-level CREATE privilege to execute
arbitrary code as th
Handle RLS dependencies in inlined set-returning functions properly.
If an SRF in the FROM clause references a table having row-level
security policies, and we inline that SRF into the calling query,
we neglected to mark the plan as potentially dependent on which
role is executing it. This could
Replace last PushOverrideSearchPath() call with set_config_option().
The two methods don't cooperate, so set_config_option("search_path",
...) has been ineffective under non-empty overrideStack. This defect
enabled an attacker having database-level CREATE privilege to execute
arbitrary code as th
Replace last PushOverrideSearchPath() call with set_config_option().
The two methods don't cooperate, so set_config_option("search_path",
...) has been ineffective under non-empty overrideStack. This defect
enabled an attacker having database-level CREATE privilege to execute
arbitrary code as th
Handle RLS dependencies in inlined set-returning functions properly.
If an SRF in the FROM clause references a table having row-level
security policies, and we inline that SRF into the calling query,
we neglected to mark the plan as potentially dependent on which
role is executing it. This could
Adjust sepgsql expected output for 681d9e462 et al.
Security: CVE-2023-2454
Branch
--
REL_12_STABLE
Details
---
https://git.postgresql.org/pg/commitdiff/2cd843cc9a5d96450f70b165f9f5b15319e9f136
Modified Files
--
contrib/sepgsql/expected/ddl.out | 1 -
1 file changed, 1 deleti
Handle RLS dependencies in inlined set-returning functions properly.
If an SRF in the FROM clause references a table having row-level
security policies, and we inline that SRF into the calling query,
we neglected to mark the plan as potentially dependent on which
role is executing it. This could
Adjust sepgsql expected output for 681d9e462 et al.
Security: CVE-2023-2454
Branch
--
master
Details
---
https://git.postgresql.org/pg/commitdiff/8d525d7b9545884a3e0d79adcd61543f9ae2ae28
Modified Files
--
contrib/sepgsql/expected/ddl.out | 1 -
1 file changed, 1 deletion(-)
Handle RLS dependencies in inlined set-returning functions properly.
If an SRF in the FROM clause references a table having row-level
security policies, and we inline that SRF into the calling query,
we neglected to mark the plan as potentially dependent on which
role is executing it. This could
Adjust sepgsql expected output for 681d9e462 et al.
Security: CVE-2023-2454
Branch
--
REL_11_STABLE
Details
---
https://git.postgresql.org/pg/commitdiff/766e061404c2159dccebad4d19e496d8ced8b2c4
Modified Files
--
contrib/sepgsql/expected/ddl.out | 1 -
1 file changed, 1 deleti
Handle RLS dependencies in inlined set-returning functions properly.
If an SRF in the FROM clause references a table having row-level
security policies, and we inline that SRF into the calling query,
we neglected to mark the plan as potentially dependent on which
role is executing it. This could
Adjust sepgsql expected output for 681d9e462 et al.
Security: CVE-2023-2454
Branch
--
REL_13_STABLE
Details
---
https://git.postgresql.org/pg/commitdiff/feb9e7fbbc3f9607fbc01c071537488f8dbfab73
Modified Files
--
contrib/sepgsql/expected/ddl.out | 1 -
1 file changed, 1 deleti
Adjust sepgsql expected output for 681d9e462 et al.
Security: CVE-2023-2454
Branch
--
REL_15_STABLE
Details
---
https://git.postgresql.org/pg/commitdiff/1b761d89644b584dff2dcc8cbdf7b1e11b4e9cde
Modified Files
--
contrib/sepgsql/expected/ddl.out | 1 -
1 file changed, 1 deleti
Adjust sepgsql expected output for 681d9e462 et al.
Security: CVE-2023-2454
Branch
--
REL_14_STABLE
Details
---
https://git.postgresql.org/pg/commitdiff/1913f63dcc7bd0562001e42325bace74285a2c80
Modified Files
--
contrib/sepgsql/expected/ddl.out | 1 -
1 file changed, 1 deleti
Last-minute updates for release notes.
Security: CVE-2023-2454, CVE-2023-2455
Branch
--
REL_15_STABLE
Details
---
https://git.postgresql.org/pg/commitdiff/8cd6b5af5898900e674885284f855c0a0abdcd70
Modified Files
--
doc/src/sgml/release-15.sgml | 70 +++
Last-minute updates for release notes.
Security: CVE-2023-2454, CVE-2023-2455
Branch
--
REL_13_STABLE
Details
---
https://git.postgresql.org/pg/commitdiff/aeed67f1af446dd425e2c8d6db97ea29c25b8887
Modified Files
--
doc/src/sgml/release-13.sgml | 70 +++
Last-minute updates for release notes.
Security: CVE-2023-2454, CVE-2023-2455
Branch
--
REL_11_STABLE
Details
---
https://git.postgresql.org/pg/commitdiff/8dec3e375380dcdffea20d95ce3993c1bf79b045
Modified Files
--
doc/src/sgml/release-11.sgml | 70 +++
Last-minute updates for release notes.
Security: CVE-2023-2454, CVE-2023-2455
Branch
--
REL_12_STABLE
Details
---
https://git.postgresql.org/pg/commitdiff/666bc999e9e0ecccb00140e370f03c5f52a91d16
Modified Files
--
doc/src/sgml/release-12.sgml | 70 +++
Last-minute updates for release notes.
Security: CVE-2023-2454, CVE-2023-2455
Branch
--
REL_14_STABLE
Details
---
https://git.postgresql.org/pg/commitdiff/fe0b69fc66446b611025c888a05a7c03309eec80
Modified Files
--
doc/src/sgml/release-14.sgml | 70 +++
Undo faulty attempt at not relying on RINFO_IS_PUSHED_DOWN.
I've had a bee in my bonnet for some time about getting rid of
RestrictInfo.is_pushed_down, because it's squishily defined and
requires not-inexpensive extra tests to use (cf RINFO_IS_PUSHED_DOWN).
In commit 2489d76c4, I tried to make rem
24 matches
Mail list logo
