From 27e48f004a89a191b24c292e0fb9a8b35d92493c Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 16 Feb 2025 14:20:33 -0500 Subject: [PATCH] Release notes for 17.4, 16.8, 15.12, 14.17, 13.20. --- doc/src/sgml/release-16.sgml | 104 +++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) diff --git a/doc/src/sgml/release-16.sgml b/doc/src/sgml/release-16.sgml index c729f3d313c..f3fb950e7d4 100644 --- a/doc/src/sgml/release-16.sgml +++ b/doc/src/sgml/release-16.sgml @@ -1,6 +1,110 @@ + + Release 16.8 + + + Release date: + 2025-02-20 + + + + This release contains a few fixes from 16.7. + For information about new features in major release 16, see + . + + + + Migration to Version 16.8 + + + A dump/restore is not required for those running 16.X. + + + + However, if you are upgrading from a version earlier than 16.5, + see . + + + + + Changes + + + + + + + Improve behavior of libpq's quoting + functions (Andres Freund, Tom Lane) + § + § + § + + + + The changes made for CVE-2025-1094 had one serious oversight: + PQescapeLiteral() + and PQescapeIdentifier() failed to honor their + string length parameter, instead always reading to the input + string's trailing null. This resulted in including unwanted text in + the output, if the caller intended to truncate the string via the + length parameter. With very bad luck it could cause a crash due to + reading off the end of memory. + + + + In addition, modify all these quoting functions so that when invalid + encoding is detected, an invalid sequence is substituted for just + the first byte of the presumed character, not all of it. This + reduces the risk of problems if a calling application performs + additional processing on the quoted string. + + + + + + + Fix meson build system to correctly detect availability of + the bsd_auth.h system header + (Nazir Bilal Yavuz) + § + + + + + + + + Release 16.7