From 086651fcb97de643b02befa838c426c632021f03 Mon Sep 17 00:00:00 2001 From: Petr Jelinek Date: Tue, 4 May 2021 10:47:32 +0200 Subject: [PATCH] Update the CVE in release notes --- docs/README.md | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/docs/README.md b/docs/README.md index 092b4c6..f4da459 100644 --- a/docs/README.md +++ b/docs/README.md @@ -929,15 +929,7 @@ Also any DDL limitations apply so extra care need to be taken when using Postgres-XL changes defaults and available settings for `pglogical.conflict_resolution` and `pglogical.use_spi` configuration options. -### BDR - -`pglogical` does not currently interoperate well with BDR. BDR nodes will not -forward writes made by pglogical subscribers. And pglogical providers will not -decode and send writes made on other BDR nodes to the pglogical subscriber. - -This restriction may be lifted at a later time. - -## Credits and License +## Appendix A: Credits and License pglogical has been designed, developed and tested by the 2ndQuadrant team * Petr Jelinek @@ -949,3 +941,29 @@ pglogical has been designed, developed and tested by the 2ndQuadrant team pglogical license is The PostgreSQL License pglogical copyright is donated to PostgreSQL Global Development Group + +## Appendix B: Release Notes + +Version 2.3.4 is security release fixing CVE-2021-3515. + +### Changes + + * Fix pg_dump/pg_restore execution (CVE-2021-3515) + Correctly escape the connection string for both pg_dump and + pg_restore so that exotic database and user names are handled + correctly. + + Reported by Pedro Gallegos + + * Assign collation to the index scan key + When doing lookups for INSERT/UPDATE/DELETE, either to find conflicts + or key for the operation to be applied, we should use correct collation. + + This fixes issues with PostgreSQL 12+ primary key lookups when primary key + is on column using one of the textual types. + + * Execute `pg_ctl` with appropriate verbosity in `pglogical_create_subscriber` + When `-v` is passed to `pglogical_create_subscriber`, it will now call + `pg_ctl` without silent mode. This is useful for troubleshooting. + + * Clarify documentation regarding `REPLICA IDENTITY` requirements and support