| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Update php-redis to latest version 5.3.3, switch php-redis for php56 to
php73 and php74.
Changes are too many to write here, but php-redis supports redis 6.
For more information, please refer <https://pecl.php.net/package-changelog.php?package=redis>.
|
|
|
|
Add php-redis package version 4.3.0 which is latest release supporting
PHP 5.
|
|
5.42.0 (2021-03-01)
* Make the ado timestamp conversion proc a normal conversion proc that can
be overridden similar to other conversion procs (jeremyevans)
* Add :reject_nil option to the nested_attributes method, to ignore calls
where nil is passed as the associated object data (jeremyevans)
* Add async_thread_pool plugin for easier async usage with model classes and
support for async destroy, with_pk, and with_pk! methods (jeremyevans)
* Add async_thread_pool Database extension for executing queries
asynchronously using a thread pool (jeremyevans)
* Fix possible thread safety issue in Database#extension that could allow
Module#extended to be called twice with the same Database instance
(jeremyevans)
* Support cases where validations make modifications beyond setting errors
in Model#freeze (jeremyevans)
* Add Model#to_json_data to the json_serializer plugin, returning a JSON
data structure (jeremyevans)
|
|
3.14.2
This is a small release mainly to get some fixes out.
* Support for named `Check` and foreign-key constraints.
* Better foreign-key introspection for CockroachDB (and Postgres).
* Register UUID adapter for Postgres.
* Add `fn.array_agg()` to blacklist for automatic value coercion.
|
|
Redis 6.2.1
Upgrade urgency: LOW.
Bug fixes:
* Fix sanitize-dump-payload for stream with deleted records
* Prevent client-query-buffer-limit config from being set to lower than 1mb
Improvements:
* Make port, tls-port and bind config options modifiable at runtime
Platform and deployment-related changes:
* Fix compilation error on non-glibc systems if jemalloc is not used
* Improved memory consumption and memory usage tracking on FreeBSD
* Fix compilation on ARM64 MacOS with jemalloc
Modules:
* New Module API for getting user name of a client
* Optimize RM_Call by utilizing a shared reusable client
* Fix crash running CLIENT INFO via RM_Call
|
|
|
|
Improve ruby-sqlrelay configuration; do not try to detect installed ruby
but use simply RUBY environment variable.
|
|
Redis 6.2.0 GA Released Tue Feb 22 14:00:00 IST 2021
================================================================================
Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), MODERATE
if you used earlier versions of Redis 6.2, LOW otherwise.
Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.
Bug fixes:
* Avoid 32-bit overflows when proto-max-bulk-len is set high
* Fix broken protocol in client tracking tracking-redir-broken message
* Avoid unsafe field name characters in INFO commandstats, errorstats, modules
* XINFO able to access expired keys during CLIENT PAUSE WRITE
* Fix allowed length for REPLCONF ip-address, needed due to Sentinel's support for hostnames
* Fix broken protocol in redis-benchmark when used with -a or --dbnum
* XADD counts deleted records too when considering switching to a new listpack
Bug fixes that are only applicable to previous releases of Redis 6.2:
* Fixes in GEOSEARCH bybox (accuracy and mismatch between width and height)
* Fix risk of OOM panic in HRANDFIELD, ZRANDMEMBER commands with huge negative count
* Fix duplicate replicas issue in Sentinel, needed due to hostname support
* Fix Sentinel configuration rewrite
Command behavior changes:
* SRANDMEMBER uses RESP3 array type instead of set type
* EXPIRE, EXPIREAT, SETEX, GETEX: Return error when provided expire time overflows
Other behavior changes:
* Remove ACL subcommand validation if fully added command exists.
Improvements:
* Optimize sorting in GEORADIUS / GEOSEARCH with COUNT
* Optimize HRANDFIELD and ZRANDMEMBER case 4 when ziplist encoded
* Optimize in-place replacement of elements in HSET, HINCRBY, LSET
* Remove redundant list to store pubsub patterns
* Add --insecure option to command line tools
Info fields and introspection changes:
* Add INFO fields to track progress of BGSAVE, AOFRW, replication
Modules:
* RM_ZsetRem: Delete key if empty, the bug could leave empty zset keys
* RM_HashSet: Add COUNT_ALL flag and set errno
Redis 6.2 RC3 Released Tue Feb 1 14:00:00 IST 2021
================================================================================
Upgrade urgency LOW: This is the third Release Candidate of Redis 6.2.
New commands / args:
* Add HRANDFIELD and ZRANDMEMBER commands
* Add FAILOVER command
* Add GETEX, GETDEL commands
* Add PXAT/EXAT arguments to SET command
* Add SYNC arg to FLUSHALL and FLUSHDB, and ASYNC/SYNC arg to SCRIPT FLUSH
Sentinel:
* Add hostname support to Sentinel
* Prevent file descriptors from leaking into Sentinel scripts
* Fix config file line order dependency and config rewrite sequence
New configuration options:
* Add set-proc-title config option to disable changes to the process title
* Add proc-title-template option to control what's shown in the process title
* Add lazyfree-lazy-user-flush config option to control FLUSHALL, FLUSHDB and SCRIPT FLUSH
Bug fixes:
* AOF: recover from last write error by turning on/off appendonly config
* Exit on fsync error when the AOF fsync policy is 'always'
* Avoid assertions (on older kernels) when testing arm64 CoW bug
* CONFIG REWRITE should honor umask settings
* Fix firstkey,lastkey,step in COMMAND command for some commands
Special considerations:
* Fix misleading description of the save configuration directive
Improvements:
* A way to get RDB file via replication without excessive replication buffers
* Optimize performance of clusterGenNodesDescription for large clusters
Info fields and introspection changes:
* SLOWLOG and LATENCY monitor include unblocking time of blocked commands
Modules:
* Add modules API for streams
* Add event for fork child birth and termination
* Add RM_BlockedClientMeasureTime* etc, to track background processing in commandstats
* Fix bug in v6.2, wrong value passed to the new unlink callback
* Fix bug in v6.2, modules blocked on keys unblock on commands like LPUSH
Redis 6.2 RC2 Released Tue Jan 12 16:17:20 IST 2021
================================================================================
Upgrade urgency LOW: This is the second Release Candidate of Redis 6.2.
IMPORTANT: If you're running Redis on ARM64 or a big-endian system, upgrade may
have significant implications. Please be sure to read the notes below.
New commands / args:
* Add the REV, BYLEX and BYSCORE arguments to ZRANGE, and the ZRANGESTORE command
* Add the XAUTOCLAIM command
* Add the MINID trimming strategy and the LIMIT argument to XADD and XTRIM
* Add the ANY argument to GEOSEARCH and GEORADIUS
* Add the CH, NX, XX arguments to GEOADD
* Add the COUNT argument to LPOP and RPOP
* Add the WRITE argument to CLIENT PAUSE for pausing write commands exclusively
* Change the proto-ver argument of HELLO to optional
* Add the CLIENT TRACKINGINFO subcommand
Command behavior changes:
* CLIENT TRACKING yields an error when given overlapping BCAST prefixes
* SWAPDB invalidates WATCHed keys
* SORT command behaves differently when used on a writable replica
Other behavior changes:
* Avoid propagating MULTI/EXEC for read-only transactions
* Remove the read-only flag from TIME, ECHO, ROLE, LASTSAVE
* Fix the command flags of PFDEBUG
* Tracking clients will no longer receive unnecessary key invalidation messages after FLUSHDB
* Sentinel: Fix missing updates to the config file after SENTINEL SET command
Bug fixes with compatibility implications (bugs introduced in Redis 6.0):
* Fix RDB CRC64 checksum on big-endian systems
If you're using big-endian please consider the compatibility implications with
RESTORE, replication and persistence.
* Fix wrong order of key/value in Lua's map response
If your scripts use redis.setresp() or return a map (new in Redis 6.0), please
consider the implications.
Bug fixes that are only applicable to previous releases of Redis 6.2:
* Resolve rare assertions in active defragmentation while loading
Bug fixes:
* Fix the selection of a random element from large hash tables
* Fix an issue where a forked process deletes the parent's pidfile
* Fix crashes when enabling io-threads-do-reads
* Fix a crash in redis-cli after executing cluster backup
* Fix redis-benchmark to use an IP address for the first cluster node
* Fix saving of strings larger than 2GB into RDB files
Additional improvements:
* Improve replication handshake time
* Release client tracking table memory asynchronously in cases where the DB is also freed asynchronously
* Avoid wasteful transient memory allocation in certain cases
* Handle binary string values by the 'requirepass' and 'masterauth' configs
Platform and deployment-related changes:
* Install redis-check-rdb and redis-check-aof as symlinks to redis-server
* Add a check for an ARM64 Linux kernel bug
Due to the potential severity of this issue, Redis will refuse to run on
affected platforms by default.
Info fields and introspection changes:
* Add the errorstats section to the INFO command
* Add the failed_calls and rejected_calls fields INFO's commandstats section
* Report child copy-on-write metrics continuously
Module API changes:
* Add the RedisModule_SendChildCOWInfo API
* Add the may-replicate command flag
Redis 6.2 RC1 Released Mon Dec 14 11:50:00 IST 2020
================================================================================
Upgrade urgency LOW: This is the first Release Candidate of Redis 6.2.
Introduction to the Redis 6.2 release
=====================================
This release is the first significant Redis release managed by the core team
under the new project governance model.
Redis 6.2 includes many new commands and improvements, but no big features. It
mainly makes Redis more complete and addresses issues that have been requested
by many users frequently or for a long time.
Many of these changes were not eligible for 6.0.x for several reasons:
1. They are not backward compatible, which is always the case with new or
extended commands (that cannot be replicated to an older replica).
2. They require a longer release-candidate test cycle.
New commands / args:
* Add SMISMEMBER command that checks multiple members
* Add ZMSCORE command that returns an array of scores
* Add LMOVE and BLMOVE commands that pop and push arbitrarily
* Add RESET command that resets client connection state
* Add COPY command that copies keys
* Add ZDIFF and ZDIFFSTORE commands
* Add ZINTER and ZUNION commands
* Add GEOSEARCH/GEOSEARCHSTORE commands for bounding box spatial queries
* Add GET parameter to SET command, for more powerful GETSET
* Add exclusive range query to XPENDING
* Add exclusive range query to X[REV]RANGE
* Add GT and LT options to ZADD for conditional score updates
* Add CLIENT INFO and CLIENT LIST for specific ids
* Add IDLE argument to XPENDING command
* Add local address to CLIENT LIST, and a CLIENT KILL filter.
* Add NOMKSTREAM option to XADD command
* Add command introspection to Sentinel
* Add SENTINEL MYID subcommand
New features:
* Dump payload sanitization: prevent corrupt payload causing crashes
Has flags to enable full O(N) validation (disabled by default).
* ACL patterns for Pub/Sub channels
* Support ACL for Sentinel mode
* Support getting configuration from both stdin and file at the same time
Lets you avoid storing secrets on the disk.
New features in CLI tools:
* redis-cli RESP3 push support
* redis-cli cluster import support source and target that require auth
* redis-cli URIs able to provide user name in addition to password
* redis-cli/redis-benchmark allow specifying the prefered ciphers/ciphersuites
* redis-cli add -e option to exit with code when command execution fails
Command behavior changes:
* EXISTS should not alter LRU
In Redis 5.0 and 6.0 it would have touched the LRU/LFU of the key.
* OBJECT should not reveal logically expired keys
Will now behave the same TYPE or any other non-DEBUG command.
* Improve db id range check for SELECT and MOVE
Changes the error message text on a wrong db index.
* Modify AUTH / HELLO error message
Changes the error message text when the user isn't found or is disabled.
* BITOPS length limited to proto_max_bulk_len rather than 512MB
The limit is now configurable like in SETRANGE, and APPEND.
* GEORADIUS[BYMEMBER] can fail with -OOM if Redis is over the memory limit
Other behavior changes:
* Optionally (default) fail to start if requested bind address is not available
If you rely on Redis starting successfully even if one of the bind addresses
is not available, you'll need to tune the new config.
* Limit the main db dictionaries expansion to prevent key eviction
In the past big dictionary rehashing could result in massive data eviction.
Now this rehashing is delayed (up to a limit), which can result in performance
loss due to hash collisions.
* CONFIG REWRITE is atomic and safer, but requires write access to the config file's folder
This change was already present in 6.0.9, but was missing from the release
notes.
* A new incremental eviction mechanism that reduces latency on eviction spikes
In pathological cases this can cause memory to grow uncontrolled and may require
specific tuning.
* Not resetting "save" config when Redis is started with command line arguments.
In case you provide command line arguments without "save" and count on it
being disabled, Now the defaults "save" config will kick in.
* Update memory metrics for INFO during loading
* When "supervised" config is enabled, it takes precedence over "daemonize".
* Assertion and panic, print crash log without generating SIGSEGV
* Added crash log report on SIGABRT, instead of silently exiting
* Disable THP (Transparent Huge Pages) if enabled
If you deliberately enabled it, you'll need to config Redis to keep it.
Bug fixes:
* Handle output buffer limits for module blocked clients
Could result in a module sending reply to a blocked client to go beyond the
limit.
* Fix setproctitle related crashes.
Caused various crashes on startup, mainly on Apple M1 chips or under
instrumentation.
* A module doing RM_Call could cause replicas to get nested MULTI
* Backup/restore cluster mode keys to slots map for repl-diskless-load=swapdb
In cluster mode with repl-diskless-load, when loading failed, slot map
wouldn't have been restored.
* Fix oom-score-adj-values range, and bug when used in config file
Enabling setting this in the config file in a line after enabling it, would
have been buggy.
* Reset average ttl when empty databases
Just causing misleading metric in INFO
* Disable rehash when Redis has child process
This could have caused excessive CoW during BGSAVE, replication or AOFRW.
* Further improved ACL algorithm for picking categories
Output of ACL GETUSER is now more similar to the one provided by ACL SETUSER.
* Fix bug with module GIL being released prematurely
Could in theory (and rarely) cause multi-threaded modules to corrupt memory.
* Fix cluster redirect for module command with no firstkey.
* Reduce effect of client tracking causing feedback loop in key eviction
* Kill disk-based fork child when all replicas drop and 'save' is not enabled
* Rewritten commands (modified for propagation) are logged as their original command
* Fix cluster access to unaligned memory (SIGBUS on old ARM)
* If diskless repl child is killed, make sure to reap the child pid
* Broadcast a PONG message when slot's migration is over, may reduce MOVED responses
Other improvements:
* TLS Support in redis-benchmark
* Accelerate diskless master connections, and general re-connections
* Run active defrag while blocked / loading
* Performance and memory reporting improvement - sds take control of its internal fragmentation
* Speedup cluster failover.
Platform / toolchain support related improvements:
* Optionally (not by default) use H/W Monotonic clock for faster time sampling
* Remove the requirements for C11 and _Atomic supporting compiler
This would allow to more easily build and use Redis on older systems and
compilers again.
* Fix crash log registers output on ARM.
* Raspberry build fix.
* Setting process title support for Haiku.
* DragonFlyBSD RSS memory sampling support.
New configuration options:
* Enable configuring OpenSSL using the standard openssl.cnf
* oom-score-adj-values config can now take absolute values (besides relative ones)
* TLS: Add different client cert support.
* Note that a few other changes listed above added their config options.
Info fields and introspection changes:
* Add INFO fields to track diskless and disk-based replication progress
* Add INFO field for main thread cpu time, and scrape system time.
* Add total_forks to INFO STATS
* Add maxclients and cluster_connections to INFO CLIENTS
* Add tracking bcast flag and client redirection in client list
* Fixed INFO client_recent_max_input_buffer includes argv array
* Note that a few other changes listed above added their info fields.
Module API changes:
* Add CTX_FLAGS_DENY_BLOCKING as a unified the way to know if blocking is allowed
* Add data type callbacks for lazy free effort, and unlink
* Add data type callback for COPY command
* Add callbacks for defrag support.
* Add module event for repl-diskless-load swapdb
Module related fixes:
* Moved RMAPI_FUNC_SUPPORTED so that it's usable
* Improve timer accuracy
* Allow '\0' inside of result of RM_CreateStringPrintf
|
|
Rails 6.1.3 (February 17, 2021)
[ActionPack]
* Re-define routes when not set correctly via inheritance.
*John Hawthorn*
[ActiveRecord]
* Fix the MySQL adapter to always set the right collation and charset
to the connection session.
*Rafael Mendonça França*
* Fix MySQL adapter handling of time objects when prepared statements
are enabled.
*Rafael Mendonça França*
* Fix scoping in enum fields using conditions that would generate
an IN clause.
*Ryuta Kamizono*
* Skip optimised #exist? query when #include? is called on a relation
with a having clause
Relations that have aliased select values AND a having clause that
references an aliased select value would generate an error when
#include? was called, due to an optimisation that would generate
call #exists? on the relation instead, which effectively alters
the select values of the query (and thus removes the aliased select
values), but leaves the having clause intact. Because the having
clause is then referencing an aliased column that is no longer
present in the simplified query, an ActiveRecord::InvalidStatement
error was raised.
An sample query affected by this problem:
Author.select('COUNT(*) as total_posts', 'authors.*')
.joins(:posts)
.group(:id)
.having('total_posts > 2')
.include?(Author.first)
This change adds an addition check to the condition that skips the
simplified #exists? query, which simply checks for the presence of
a having clause.
Fixes #41417
*Michael Smart*
* Increment postgres prepared statement counter before making a
prepared statement, so if the statement is aborted without Rails
knowledge (e.g., if app gets kill -9d during long-running query or
due to Rack::Timeout), app won't end up in perpetual crash state for
being inconsistent with Postgres.
*wbharding*, *Martin Tepper*
|
|
3.4.0 (2021-2-22)
* Keep current scope when calling `roots` [Petrik de Heus](https://github.com/p8)
* STI record now can update counter cache correctly [Issei Murasawa](http://github.com/issei-m)
* [Compare to 3.3.1](https://github.com/collectiveidea/awesome_nested_set/compare/v3.3.1...v3.4.0)
|
|
4.2.12:
Unknown changes
|
|
mongo-c-driver 1.17.4
libbson
It is my pleasure to announce libbson 1.17.4.
No changes since 1.17.3; release to keep pace with libmongoc's version.
libmongoc
It is my pleasure to announce the MongoDB C Driver 1.17.4.
Bug fixes:
Fix crash on macOS on client pool shutdown.
Fix spacing in extended JSON output for numberLong.
Clear error in mongoc_collection_find_and_modify_with_opts on a successful retry.
|
|
0.47.7
Unknown changes
|
|
v0.17.0
Feature release
* Connection objects now raise ValueError when closed and a command is executed
* Fix documented examples in readme
|
|
With help from the patches available at
https://packages.debian.org/source/sid/phpldapadmin.
|
|
|
|
|
|
|
|
|
|
|
|
Delete patches for unsupported NetBSD releases.
2020-12-09 FAL Labs <info@fallabs.com>
- Fixed errors of kcdirtest on BtrFS.
- Release: 1.2.79
|
|
|
|
|
|
SQL Relay 1.8.0
This release mainly lays the groundwork for some future features, including a generic import/export framework. Some notable progress was also made on the JDBC driver, though it's still not finished. The most significant (finshed) new feature is an aes128 password encryption module.
There are some bugfixes as well. A long-standing issue with postgresql that could cause results from multiple open cursors to get confused has been resolved. A subtle error that could cause counting of bind variables on the client-side to hang has been fixed. A long-standing, but apparently obscure, issue that could cause tables from other MySQL schemas to be included in a "show tables" command has been fixed. As well as various other issues.
Full ChangeLog follows:
unattended tests
added sqlrresultsetdomnode class to c++ client API
fixed datedelimiters parameter
added support for SQLParamOptions with SQLUINTEGER arguments
sqlr-import detects uppercase .CSV suffix now
fixed a csv number-detection but in sqlr-import
fixed a delete[] of a const in sqlr-import
it's possible to specify a commitcount of 0 with sqlr-import now
moved sqlrimportxml/csv classes into libsqlrclient
moved sqlrexportxml/csv classes into libsqlrclient
csv import/export is consistent now
added some event methods to sqlrexport
migrated parsedatetime functions to rudiments datetime class
different postgresql cursors use different stmtNames now
sqlrimportcsv can create a primary key that's not in the CSV now
sqlrexportcsv quotes 12+ digit numbers now
fixed subtle, count-related issues when validating bind variables on the client side, that could cause a hang
added an aes128 pwdenc module
applied a patch to fix a crash in the debug logger (missing "%s")
added a tweak to getsitearchdir.rb to fix incorrect lib/lib64 reporting on some centos x64 systems
fixed mysql getColumnList to distinquish proper db/schema
SQL Relay 1.7.0
This release adds 2 significant features: support for the PostgreSQL client-server protocol, and a "replay" module to help automatically recover from deadlocks and lock-timeouts, but also has the usual assortment of minor bugfixes and internal changes.
Full ChangeLog follows:
added postgresql protocol module
updated postgresql connection module to get column info pre-execute
fixed postgresql connection module type oid bug
added tag filter/moduledata
added moduledata(s)::closeResultSet()/endTransaction()/endSession()
mysql protocol returns empty lobs correctly now (not as nulls)
configure replaces -lfbclient with -lgds on freebsd/firebird-2.0.3
fixed a bug that could cause sqlr-stop to try to kill pid 0
fixed unixodbc detection on solaris 11.4
added configure test for PQdescribePrepared
test improvements
documentation improvements
split sqlrelay-crash directive into its own module
deprecated drop-in replacement libraries in favor of protocol support
fixed various mysql 4.x bugs
sqlr-status creates statistics on heap now instead of stack, to work on platforms with a small default ulimit stack
mysql stored procedure test is bypassed for older mysql
tls test is bypassed for older openssl
added NULL handoff socket workaround
improved shutdown/crash handlers for sqlr-listener/connection
fixed hang when more-than-one address was specified in the instance:addresses attribute
*_null used instead of *_unset on PHP 7.4
SQL Relay 1.6.0
This release mainly addresses some recently discovered regressions, but also adds some internal features that required the minor version to be bumped.
ChangeLog follows:
added begin, commit, rollback events
fixed array_init() calls for php-7.3
integrated my_bool fix for mysql 8.0.1+
mysql sslmode=require/prefer + bad sslca/sslcapath generates warning rather than error now (like the mysql cli)
refactored various routines that parse bind variables out of queries
added bindvariabledelimiters config option to define supported bind variable delimiters
added fakeinputbindvariablesunicodestrings config option
added bind variable delimiters config methods to c++ api
replay trigger can now run a query (eg. "show engine innodb status") and log the reslits to a file when a replay condition occurs
replay trigger doesn't log/replay selects by defalit now (but this is configurable)
updated normalize translation to support queries containing binary data
fixed a backslash-escape bug in the normalize translation
refactored some sqlrclient api private methods
refactored various bind-manipliation/detection methods
sqlr-listener creates tmpdir now on start, if it doesn't exist (because this is often in /run, which is often a tmpfs)
postgresql connection modlie forces re-fetch of column data after execute now
everything uses charstring::isYes/isNo now, instead of direct comparisons against "yes" or "no"
fixed subtle sqlexecdirect bug
fixed subtle sqlserver max-varchar bind length bug
fixed various subtle sqlserver bugs where column-info isn't valid until after execute
odbc connection modlie sets column precision = column length if column precision = -1
when using odbc on front and back end, the object type works in SQLTables now
reslit set translations work with "show databases/tables/etc." queries with an ODBC backend now
increased oid buffer sizes in postgresql connection
fixed typemangling->tablemangling typo in postgresql connection - tablemangling sholid work without typemangling now
fixed a '...\\''...' parsing bug
non-odbc connection modlies now return odbc-compatible(ish) table lists
client info is no longer reset during endSession
fixed a bug that colid cause sqlite "show tables like '...'" to crash
fixed odbc unicode nlil user/password bug
fixed PyString_AsString for python 3.<3
fixed bug that caused some MSSQL lobs to sometimes be returned as nlils when using ODBC on the backend
fixed bug that caused some MSSQL date fields to get returned as garbage
fixed a few older sqlrclient compatibility bugs
fixed SQLFetch parameter type mismatch in ODBC api
removed a non-c++17-compliant "register" from custom_nw logger
added support for nodejs 12
SQLDriverConnect can take an inline DSN now
fixed odbc maxcolumncount=-1 crash
odbc, db2, and informix set bind format error now
|
|
The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 13.2, 12.6, 11.11, 10.16, 9.6.21, and 9.5.25. This release closes two security vulnerabilities and fixes over 80 bugs reported over the last three months.
Additionally, this is the final release of PostgreSQL 9.5. If you are running PostgreSQL 9.5 in a production environment, we suggest that you make plans to upgrade.
For the full list of changes, please review the release notes.
Security Issues
CVE-2021-3393: Partition constraint violation errors leak values of denied columns
Versions Affected: 11 - 13.
A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message. This is similar to CVE-2014-8161, but the conditions to exploit are more rare.
The PostgreSQL project thanks Heikki Linnakangas for reporting this problem.
CVE-2021-20229: Single-column SELECT privilege enables reading all columns
Versions Affected: 13.
A user having a SELECT privilege on an individual column can craft a special query that returns all columns of the table.
Additionally, a stored view that uses column-level privileges will have incomplete column-usage bitmaps. In installations that depend on column-level permissions for security, it is recommended to execute CREATE OR REPLACE on all user-defined views to force them to be re-parsed.
The PostgreSQL project thanks Sven Klemm for reporting this problem.
Bug Fixes and Improvements
This update fixes over 80 bugs that were reported in the last several months. Some of these issues only affect version 13, but could also apply to other supported versions.
Some of these fixes include:
Fix an issue with GiST indexes where concurrent insertions could lead to a corrupt index with entries placed in the wrong pages. You should REINDEX any affected GiST indexes.
Fix CREATE INDEX CONCURRENTLY to ensure rows from concurrent prepared transactions are included in the index. Installations that have enabled prepared transactions should REINDEX any concurrently-built indexes.
Fix for possible incorrect query results when a hash aggregation is spilled to disk.
Fix edge case in incremental sort that could lead to sorting results incorrectly or a "retrieved too many tuples in a bounded sort" error.
Avoid crash when a CALL or DO statement that performs a transaction rollback is executed via extended query protocol, such as from prepared statements.
Fix a failure when a PL/pgSQL procedure used CALL on another procedure that has OUT parameters that executed a COMMIT or ROLLBACK.
Remove errors from BEFORE UPDATE triggers on partitioned tables for restrictions that no longer apply.
Several fixes for queries with joins that could lead to error messages such as "no relation entry for relid N" or "failed to build any N-way joins".
Do not consider parallel-restricted or set-returning functions in an ORDER BY expressions when trying to parallelize sorts.
Fix ALTER DEFAULT PRIVILEGES to handle duplicate arguments safely.
Several fixes in behavior when wal_level is set to minimal, including when tables are rewritten within a transaction.
Several fixes for CREATE TABLE LIKE.
Ensure that allocated disk space for a dropped relation (e.g. a table) is released promptly when a transaction is committed.
Fix progress reporting for CLUSTER.
Fix handling of backslash-escaped multibyte characters in COPY FROM.
Fix recently-introduced race conditions in LISTEN/NOTIFY queue handling.
Allow the jsonb concatenation operator (||) to handle all combinations of JSON data types.
Fix WAL-reading logic so that standbys can handle timeline switches correctly. This issue could have shown itself with errors like "requested WAL segment has already been removed".
Several leak fixes for the walsender process around logical decoding and replication.
Ensure that a nonempty value of krb_server_keyfile always overrides any setting of KRB5_KTNAME in the server environment
Several fixes for GSS encryption support.
Ensure the \connect command allows the use of a password in the connection_string argument.
Fix assorted bugs with the \help command.
Several fixes for pg_dump.
Ensure that pg_rewind accounts for all WAL when rewinding a standby server.
Fix memory leak in contrib/auto_explain.
Ensure all postgres_fdw connections are closed if the a user mapping or foreign server object those connections depend on are dropped.
Fix JIT compilation to be compatible with LLVM 11 and LLVM 12.
This update also contains tzdata release 2021a for DST law changes in Russia (Volgograd zone) and South Sudan, plus historical corrections for Australia, Bahamas, Belize, Bermuda, Ghana, Israel, Kenya, Nigeria, Palestine, Seychelles, and Vanuatu.
Notably, the Australia/Currie zone has been corrected to the point where it is identical to Australia/Hobart.
For the full list of changes available, please review the release notes.
PostgreSQL 9.5 is EOL
This is the final release of PostgreSQL 9.5. If you are running PostgreSQL 9.5 in a production environment, we suggest that you make plans to upgrade to a newer, supported version of PostgreSQL. Please see our versioning policy for more information.
|
|
|
|
|
|
Active Record -- Object-relational mapping put on rails
Active Record connects classes to relational database tables to establish an
almost zero-configuration persistence layer for applications. The library
provides a base class that, when subclassed, sets up a mapping between the new
class and an existing table in the database. In context of an application,
these classes are commonly referred to as *models*. Models can also be
connected to other models; this is done by defining *associations*.
This is for Ruby on Rails 6.1.
|
|
2.9:
- new feature: SafeRestartable strategy (SAFE_RESTARTABLE) for using a restartable Connection object in a multi-threading program
- tested against Python 3.9
- added requirements-dev.txt
- fixed logging unicode exceptions in python2.7
- added more granular control over use of reverse dns with Kerberos (thanks Azaria)
- support MS Active Directory persistent search (thanks eLeX)
- added support for LDAP signing when using DIGEST-MD5 authentication (thanks Augustin-FL)
- check only for searchResEntries in LDIF conversion (thanks Jay)
- modify-increment now works properly in mock strategies (thanks Saint-Marcel)
- objectGUID are now converted properly (thanks Janne)
- default timeout in asynchronous strategies raised to 20 seconds
|
|
2.24.1
[ENHANCEMENT] Cache basic authentication results to significantly improve performance of HTTP endpoints (via an update of prometheus/exporter-toolkit).
[BUGFIX] Prevent user enumeration by timing requests sent to authenticated HTTP endpoints (via an update of prometheus/exporter-toolkit).
2.24.0
[FEATURE] Add TLS and basic authentication to HTTP endpoints.
[FEATURE] promtool: Add check web-config subcommand to check web config files.
[FEATURE] promtool: Add tsdb create-blocks-from openmetrics subcommand to backfill metrics data from an OpenMetrics file.
[ENHANCEMENT] HTTP API: Fast-fail queries with only empty matchers.
[ENHANCEMENT] HTTP API: Support matchers for labels API.
[ENHANCEMENT] promtool: Improve checking of URLs passed on the command line.
[ENHANCEMENT] SD: Expose IPv6 as a label in EC2 SD.
[ENHANCEMENT] SD: Reuse EC2 client, reducing frequency of requesting credentials.
[ENHANCEMENT] TSDB: Add logging when compaction takes more than the block time range.
[ENHANCEMENT] TSDB: Avoid unnecessary GC runs after compaction.
[BUGFIX] HTTP API: Avoid double-closing of channel when quitting multiple times via HTTP.
[BUGFIX] SD: Ignore CNAME records in DNS SD to avoid spurious Invalid SRV record warnings.
[BUGFIX] SD: Avoid config error triggered by valid label selectors in Kubernetes SD.
|
|
timescale-license is very hard to understand, but there is clearly no
grant of permission to distribute derived works. Permission is
perhaps granted to distribute unmodified versions, but it's
conditioned on compliance with hard to understand terms and limited
based on purpose of use.
|
|
Version 3.2.2 Released on 1 April 2020
Fixed: Removed Thread.h from the public API.
Version 3.2.1 Released on 6 March 2020
New: Include Library version number in zdb.h
Fixed: Simplified test/zdbpp.cpp and added missing header
Fixed: Improved support for MySQL 8 and MariaDB
Version 3.2 Released on 3 Apr 2019
New: C++17 support via zdbpp.h which is distributed with libzdb for more
idiomatic use of libzdb from C++.
New: Support prefetch rows for MySQL and Oracle. Either programatically
via Connection_setFetchSize() or via ResultSet_setFetchSize() or
via a new global fetch-size URL option.
New: MySQL 5.7 and later. Added session query timeout accessible via
Connection_setQueryTimeout()
New: MySQL 8. Added a new URL option auth-plugin which specify the
authentication plugin to use when connecting to a MySQL server.
New: Oracle: Added a new URL option sysdba for connecting with
sysdba privileges.
Fixed: Revert previous fix (#8) and remove last SQL terminator character ';'
in statements, except if preceded with END; to allow for ending a
pl/sql block.
Fixed: Oracle: Set SQL null value in prepared statement
Fixed: Oracle: Handle date/time literal values
|
|
Adds support for Multinode TimescaleDB.
Improved promQL query latency by 4x in some cases.
Reduced I/O used by the PostgreSQL stats collector substantially by
changing autovacuum settings.
Fixed metrics produced by Promscale itself
PromQL engine supports @ modifier which is disabled by default.
(see promql-evaluation-flags)
Added configuration for query timeout and default step interval
Improved UX
Notes for people upgrading from 0.1.4 and before
The CLI and ENV option install-timescaledb was renamed to install-extension
Two new flags are added upgrade-extensions by default set to true will
upgrade extensions if newer versions are available and
upgrade-prerelease-extensions by default set to false enabling it will
upgrade extensions to pre-prelease versions if pre-release versions are
available.
We have changed the namespace of the metrics Promscale itself exposes from
ts_prom to promscale. We have also updated the PromQL engine based metrics
to have namespace as promscale instead of prometheus. So, metrics like
prometheus_engine_query_duration_seconds will now be
promscale_engine_query_duration_seconds.
If running into ERROR: out of shared memory (SQLSTATE 53200) during upgrade,
please increase your max_locks_per_transaction setting.
Notes for people upgrading timescaleDB 1.x -> 2.x
You should run
SELECT remove_compression_policy(format('prom_data.%I', table_name),
if_exists=>true) FROM _prom_catalog.metric;
after the upgrade. This cleans up the old way of running compression jobs,
compression will still work (just in the new way).
Prom-Migrator
Adds support for concurrent pulling and pushing to improve migration
throughput. (Please note concurrent push is disabled by default as we've
seem some issues migrating data to Thanos concurrently, which we are still
working out).
|
|
|
|
TimescaleDB 2.0 adds the much-anticipated support for distributed
hypertables (multi-node TimescaleDB), as well as new features and
enhancements to core functionality to give users better clarity and
more control and flexibility over their data.
This release also adds:
- Support for user-defined actions, allowing users to define,
customize, and schedule automated tasks, which can be run by the
built-in jobs scheduling framework now exposed to users.
- Significant changes to continuous aggregates, which now separate the
view creation from the policy. Users can now refresh individual
regions of the continuous aggregate materialized view, or schedule
automated refreshing via policy.
- Redesigned informational views, including new (and more general)
views for information about hypertable's dimensions and chunks,
policies and user-defined actions, as well as support for multi-node
TimescaleDB.
- Moving all formerly enterprise features into our Community Edition,
and updating Timescale License, which now provides additional (more
permissive) rights to users and developers.
Some of the changes above (e.g., continuous aggregates, updated
informational views) do introduce breaking changes to APIs and are not
backwards compatible. While the update scripts in TimescaleDB 2.0 will
upgrade databases running TimescaleDB 1.x automatically, some of these
API and feature changes may require changes to clients and/or upstream
scripts that rely on the previous APIs. Before upgrading, we recommend
reviewing upgrade documentation at docs.timescale.com for more details.
|
|
|
|
0.47.4:
Unknown changes
|
|
databases/ruby-activerecord60:
## Rails 6.0.3.5 (February 10, 2021) ##
* Fix possible DoS vector in PostgreSQL money type
Carefully crafted input can cause a DoS via the regular expressions used
for validating the money format in the PostgreSQL adapter. This patch
fixes the regexp.
Thanks to @dee-see from Hackerone for this patch!
[CVE-2021-22880]
*Aaron Patterson*
www/ruby-actionpack60
## Rails 6.0.3.5 (February 10, 2021) ##
* Prevent open redirect when allowed host starts with a dot
[CVE-2021-22881]
Thanks to @tktech (https://hackerone.com/tktech) for reporting this
issue and the patch!
*Aaron Patterson*
|
|
## Rails 5.2.4.5 (February 10, 2021) ##
* Fix possible DoS vector in PostgreSQL money type
Carefully crafted input can cause a DoS via the regular expressions used
for validating the money format in the PostgreSQL adapter. This patch
fixes the regexp.
Thanks to @dee-see from Hackerone for this patch!
[CVE-2021-22880]
*Aaron Patterson*
|
|
|
|
|
|
This is a MySQL metric exporter for Prometheus.
I've had this sitting in my tree since pkgsrc-2019Q4, it currently only has
SMF support, someone is more than welcome to add an rc.d script for it.
|
|
Upstream changes:
1.414 2020-10-21
* re-release 1.413_001 without further changes
1.413_001 2020-09-28
* Spell check
* Be specific in which files to skip from the distribution
* Author fixes
* Makefile.PL: port WriteMakefile1 from Hash::Merge
* .travis.yml: update for Xenial VMs
* cleanup MANIFEST.SKIP
* bump copyright year
* SQL::Parser correctly parse VALUES and SET clauses containing function invocations with several arguments
patch provided by Edgar J. Holleis
|
|
Add missing DEPENDS
Upstream changes:
2.000001 - 2021-01-23
- Remove Module::Runtime requirement
2.000000 - 2021-01-21
- Collapse custom join conditions back to something DBIC might understand
1.90_03 - 2019-10-13
- Add proof of concept DBIx::Class::SQLMaker::Role::SQLA2Passthrough
- _where_field_IN/BETWEEN are documented as subclassable; feature restored
1.90_02 - 2019-10-12
- fix DBIC ident op expander compat wrapper to handle call as unop
1.90_01 - 2019-10-09
- Complete overhaul of the internals, see the SQL::Abstract::Reference
docs to understand the new implementation's affordances.
|
|
Upstream changes:
0.58 - 2021-02-10, H.Merijn Brand
* It's 2021
* "class" is not a CSV attribute to pass on (issue#8)
0.57 - 2020-12-17, H.Merijn Brand
* META fixes
0.56 - 2020-12-05, H.Merijn Brand
* Fix Changes (add missing 0.54)
* Bugtrackter => github issues
* f_dir should exist (CVE fix in DBI-1.644 / DBD::File-0.45)
* TODO tests better skipped if failing
|
|
v0.22.0
A new asyncpg release is here.
Notable additions include Python 3.9 support, support for recently added
PostgreSQL types like jsonpath, and last but not least, vastly
improved executemany() performance. Importantly, executemany() is
also now atomic, which means that either all iterations succeed, or
none at all, whereas previously partial results would have remained in
place, unless executemany() was called in a transaction.
There is also the usual assortment of improvements and bugfixes, see the
details below.
This is the last release of asyncpg that supports Python 3.5, which has
reached EOL last September.
Improvements
Vastly speedup executemany by batching protocol messages
Allow using custom Record class
Add Python 3.9 support
Prefer SSL connections by default
Add codecs for a bunch of new builtin types
Expose Pool as asyncpg.Pool
Avoid unnecessary overhead during connection reset
|
|
3.14.1
This release contains primarily bugfixes.
Properly delegate to a foreign-key field's db_value() function when converting model instances.
Strip quote marks and parentheses from column names returned by sqlite cursor when a function-call is projected without an alias.
Fix DataSet.create_index() method.
Fix column-to-model mapping in model-select from subquery with joins.
Improvements to foreign-key lazy-loading.
Preserve and handle CHECK() constraints in Sqlite migrator.
Add stddev aggregate function to collection of sqlite user-defined funcs.
|
|
|
|
Changes in MySQL 5.6.51
Security Notes
The linked OpenSSL library for MySQL Server has been updated to version 1.1.1i. Issues fixed in the new OpenSSL version are described at https://www.openssl.org/news/cl111.txt and https://www.openssl.org/news/vulnerabilities.html.
Bugs Fixed
InnoDB: The full-text search synchronization thread attempted to read a previously-freed word from the index cache.
The server did not handle all cases of the WHERE_CONDITION optimization correctly.
Privileges for some INFORMATION_SCHEMA tables were checked incorrectly.
In certain cases, the server did not handle multiply-nested subqueries correctly.
A buffer overflow in the client library was fixed.
|
