From b70d9de77f337828ca3a0a3064a6827b1ce68977 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 8 Aug 2025 13:47:04 -0400 Subject: [PATCH] First-draft release notes for 17.6. As usual, the release notes for other branches will be made by cutting these down, but put them up for community review first. --- doc/src/sgml/release-17.sgml | 1652 ++++++++++++++++++++++++++++++++++ 1 file changed, 1652 insertions(+) diff --git a/doc/src/sgml/release-17.sgml b/doc/src/sgml/release-17.sgml index 57e3b8fcc01..6961fe95b7b 100644 --- a/doc/src/sgml/release-17.sgml +++ b/doc/src/sgml/release-17.sgml @@ -1,6 +1,1658 @@ + + Release 17.6 + + + Release date: + 2025-08-14 + + + + This release contains a variety of fixes from 17.5. + For information about new features in major release 17, see + . + + + + Migration to Version 17.6 + + + A dump/restore is not required for those running 17.X. + + + + However, if you have any + BRIN numeric_minmax_multi_ops indexes, it is + advisable to reindex them after updating. See the first changelog + entry below. + + + + Also, if you are upgrading from a version earlier than 17.5, + see . + + + + + Changes + + + + + + + Fix incorrect distance calculation in + BRIN numeric_minmax_multi_ops support function + (Peter Eisentraut, Tom Lane) + § + + + + The results were sometimes wrong on 64-bit platforms, and wildly + wrong on 32-bit platforms. This did not produce obvious failures + because the logic is only used to choose how to merge values into + ranges; at worst the index would become inefficient and bloated. + Nonetheless it's recommended to reindex any BRIN indexes that use + the numeric_minmax_multi_ops operator class. + + + + + + + Avoid regression in the size of XML input that we will accept + (Michael Paquier, Erik Wienhold) + § + § + + + + Our workaround for a bug in early 2.13.x releases + of libxml2 made use of a code path that + rejects text chunks exceeding 10MB, whereas the previous coding did + not. Those early releases are presumably extinct in the wild by + now, so revert to the previous coding. + + + + + + + Fix MERGE problems with concurrent updates + (Dean Rasheed) + § + + + + If a MERGE + inside a CTE attempts an update or delete on a table with + BEFORE ROW triggers, and a + concurrent UPDATE or DELETE + changes the target row, the MERGE command would + fail (crashing in the case of an update action, and potentially + executing the wrong action in the case of a delete action). + + + + + + + Fix MERGE into a plain-inheritance parent table + (Dean Rasheed) + § + + + + Insertions into such a target table could crash or produce incorrect + query results due to failing to handle WITH CHECK + OPTION and RETURNING actions. + + + + + + + Allow tables with statement-level triggers to become partitions or + inheritance children (Etsuro Fujita) + § + + + + We do not allow partitions or inheritance child tables to have + row-level triggers with transition tables, because an operation on + the whole inheritance tree would need to maintain a separate + transition table for each such child table. But that problem does + not apply for statement-level triggers, because only the parent's + statement-level triggers will be fired. The code that checks + whether an existing table can become a partition or inheritance + child nonetheless rejected both kinds of trigger. + + + + + + + Disallow collecting transition tuples from child foreign tables + (Etsuro Fujita) + § + + + + We do not support triggers with transition tables on foreign tables. + However, the case of a partition or inheritance child that is a + foreign table was overlooked. If the parent has such a trigger, + incorrect transition tuples were collected from the foreign child. + Instead throw an error, reporting that the case is not supported. + + + + + + + Allow resetting unknown custom parameters with reserved prefixes + (Nathan Bossart) + § + + + + Previously, if a parameter setting had been stored + using ALTER DATABASE/ROLE/SYSTEM, the stored + setting could not be removed if the parameter was unknown but had a + reserved prefix. This case could arise if an extension used to have + a parameter, but that parameter had been removed in an upgrade. + + + + + + + Fix a potential deadlock during ALTER SUBSCRIPTION ... DROP + PUBLICATION (Ajin Cherian) + § + + + + Ensure that server processes acquire catalog locks in a consistent + order during replication origin drops. + + + + + + + Shorten the race condition window for creating indexes with + conflicting names (Tom Lane) + § + + + + When choosing an auto-generated name for an index, avoid conflicting + with not-yet-committed pg_class rows as + well as fully-valid ones. This avoids possibly choosing the same + name as some concurrent CREATE INDEX did, + when that command is still in process of filling its index, or is + done but is part of a not-yet-committed transaction. There's still + a window for trouble, but it's only as long as the time needed to + validate a new index's parameters and insert + its pg_class row. + + + + + + + Prevent usage of incorrect VACUUM options in some + cases where multiple tables are vacuumed in a single command (Nathan + Bossart, Michael Paquier) + § + + + + The TRUNCATE and INDEX_CLEANUP + options of one table could be applied to others. + + + + + + + Ensure that the table's free-space map is updated in a timely way + when vacuuming a table that has no indexes (Masahiko Sawada) + § + + + + A previous optimization caused FSM vacuuming to sometimes be skipped + for such tables. + + + + + + + Fix processing of character classes within SIMILAR + TO regular expressions (Laurenz Albe) + § + § + + + + The code that translates SIMILAR TO pattern + matching expressions to POSIX-style regular expressions did not + consider that square brackets can be nested. For example, in a + pattern like [[:alpha:]%_], the code treated + the % and _ characters as + metacharacters when they should be literals. + + + + + + + When deparsing queries, always add parentheses around the expression + in FETCH FIRST expression ROWS + WITH TIES clauses (Heikki Linnakangas) + § + § + + + + This avoids some cases where the deparsed result wasn't + syntactically valid. + + + + + + + Limit the checkpointer process's fsync request queue size (Alexander + Korotkov, Xuneng Zhou) + § + § + + + + With very large shared_buffers settings, it was + possible for the checkpointer to attempt to allocate more than 1GB + for fsync requests, leading to failure and an infinite loop. Clamp + the queue size to prevent this scenario. + + + + + + + Avoid infinite wait in logical decoding when reading a + partially-written WAL record (Vignesh C) + § + + + + If the server crashes after writing the first part of a WAL record + that would span multiple pages, subsequent logical decoding of the + WAL stream would wait for data to arrive on the next WAL page. + That might never happen if the server is now idle. + + + + + + + Fix inconsistent spelling of LWLock names + for MultiXactOffsetSLRU + and MultiXactMemberSLRU (Bertrand Drouvot) + § + + + + This resulted in different wait-event names being displayed + in pg_wait_events + and pg_stat_activity, potentially breaking + monitoring queries that join those views. + + + + + + + Fix inconsistent quoting of role names in ACL strings (Tom Lane) + § + + + + The previous quoting rule was locale-sensitive, which could lead to + portability problems when transferring aclitem values + across installations. (pg_dump does not + do that, but other tools might.) To ensure consistency, always quote + non-ASCII characters in aclitem output; but to preserve + backward compatibility, never require that they be quoted + during aclitem input. + + + + + + + Reject equal signs (=) in the names of relation + options and foreign-data options (Tom Lane) + § + + + + There's no evident use-case for option names like this, and allowing + them creates ambiguity in the stored representation. + + + + + + + Fix potentially-incorrect decompression of LZ4-compressed archive + data (Mikhail Gribkov) + § + + + + This error seems to manifest only with not-very-compressible input + data, which may explain why it escaped detection. + + + + + + + Avoid a rare scenario where a btree index scan could mark the wrong + index entries as dead (Peter Geoghegan) + § + + + + + + + Avoid re-distributing cache invalidation messages from other + transactions during logical replication (vignesh C) + § + + + + Our previous round of minor releases included a bug fix to ensure + that replication receiver processes would respond to cross-process + cache invalidation messages, preventing them from using stale + catalog data while performing replication updates. However, the fix + unintentionally made them also redistribute those messages again, + leading to an exponential increase in the number of invalidation + messages, which would often end in a memory allocation failure. + Fix by not redistributing received messages. + + + + + + + Avoid unexpected server shutdown when replication slot + synchronization is misconfigured (Fujii Masao) + § + + + + The postmaster process would report an error (and then stop) + if sync_replication_slots was set + to true while wal_level was + less than logical. The desired behavior is just + that slot synchronization should be disabled, so reduce this error + message's level to avoid postmaster shutdown. + + + + + + + Avoid premature removal of old WAL during checkpoints (Vitaly Davydov) + § + + + + If a replication slot's restart point is advanced while a checkpoint + is in progress, no-longer-needed WAL segments could get removed too + soon, leading to recovery failure if the database crashes + immediately afterwards. Fix by keeping them for one additional + checkpoint cycle. + + + + + + + Never move a replication slot's confirmed-flush position backwards + (Shveta Malik) + § + + + + In some cases a replication client could acknowledge an LSN that's + past what it has stored persistently, and then perhaps send an older + LSN after a restart. We consider this not-a-bug so long as the + client did not have anything it needed to do for the WAL between the + two points. However, we should not re-send that WAL for fear of + data duplication, so make sure we always believe the latest + confirmed LSN for a given slot. + + + + + + + Prevent excessive delays before launching new logical replication + workers (Tom Lane) + § + + + + In some cases the logical replication launcher could sleep + considerably longer than the + configured wal_retrieve_retry_interval before + launching a new worker. + + + + + + + Fix use-after-free during logical replication of INSERT + ... ON CONFLICT (Ethan Mertz, Michael Paquier) + § + + + + This could result in incorrect progress reporting, or with very bad + luck it could result in a crash of the WAL sender process. + + + + + + + Allow waiting for a transaction on a standby server to be + interrupted (Kevin K Biju) + § + + + + Creation of a replication slot on a standby server may require waiting + for some active transaction(s) to finish on the primary and then be + replayed on the standby. Since that could be an indefinite wait, + it's desirable to allow the operation to be cancelled, but there was + no check for query cancel in the loop. + + + + + + + Do not let cascading logical WAL senders try to send data that's + beyond what has been replayed on their standby server (Alexey + Makhmutov) + § + + + + This avoids a situation where such WAL senders could get stuck at + standby server shutdown, waiting for replay work that will not + happen because the server's startup process is already shut down. + + + + + + + Fix per-relation memory leakage in autovacuum (Tom Lane) + § + + + + + + + Fix session-lifespan memory leaks + in XMLSERIALIZE(... INDENT) + (Dmitry Kovalenko, Tom Lane) + § + § + + + + + + + Fix possible crash after out-of-memory when allocating large chunks + with the bump allocator (Tom Lane) + § + + + + + + + Fix some places that might try to fetch toasted fields of system + catalogs without any snapshot (Nathan Bossart) + § + + + + This could result in an assertion failure or cannot fetch + toast data without an active snapshot error. + + + + + + + Avoid assertion failure during cross-table constraint updates + (Tom Lane, Jian He) + § + § + + + + + + + Remove faulty assertion that a command tag must have been determined + by the end of PortalRunMulti() (Álvaro Herrera) + § + + + + This failed in edge cases such as an empty prepared statement. + + + + + + + Fix assertion failure in XMLTABLE parsing + (Richard Guo) + § + + + + + + + Restore the ability to run PL/pgSQL expressions in parallel + (Dipesh Dhameliya) + § + + + + PL/pgSQL's notion of an expression is very broad, + encompassing any SQL SELECT query that returns a + single column and no more than one row. So there are cases, for + example evaluation of an aggregate function, where the query + involves significant work and it'd be useful to run it with parallel + workers. This used to be possible, but a previous bug fix + unintentionally disabled it. + + + + + + + Fix edge-case resource leaks in PL/Python error reporting (Tom Lane) + § + § + + + + An out-of-memory failure while reporting an error from Python could + result in failure to drop reference counts on Python objects, + leading to session-lifespan memory leakage. + + + + + + + Fix libpq's + PQcancelCreate() function for the case where + the server's address was specified using hostaddr + (Sergei Kornilov) + § + + + + libpq would crash if the resulting cancel + object was actually used. + + + + + + + Fix libpq's PQport() + function to never return NULL unless the passed connection is NULL + (Daniele Varrazzo) + § + + + + This is the documented behavior, but + recent libpq versions would return NULL + in some cases where the user had not provided a port specification. + Revert to our historical behavior of returning an empty string in + such cases. (v18 and later will return the compiled-in default port + number, typically "5432", instead.) + + + + + + + Avoid failure when GSSAPI authentication requires packets larger + than 16kB (Jacob Champion, Tom Lane) + § + + + + Larger authentication packets are needed for Active Directory users + who belong to many AD groups. This limitation manifested in + connection failures with unintelligible error messages, + typically GSSAPI context establishment error: The routine + must be called again to complete its function: Unknown + error. + + + + + + + Fix timing-dependent failures in SSL and GSSAPI data transmission + (Tom Lane) + § + + + + When using SSL or GSSAPI encryption in non-blocking + mode, libpq sometimes failed + with SSL error: bad length or GSSAPI caller + failed to retransmit all data needing to be retried. + + + + + + + Avoid null-pointer dereference during connection lookup + in ecpg applications (Aleksander + Alekseev) + § + + + + The case could occur only if the application has some connections + that are named and some that are not. + + + + + + + Improve psql's tab completion + for COPY and \copy options + (Atsushi Torikoshi) + § + + + + The same completions were offered for both COPY + FROM and COPY TO, although some options + are only valid for one case or the other. Distinguish these cases + to provide more accurate suggestions. + + + + + + + Avoid assertion failure in pgbench when + multiple pipeline sync messages are received (Fujii Masao) + § + + + + + + + Fix duplicate transaction replay when initializing a subscription + with pg_createsubscriber (Shlok Kyal) + § + + + + It was possible for the last transaction processed during subscriber + recovery to be sent again once normal replication begins. + + + + + + + Ensure that pg_dump dumps comments on + not-null constraints on domain types (Jian He, Álvaro Herrera) + § + + + + + + + Ensure that pg_dump dumps comments on + domain constraints in a valid order (Jian He) + § + + + + In some cases the comment command could appear before creation of + the constraint. + + + + + + + Ensure stable sort ordering in pg_dump + for all types of database objects (Noah Misch, Andreas Karlsson) + § + § + + + + pg_dump sorts objects by their logical + names before performing dependency-driven reordering. This sort did + not account for the full unique key identifying certain object types + such as rules and constraints, and thus it could produce dissimilar + sort orders for logically-identical databases. That made it + difficult to compare databases by + diff'ing pg_dump output, so improve the + logic to ensure stable sort ordering in all cases. + + + + + + + Fix incorrect parsing of object types + in pg_dump filter files (Fujii Masao) + § + + + + Treat keywords as extending to the next whitespace, rather than + stopping at the first non-alphanumeric character as before. + This makes no difference for valid keywords, but it allows some + error cases to be recognized properly. For + example, table-data will now be rejected, whereas + previously it was misinterpreted as table. + + + + + + + pg_restore failed to restore large + objects (BLOBs) from directory-format dumps made + by pg_dump versions + before PostgreSQL v12 (Pavel Stehule) + § + + + + + + + In pg_upgrade, check for inconsistent + inherited not-null constraints (Ali Akbar) + § + § + § + + + + PostgreSQL versions before 18 allow an + inherited column not-null constraint to be dropped. However, this + results in a schema that cannot be restored, leading to failure + in pg_upgrade. Detect such cases + during pg_upgrade's preflight checks to + allow users to fix them before initiating the upgrade. + + + + + + + Don't require that the target installation + have max_slot_wal_keep_size set to its default + during pg_upgrade (Dilip Kumar) + § + + + + + + + Avoid assertion failure if track_commit_timestamp + is enabled during initdb (Hayato Kuroda, + Andy Fan) + § + + + + + + + Fix pg_waldump to show information about + dropped statistics in PREPARE TRANSACTION WAL + records (Daniil Davydov) + § + + + + + + + Avoid possible leak of the open connection + during contrib/dblink connection establishment + (Tom Lane) + § + + + + In the rare scenario where we hit out-of-memory while inserting the + new connection object into dblink's hashtable, the open connection + would be leaked until end of session, leaving an idle session + sitting on the remote server. + + + + + + + Make contrib/pg_prewarm cope with very + large shared_buffers settings (Daria Shanina) + § + + + + Autoprewarm failed with a memory allocation error + if shared_buffers was larger than about 50 + million buffers (400GB). + + + + + + + Prevent assertion failure + in contrib/pg_prewarm (Masahiro Ikeda) + § + + + + Applying pg_prewarm() to a relation + lacking storage (such as a view) caused an assertion failure, + although there was no ill effect in non-assert builds. + Add an error check to reject that case. + + + + + + + In contrib/pg_stat_statements, avoid leaving + gaps in the set of parameter numbers used in a normalized query + (Sami Imseih) + § + + + + + + + Fix memory leakage in contrib/postgres_fdw's + DirectModify methods (Tom Lane) + § + + + + The PGresult holding the results of the + remote modify command would be leaked for the rest of the session if + the query fails between invocations of the DirectModify methods, + which could happen when there's RETURNING data to + process. + + + + + + + Ensure that directories listed + in configure's + + and options are searched before + system-supplied directories (Tom Lane) + § + + + + A common reason for using these options is to allow a user-built + version of some library to override the system-supplied version. + However, that failed to work in some environments because of + careless ordering of switches in the commands issued by the makefiles. + + + + + + + Fix configure's checks + for __cpuid() + and __cpuidex() (Lukas Fittl, Michael Paquier) + § + + + + configure failed to detect these + Windows-specific functions, so that they would not be used, + leading to slower-than-necessary CRC computations since the + availability of hardware instructions could not be verified. + The practical impact of this error was limited, because production + builds for Windows typically do not use the Autoconf toolchain. + + + + + + + Fix build failure with option on + Solaris-based platforms (Tom Lane) + § + + + + Solaris is inconsistent with other Unix platforms about the API for + PAM authentication. This manifested as an inconsistent + pointer compiler warning, which we never did anything about. + But as of GCC 14 it's an error not warning by default, so fix it. + + + + + + + Make our code portable to GNU Hurd (Michael Banck, Christoph Berg, + Samuel Thibault) + § + § + + + + Fix assumptions about IOV_MAX + and O_RDONLY that don't hold on Hurd. + + + + + + + Make our usage of memset_s() conform strictly + to the C11 standard (Tom Lane) + § + + + + This avoids compile failures on some platforms. + + + + + + + Silence compatibility warning when using Meson to build with MSVC + (Peter Eisentraut) + § + + + + + + + Prevent uninitialized-value compiler warnings in JSONB comparison + code (Tom Lane) + § + + + + + + + Avoid deprecation warnings when building + with libxml2 2.14 and later + (Michael Paquier) + § + + + + + + + Avoid problems when compiling pg_locale.h under + C++ (John Naylor) + § + + + + PostgreSQL header files generally need to + be wrapped in extern "C" { ... } in order to be + included in extensions written in C++. This failed + for pg_locale.h because of its use + of libicu headers, but we can work around + that by suppressing C++-only declarations in those headers. C++ + extensions that want to use libicu's C++ + APIs can do so by including the libicu + headers ahead of pg_locale.h. + + + + + + + + Release 17.5