PostgreSQL Database Server

A security advisory has been created for the PostgreSQL JDBC Driver. The URL connection string loggerFile property could be mis-used to create an arbitrary file on the system that the driver is loaded. Additionally anything in the connection string ... [More] will be logged and subsequently written into that file. In an insecure system it would be possible to execute this file through a webserver. While we do not consider this a security issue with the driver, we have decided to remove the loggerFile and loggerLevel connection properties in the next release of the driver. Removal of those properties does not make exposing the JDBC URL or connection properties to an attacker safe and we continue to suggest that applications do not allow untrusted users to specify arbitrary connection properties. We are removing them to prevent misuse and their functionality can be delegated to java.util.logging. The changelog is not very useful as the change was done behind a security advisory. The short version is that loggerFile and loggerLevel properties still exist but do not do anything. The PostgreSQL JDBC team would like to thank all that have participated in this release! The JDBC Team [Less]

The pgAdmin Development Team is pleased to announce pgAdmin 4 version 6.5. This release of pgAdmin 4 includes 24 bug fixes and new features. For more details please see the release notes. pgAdmin is the leading Open Source graphical management tool ... [More] for PostgreSQL. For more information, please see the website. Notable changes in this release include: Features: Added support to open SQL help, Dialog help, and online help in an external web browser. This feature allows the users to open the SQL help, Dialog help, and online help in an external web browser instead of an NWjs standalone window that doesn’t have a search and navigation facility. We have added a configurable option ‘Open Documentation in Default Browser?’ by default its value is true. Bugs/Housekeeping: Port Import/Export dialog, Dependent, dependencies, statistics panel to React. Rename the menu 'Disconnect Server' to 'Disconnect from server'. Added flag in runtime to disable GPU hardware acceleration. Fixed an issue where connections keep open to (closed) connections on the initial connection to the database server. Ensure that Partitioned tables should be visible correctly when creating multiple partition levels. Fixed an issue where the Browser tree gets disappears when scrolling sequences. Ensure that JSON files should be downloaded properly from the storage manager. Fixed an issue where restore generates incorrect options for the schema. Fixed an issue where the F2 Function key removes browser panel contents. Builds for Windows and macOS are available now, along with a Python Wheel, Docker Container, RPM, DEB Package, and source code tarball from the tarball area. [Less]

Antananarivo, Madagascar - February 10, 2022 Ora2Pg Version 23.1 of Ora2Pg, a free and reliable tool used to migrate an Oracle database to PostgreSQL, has been officially released and is publicly available for download. This release fix several ... [More] issues reported since past four months and adds some new major features and improvements. Add use of greatest() / least() functions from new version of Orafce when required to return NULL on NULL input like Oracle. ALLOW and EXCLUDE configuration values can now be read from a file. This is useful if you have a lot of table to filter. Add possibility to use of System Change Number (SCN) for data export or data validation by providing a specific SCN. It can be set at command line using the -S or --scn option. You can give a specific SCN or if you want to use the current SCN at first connection time set the value to 'current'. Example of use:     ora2pg -c ora2pg.conf -t COPY --scn 16605281 You can also use the --scn option to use the Oracle flashback capability by specifying a timestamp expression instead of a SCN. For example:     ora2pg -c ora2pg.conf -t COPY --scn "TO_TIMESTAMP('2021-12-01 00:00:00', 'YYYY-MM-DD HH:MI:SS')" or for example to only retrieve yesterday's data:     ora2pg -c ora2pg.conf -t COPY --scn "SYSDATE - 1" Add json output format to migration assessment. Add new TO_CHAR_NOTIMEZONE configuration directive to remove any timezone information into the format part of the TO_CHAR() function. Disabled by default. Note that the new default setting breaks backward compatibility, old behavior was to always remove the timezone part. Add new configuration directive FORCE_IDENTITY_BIGINT. Usually identity column must be bigint to correspond to an auto increment sequence so Ora2Pg always force it to be a bigint. If, for any reason, you want Ora2Pg to respect the DATA_TYPE that was set for identity column then disable this directive. Allow to export only invalid objects when EXPORT_INVALID is set to 2 Disable per partition data export when a WHERE clause is define on the partitioned table or that a global WHERE clause is defined. There is also two new options to command ora2pg. New command line option --lo_import. By default Ora2Pg imports Oracle BLOB as bytea, the destination column is created using the bytea data type. If you want to use large object instead of bytea, just add the --blob_to_lo option to the ora2pg command. It will create the destination column with data type Oid and will save the BLOB as a large object using the lo_from_bytea() function. The Oid returned by the call to lo_from_bytea() is inserted in the destination column instead of a bytea. This option can only be used with actions SHOW_COLUMN, TABLE and INSERT, action COPY is not supported. If you want to use COPY or have huge size BLOB ( > 1GB ) than can not be imported using lo_from_bytea() you can add option --lo_import to the ora2pg command. This will allow to import data in two passes: 1) Export data using COPY or INSERT will set the Oid destination column for BLOB to value 0 and save the BLOB value into a dedicated file. It will also create a Shell script to import the BLOB files into the database using psql command \lo_import and to update the table Oid column to the returned large object Oid. The script is named lo_import-TABLENAME.sh 2) Execute all scripts lo_import-TABLENAME.sh after setting the environment variables PGDATABASE and optionally PGHOST, PGPORT, PGUSER, etc. if they do not correspond to the default values for libpq. You might also execute manually a VACUUM FULL on the table to remove the bloat created by the table update. Limitation: the table must have a primary key, it is used to set the WHERE clause to update the Oid column after the large object import. Importing BLOB using this second method (--lo_import) is very slow so it should be reserved to rows where the BLOB > 1GB for all other rows use the option --blob_to_lo. To filter the rows you can use the WHERE configuration directive in ora2pg.conf. New command line option --cdc_ready to use current SCN per table when exporting data and register them into a file named TABLES_SCN.log This can be used for Change Data Capture (CDC) tools. For a complete list of change see https://github.com/darold/ora2pg/blob/master/changelog Thanks to all contributors, they are all cited in the changelog file. Links & Credits I would like to thank all users who submitted patches and users who reported bugs and feature requests, they are all cited the ChangeLog file. Ora2Pg is an open project. Any contribution to build a better tool is welcome. You just have to send your ideas, features requests or patches using the GitHub tools or directly to [email protected]. Links: Website: https://www.ora2pg.com/ Download1: https://github.com/darold/ora2pg/releases Download2: https://sourceforge.net/projects/ora2pg/ Development: https://github.com/darold/ora2pg Changelog: https://github.com/darold/ora2pg/blob/master/changelog Documentation: https://github.com/darold/ora2pg/blob/master/README About Ora2Pg : Ora2Pg is an easy and reliable tool to migrate from Oracle to PostgreSQL. It is developed since 2001 and can export most of the Oracle objects into PostgreSQL compatible code. Ora2Pg works on any platform and is available under the GPL v3 licence. Docs, Download & Support at http://www.ora2pg.com/ [Less]

The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 14.2, 13.6, 12.10, 11.15, and 10.20. This release fixes over 55 bugs reported over the last three months. For the full list of changes ... [More] , please review the release notes. Bug Fixes and Improvements This update fixes over 55 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 14. Some of these issues may also affect other supported versions of PostgreSQL. Included in this release: Fix for a low probability scenario of index corruption when a HOT (heap-only tuple) chain changes state during VACUUM. Encountering this issue is unlikely, but if you are concerned, please consider reindexing. Fix for using REINDEX CONCURRENTLY on TOAST table indexes to prevent corruption. You can fix any TOAST indexes by reindexing them again. The psql \password command now defaults to setting the password for the role defined by CURRENT_USER. Additionally, the role name is now included in the password prompt. Build extended statistics for partitioned tables. If you previously added extended statistics to a partitioned table, you should run ANALYZE on those tables. As autovacuum currently does not process partitioned tables, you must periodically run ANALYZE on any partitioned tables to update their statistics. Fix crash with ALTER STATISTICS when the statistics object is dropped concurrently. Fix crash with multiranges when extracting variable-length data types. Several fixes to the query planner that lead to incorrect query results. Several fixes for query plan memoization. Fix startup of a physical replica to tolerate transaction ID wraparound. When using logical replication, avoid duplicate transmission of a partitioned table's data when the publication includes both the child and parent tables. Disallow altering data type of a partitioned table's columns when the partitioned table's row type is used as a composite type elsewhere. Disallow ALTER TABLE ... DROP NOT NULL for a column that is part of a replica identity index. Several fixes for caching that correct logical replication behavior and improve performance. Fix memory leak when updating expression indexes. Avoid leaking memory during REASSIGN OWNED BY operations that reassign ownership of many objects. Fix display of whole-row variables appearing in INSERT ... VALUES rules. Fix race condition that could lead to failure to localize error messages that are reported early in multi-threaded use of libpq or ecpglib. Fix psql \d command for identifying parent triggers. Fix failures on Windows when using the terminal as data source or destination. This affected the psql \copy command and using pg_recvlogical with -f -. Fix the pg_dump --inserts and --column-inserts modes to handle tables that contain both generated and dropped columns. Fix edge cases in how postgres_fdw handles asynchronous queries. These errors could lead to crashes or incorrect results when attempting to run parallel scans of foreign tables. For the full list of changes available, please review the release notes. Updating All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shutdown PostgreSQL and update its binaries. Users who have skipped one or more update releases may need to run additional, post-update steps; please see the release notes for earlier versions for details. For more details, please see the release notes. Links Download Release Notes Security Versioning Policy Follow @postgresql on Twitter [Less]

A security advisory has been created for the PostgreSQL JDBC driver. The driver provides the facility to instantiate plugin instances based on class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory ... [More] , sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. The fix is to ensure that the class implements the expected interface. This has been fixed in version 42.2.25 and 42.3.2 Additionally the following was are some of the changes in 42.3.2 the full change log can be found here Changed perf: read in_hot_standby GUC on connection PR #2334 fix: we will ask the server if it supports GSS Encryption if gssEncryption is prefer or require PR #2396 remove the need to have a ticket in the cache before asking the server if gss encryptions are supported fix: throw SQLException for #getBoolean BIT(>1) PR #2386 Throw SQLException instead of ClassCastException when calling CallableStatement#getBoolean(int) on BIT(>1). perf: read in_hot_standby GUC on connection PR #2334 Add cert key type checking to chooseClientAlias PR #2417 Added feat: Add authenticationPluginClassName option to provide passwords at runtime Adds authenticationPluginClassName connection property that allows end users to specify a class that will provide the connection passwords at runtime. Users implementing that interface must ensure that each invocation of the method provides a new char[] array as the contents will be filled with zeroes by the driver after use.Call sites within the driver have been updated to use the char[] directly wherever possible. This includes direct usage in the GSS authentication code paths that internally were already converting the String password into a char[] for internal usage. This allows configuring a connection with a password that must be generated on the fly or periodically changes. PR #2369 original issue Issue #2102 feat: add tcpNoDelay option PR #2341 fixes Issue #2324 feat: pg_service.conf and .pgpass support (jdbc:postgresql://?service=my-service) PR #2260 fixes Issue #2278 Fixed Use local TimestampUtil in PgStatement and PgResultset for thread safety PR #2291 fixes Issue #921 synchronize modification of shared calendar fix: PgObject isNull() was reporting the opposite fixes Issue #2411 PR #2414 fix: default file name is ".pg_service.conf" on Windows (not "pg_service.conf") PR #2398 fixes Issue #2278 fix: do not close refcursor after reading if fetchsize has been set fixes Issue #2227 PR #2371 fix: rework gss authentication to use the principal name to get the credentials fixes Issue #2235 PR #2352 fix: return getIndexInfo metadata columns in UPPER CASE PR #2368 fix: Connection leak in ConnectionFactoryImpl#tryConnect PR #2350 Issue #2351 fix: Fix For IS_AUTOGENERATED Flag PR #2348 fix: parsing service file tests for windows PR #2347 fix: The spec says that calling close() on a closed connection is a noop. PR #2345 fixes Issue #2300 fix: add microsecond precision to getTimestamp() called on sql TIME(6) Currently, "when fetching a value of type TIME(6) through resultSet.getTimestamp() only ms precision is retained, the microsecond fractional digits are lost." This change will retain the microsecond precision when .getTimestamp() is called on TIME(6). PR #2181 Closes Issue #1537 test: materialized view privileges PR #2209 add and drop a materialized view Add to TestUtil and also to DatabaseMetaData setup and teardown fixes Issue #2060 fix: typo in connect.md PR #2338 OutOfMemoryException => OutOfMemoryError fix: use local TimestampUtil in PgStatement and PgResultset for thread safety TimestampUtil is not thread safe. It raises exceptions when multiple threads use ResultSets of one connection. PR #2291 fixes Issue #921 If PgStatement and PgResultSet use their own TimestampUtil no synchronize is needed. fix: typo in CONTRIBUTING.md PR #2332 seccion => section The PostgreSQL JDBC team would like to thank all that have participated in this release! The JDBC Team [Less]

Announcing the German PostgreSQL Conference 2022 & Call for Papers PGConf.de 2022 is the sequel of the highly successful German PostgreSQL conferences 2011, 2013, 2015, 2018 and 2019. We'll stay in Leipzig, at the same nice hotel and conference ... [More] location as in 2019, in the middle of the town. The conference will take place on May 13th, 2022. Registration for the conference will be possible well in advance. Tickets must be purchased online. The Call for Papers is open. Go to www.postgresql.eu/events/pgconfde2022/callforpapers/ and submit your talks. The Call for Sponsors will open soon. See you in Leipzig in May 2022! [Less]

The AgensGraph Development Team are pleased to announce the release of AgensGraph v2.5. AgensGraph is a new generation multi-model graph database for the modern complex data environment. AgensGraph is a multi-model database, which supports the ... [More] relational and graph data model at the same time that enables developers to integrate the legacy relational data model and the flexible graph data model in one database. AgensGraph supports ANSI-SQL and openCypher (http://www.opencypher.org). SQL queries and Cypher queries can be integrated into a single query in AgensGraph. AgensGraph is based on the powerful PostgreSQL RDBMS, and is very robust, fully-featured and ready for enterprise use. AgensGraph is optimized for handling complex connected graph data and provides plenty of powerful database features essential to the enterprise database environment including ACID transactions, multi-version concurrency control, stored procedure, triggers, constraints, sophisticated monitoring and a flexible data model (JSON). Moreover, AgensGraph leverages the rich eco-systems of PostgreSQL and can be extended with many outstanding external modules, like PostGIS. For more details please see the release notes.   Major Improvements in AgensGraph v2.5.   1. Performance Partitioning, a unique feature of relational DB, can now be used in AgensGraph as well.    1.1. Large-scale data processing – With partitioning, large-scale data processing is improved – Improved performance speed and the convenience of data management – Hybrid query (Cypher+SQL) performance has been improved in relation to large data processing performance.    1.2. Query Performance – When querying and aggregating large amounts of data, the performance of the query has been improved by hash join using parallel processing     2. Ease of Use A stored procedure has been added. The stored procedure can package and store multiple queries into one logic.    2.1. Convenience of Data Management – The newly added stored procedure eliminates repetitive tasks, thus saving time  – Convenience of expansion and maintenance has significantly improved   3. Algorithms New graph algorithms are provided in a package.    3.1. Latest Graph Algorithms – A total of 7 advanced graph algorithms such as centrality, community detection, and similarity, etc are the core of graph analysis and shall be included in the package.    4. High Availability Information systems with high availability can operate normally for a long period of time without failure.   4.1. Agpool’s High Availability Updated Agpool to improve high availability  – Load Balancing: when multiple users execute a query at the same time, the query is distributed across multiple servers for processing  – Auto Failover: when the master server fails, the slave server takes over instead    The new version is immediately available for download. [Less]

Apache AGE Team has released version 0.6.0 of Apache AGE(incubating) Apache AGE(incubating) is a PostgreSQL extension that provides graph database functionality. AGE is an acronym for A Graph Extension, and is inspired by Bitnine's fork of ... [More] PostgreSQL 10, AgensGraph, which is a multi-model database. The goal of the project is to create single storage that can handle both relational and graph model data so that users can use standard ANSI SQL along with openCypher, the Graph query language. Release Notes For v0.6.0 The release supports the following: Add VLE SRF (Set Returning Function). Fix Vertex, Edge, and Path serialization bug (AGE2-307). Fix CREATE passback bug (AGE2-337). Fix CREATE transaction block bug (AGE2-345). Fix parallel build errors. Fix Travis CI compiler warnings. Please see the repository for details : https://github.com/apache/incubator-age/releases/tag/v0.6.0 Please feel free to use and send us an inquiry/idea about our project to Eya [email protected] (Apache AGE's active Committer) Github Issues : https://github.com/apache/incubator-age/issues [Less]

Apache AGE Team has released version 0.6.0 of Apache AGE(incubating) Apache AGE(incubating) is a PostgreSQL extension that provides graph database functionality. AGE is an acronym for A Graph Extension, and is inspired by Bitnine's fork of ... [More] PostgreSQL 10, AgensGraph, which is a multi-model database. The goal of the project is to create single storage that can handle both relational and graph model data so that users can use standard ANSI SQL along with openCypher, the Graph query language. Release Notes For v0.6.0 The release supports the following: Add VLE SRF (Set Returning Function). Fix Vertex, Edge, and Path serialization bug (AGE2-307). Fix CREATE passback bug (AGE2-337). Fix CREATE transaction block bug (AGE2-345). Fix parallel build errors. Fix Travis CI compiler warnings. Please see the repository for details : https://github.com/apache/incubator-age/releases/tag/v0.6.0 Please feel free to use and send us an inquiry/idea about our project to Eya [email protected] (Apache AGE's active Committer) Github Issues : https://github.com/apache/incubator-age/issues [Less]

Antananarivo, Madagascar - January 23th, 2022 pgBadger pgBadger is a PostgreSQL performance analyzer, built for speed with fully detailed reports based on your PostgreSQL log files. pgBadger 11.7 was released today, this release of pgBadger fixes ... [More] some issues reported by users since past five months as well as some improvements. Add new option --no-progressbar option to not display it but keep the other outputs. Add new option --day-report that can be used to rebuild an HTML report over the specified day. Like option --month-report but only for a day. It requires the incremental output directories and the presence of all necessary binary data files. The value is date in format: YYYY-MM-DD Improve parsing of Heroku logplex and CloudSQL json logs. For the complete list of changes, please checkout the release note on https://github.com/darold/pgbadger/releases/tag/v11.7 Links & Credits I would like to thank all users who submitted patches and users who reported bugs and feature requests, they are all cited the ChangeLog file. pgBadger is an open project. Any contribution to build a better tool is welcome. You just have to send your ideas, features requests or patches using the GitHub tools or directly to [email protected]. Links : Download: http://pgbadger.darold.net/ Support: use GitHub report tool at https://github.com/darold/pgbadger/issues or contact [email protected]. For a complete list of commercial support near of your place take a look at the PostgreSQL Professional Services page, they all do great job and most of them can help you. About pgBadger : pgBagder is a new generation log analyzer for PostgreSQL, created by Gilles Darold (also author of ora2pg, the powerful migration tool). pgBadger is a fast and easy tool to analyze your SQL traffic and create HTML5 reports with dynamics graphs. pgBadger is the perfect tool to understand the behavior of your PostgreSQL servers and identify which SQL queries need to be optimized. Docs, Download & Demo at http://pgbadger.darold.net/ [Less]