Posted
about 2 years
ago
A security advisory has been created for the PostgreSQL JDBC Driver.
The URL connection string loggerFile property could be mis-used to create an arbitrary file on the system that the driver is loaded. Additionally anything in the connection string
... [More]
will be logged and subsequently written into that file. In an insecure system it would be possible to execute this file through a webserver.
While we do not consider this a security issue with the driver, we have decided to remove the loggerFile and loggerLevel connection properties in the next release of the driver. Removal of those properties does not make exposing the JDBC URL or connection properties to an attacker safe and we continue to suggest that applications do not allow untrusted users to specify arbitrary connection properties.
We are removing them to prevent misuse and their functionality can be delegated to java.util.logging.
The changelog is not very useful as the change was done behind a security advisory. The short version is that loggerFile and loggerLevel properties still exist but do not do anything.
The PostgreSQL JDBC team would like to thank all that have participated in this release!
The JDBC Team
[Less]
|
Posted
about 2 years
ago
The pgAdmin Development Team is pleased to announce pgAdmin 4 version 6.5. This release of pgAdmin 4 includes 24 bug fixes and new features. For more details please see the release notes.
pgAdmin is the leading Open Source graphical management tool
... [More]
for PostgreSQL. For more information, please see the website.
Notable changes in this release include:
Features:
Added support to open SQL help, Dialog help, and online help in an external web browser.
This feature allows the users to open the SQL help, Dialog help, and online help in an external web browser instead of an NWjs standalone window that doesn’t have a search and navigation facility. We have added a configurable option ‘Open Documentation in Default Browser?’ by default its value is true.
Bugs/Housekeeping:
Port Import/Export dialog, Dependent, dependencies, statistics panel to React.
Rename the menu 'Disconnect Server' to 'Disconnect from server'.
Added flag in runtime to disable GPU hardware acceleration.
Fixed an issue where connections keep open to (closed) connections on the initial connection to the database server.
Ensure that Partitioned tables should be visible correctly when creating multiple partition levels.
Fixed an issue where the Browser tree gets disappears when scrolling sequences.
Ensure that JSON files should be downloaded properly from the storage manager.
Fixed an issue where restore generates incorrect options for the schema.
Fixed an issue where the F2 Function key removes browser panel contents.
Builds for Windows and macOS are available now, along with a Python Wheel, Docker Container, RPM, DEB Package, and source code tarball from the tarball area.
[Less]
|
Posted
about 2 years
ago
Antananarivo, Madagascar - February 10, 2022
Ora2Pg
Version 23.1 of Ora2Pg, a free and reliable tool used to migrate an
Oracle database to PostgreSQL, has been officially released and is
publicly available for download.
This release fix several
... [More]
issues reported since past four months and
adds some new major features and improvements.
Add use of greatest() / least() functions from new version of Orafce when
required to return NULL on NULL input like Oracle.
ALLOW and EXCLUDE configuration values can now be read from a file.
This is useful if you have a lot of table to filter.
Add possibility to use of System Change Number (SCN) for data export or
data validation by providing a specific SCN. It can be set at command
line using the -S or --scn option. You can give a specific SCN or if you
want to use the current SCN at first connection time set the value to
'current'. Example of use:
ora2pg -c ora2pg.conf -t COPY --scn 16605281
You can also use the --scn option to use the Oracle flashback capability by
specifying a timestamp expression instead of a SCN. For example:
ora2pg -c ora2pg.conf -t COPY --scn "TO_TIMESTAMP('2021-12-01 00:00:00', 'YYYY-MM-DD HH:MI:SS')"
or for example to only retrieve yesterday's data:
ora2pg -c ora2pg.conf -t COPY --scn "SYSDATE - 1"
Add json output format to migration assessment.
Add new TO_CHAR_NOTIMEZONE configuration directive to remove any timezone
information into the format part of the TO_CHAR() function. Disabled by default.
Note that the new default setting breaks backward compatibility, old behavior
was to always remove the timezone part.
Add new configuration directive FORCE_IDENTITY_BIGINT. Usually identity
column must be bigint to correspond to an auto increment sequence so
Ora2Pg always force it to be a bigint. If, for any reason, you want
Ora2Pg to respect the DATA_TYPE that was set for identity column then
disable this directive.
Allow to export only invalid objects when EXPORT_INVALID is set to 2
Disable per partition data export when a WHERE clause is define on the
partitioned table or that a global WHERE clause is defined.
There is also two new options to command ora2pg.
New command line option --lo_import. By default Ora2Pg imports Oracle
BLOB as bytea, the destination column is created using the bytea data
type. If you want to use large object instead of bytea, just add the
--blob_to_lo option to the ora2pg command. It will create the destination
column with data type Oid and will save the BLOB as a large object using
the lo_from_bytea() function. The Oid returned by the call to lo_from_bytea()
is inserted in the destination column instead of a bytea. This option can
only be used with actions SHOW_COLUMN, TABLE and INSERT, action COPY is not
supported.
If you want to use COPY or have huge size BLOB ( > 1GB ) than can not be
imported using lo_from_bytea() you can add option --lo_import to the
ora2pg command. This will allow to import data in two passes:
1) Export data using COPY or INSERT will set the Oid destination column
for BLOB to value 0 and save the BLOB value into a dedicated file. It
will also create a Shell script to import the BLOB files into the
database using psql command \lo_import and to update the table Oid
column to the returned large object Oid. The script is named
lo_import-TABLENAME.sh
2) Execute all scripts lo_import-TABLENAME.sh after setting the
environment variables PGDATABASE and optionally PGHOST, PGPORT, PGUSER,
etc. if they do not correspond to the default values for libpq.
You might also execute manually a VACUUM FULL on the table to remove
the bloat created by the table update.
Limitation: the table must have a primary key, it is used to set the
WHERE clause to update the Oid column after the large object import.
Importing BLOB using this second method (--lo_import) is very slow so it
should be reserved to rows where the BLOB > 1GB for all other rows use
the option --blob_to_lo. To filter the rows you can use the WHERE
configuration directive in ora2pg.conf.
New command line option --cdc_ready to use current SCN per table when
exporting data and register them into a file named TABLES_SCN.log This
can be used for Change Data Capture (CDC) tools.
For a complete list of change see https://github.com/darold/ora2pg/blob/master/changelog
Thanks to all contributors, they are all cited in the changelog file.
Links & Credits
I would like to thank all users who submitted patches and users
who reported bugs and feature requests, they are all cited
the ChangeLog file.
Ora2Pg is an open project. Any contribution to build a better tool is
welcome. You just have to send your ideas, features requests or patches
using the GitHub tools or directly to [email protected].
Links:
Website: https://www.ora2pg.com/
Download1: https://github.com/darold/ora2pg/releases
Download2: https://sourceforge.net/projects/ora2pg/
Development: https://github.com/darold/ora2pg
Changelog: https://github.com/darold/ora2pg/blob/master/changelog
Documentation: https://github.com/darold/ora2pg/blob/master/README
About Ora2Pg :
Ora2Pg is an easy and reliable tool to migrate from Oracle to PostgreSQL.
It is developed since 2001 and can export most of the Oracle objects into
PostgreSQL compatible code.
Ora2Pg works on any platform and is available under the GPL v3 licence.
Docs, Download & Support at http://www.ora2pg.com/
[Less]
|
Posted
about 2 years
ago
The PostgreSQL Global Development Group has released an update to all supported
versions of PostgreSQL, including 14.2, 13.6, 12.10, 11.15, and 10.20. This
release fixes over 55 bugs reported over the last three months.
For the full list of changes
... [More]
, please review the
release notes.
Bug Fixes and Improvements
This update fixes over 55 bugs that were reported in the last several months.
The issues listed below affect PostgreSQL 14. Some of these issues may also
affect other supported versions of PostgreSQL.
Included in this release:
Fix for a low probability scenario of index corruption when a HOT
(heap-only tuple)
chain changes state during VACUUM. Encountering this issue is unlikely, but if
you are concerned, please consider
reindexing.
Fix for using REINDEX CONCURRENTLY
on TOAST table
indexes to prevent corruption. You can fix any TOAST indexes by
reindexing them
again.
The psql
\password command now defaults to setting the password for the role defined
by CURRENT_USER. Additionally, the role name is now included in the password
prompt.
Build extended statistics for partitioned tables. If you previously added
extended statistics to a partitioned table, you should run
ANALYZE on those
tables.
As autovacuum
currently does not process partitioned tables, you must periodically run
ANALYZE on any partitioned tables to update their statistics.
Fix crash with ALTER STATISTICS
when the statistics object is dropped concurrently.
Fix crash with multiranges
when extracting variable-length data types.
Several fixes to the query planner that lead to incorrect query results.
Several fixes for query plan memoization.
Fix startup of a physical replica to tolerate transaction ID wraparound.
When using logical replication, avoid duplicate transmission of a
partitioned table's data when the publication includes both the child and parent
tables.
Disallow altering data type of a partitioned table's columns when the
partitioned table's row type is used as a composite type elsewhere.
Disallow ALTER TABLE ... DROP NOT NULL
for a column that is part of a replica identity index.
Several fixes for caching that correct logical replication behavior and
improve performance.
Fix memory leak when updating expression indexes.
Avoid leaking memory during REASSIGN OWNED BY
operations that reassign ownership of many objects.
Fix display of whole-row variables appearing in INSERT ... VALUES rules.
Fix race condition that could lead to failure to localize error messages that
are reported early in multi-threaded use of libpq or ecpglib.
Fix psql \d
command for identifying parent triggers.
Fix failures on Windows when using the terminal as data source or
destination. This affected the psql \copy command and using
pg_recvlogical
with -f -.
Fix the pg_dump
--inserts and --column-inserts modes to handle tables that contain both
generated and dropped columns.
Fix edge cases in how postgres_fdw
handles asynchronous queries. These errors could lead to crashes or incorrect
results when attempting to run parallel scans of foreign tables.
For the full list of changes available, please review the
release notes.
Updating
All PostgreSQL update releases are cumulative. As with other minor releases,
users are not required to dump and reload their database or use pg_upgrade in
order to apply this update release; you may simply shutdown PostgreSQL and
update its binaries.
Users who have skipped one or more update releases may need to run additional,
post-update steps; please see the release notes for earlier versions for
details.
For more details, please see the
release notes.
Links
Download
Release Notes
Security
Versioning Policy
Follow @postgresql on Twitter
[Less]
|
Posted
about 2 years
ago
A security advisory has been created for the PostgreSQL JDBC driver.
The driver provides the facility to instantiate plugin instances based on class names provided via authenticationPluginClassName,
sslhostnameverifier, socketFactory, sslfactory
... [More]
, sslpasswordcallback connection properties.
However, the driver did not verify if the class implements the expected interface before instantiating the class.
The fix is to ensure that the class implements the expected interface. This has been fixed in version 42.2.25 and 42.3.2
Additionally the following was are some of the changes in 42.3.2 the full change log can be found here
Changed
perf: read in_hot_standby GUC on connection PR #2334
fix: we will ask the server if it supports GSS Encryption if gssEncryption
is prefer or require PR #2396 remove the need to have a ticket in the cache before asking the server if gss encryptions are supported
fix: throw SQLException for #getBoolean BIT(>1) PR #2386 Throw SQLException instead of ClassCastException when calling
CallableStatement#getBoolean(int) on BIT(>1).
perf: read in_hot_standby GUC on connection PR #2334
Add cert key type checking to chooseClientAlias PR #2417
Added
feat: Add authenticationPluginClassName option to provide passwords at runtime
Adds authenticationPluginClassName connection property that allows end users to specify a class
that will provide the connection passwords at runtime. Users implementing that interface must
ensure that each invocation of the method provides a new char[] array as the contents
will be filled with zeroes by the driver after use.Call sites within the driver have been updated to use the char[] directly wherever possible.
This includes direct usage in the GSS authentication code paths that internally were already converting the String password into a char[] for internal usage.
This allows configuring a connection with a password that must be generated on the fly or periodically changes. PR #2369 original issue Issue #2102
feat: add tcpNoDelay option PR #2341 fixes Issue #2324
feat: pg_service.conf and .pgpass support (jdbc:postgresql://?service=my-service) PR #2260 fixes Issue #2278
Fixed
Use local TimestampUtil in PgStatement and PgResultset for thread safety PR #2291
fixes Issue #921 synchronize modification of shared calendar
fix: PgObject isNull() was reporting the opposite fixes Issue #2411 PR #2414
fix: default file name is ".pg_service.conf" on Windows (not "pg_service.conf") PR #2398 fixes Issue #2278
fix: do not close refcursor after reading if fetchsize has been set fixes Issue #2227 PR #2371
fix: rework gss authentication to use the principal name to get the credentials fixes Issue #2235 PR #2352
fix: return getIndexInfo metadata columns in UPPER CASE PR #2368
fix: Connection leak in ConnectionFactoryImpl#tryConnect PR #2350 Issue #2351
fix: Fix For IS_AUTOGENERATED Flag PR #2348
fix: parsing service file tests for windows PR #2347
fix: The spec says that calling close() on a closed connection is a noop. PR #2345 fixes Issue #2300
fix: add microsecond precision to getTimestamp() called on sql TIME(6) Currently, "when fetching a value of type TIME(6) through
resultSet.getTimestamp() only ms precision is retained, the microsecond fractional digits are lost." This change will retain the microsecond
precision when .getTimestamp() is called on TIME(6). PR #2181 Closes Issue #1537
test: materialized view privileges PR #2209 add and drop a materialized view
Add to TestUtil and also to DatabaseMetaData setup and teardown fixes Issue #2060
fix: typo in connect.md PR #2338 OutOfMemoryException => OutOfMemoryError
fix: use local TimestampUtil in PgStatement and PgResultset for thread
safety TimestampUtil is not thread safe. It raises exceptions when multiple threads use ResultSets of one connection. PR #2291
fixes Issue #921
If PgStatement and PgResultSet use their own TimestampUtil no synchronize is needed.
fix: typo in CONTRIBUTING.md PR #2332 seccion => section
The PostgreSQL JDBC team would like to thank all that have participated in this release!
The JDBC Team
[Less]
|
Posted
about 2 years
ago
Announcing the German PostgreSQL Conference 2022 & Call for Papers
PGConf.de 2022 is the sequel of the highly successful German PostgreSQL conferences 2011, 2013, 2015, 2018 and 2019.
We'll stay in Leipzig, at the same nice hotel and conference
... [More]
location as in 2019, in the middle of the town.
The conference will take place on May 13th, 2022.
Registration for the conference will be possible well in advance.
Tickets must be purchased online.
The Call for Papers is open. Go to www.postgresql.eu/events/pgconfde2022/callforpapers/ and submit your talks.
The Call for Sponsors will open soon.
See you in Leipzig in May 2022!
[Less]
|
Posted
about 2 years
ago
The AgensGraph Development Team are pleased to announce the release of AgensGraph v2.5.
AgensGraph is a new generation multi-model graph database for the modern complex data environment. AgensGraph is a multi-model database, which supports the
... [More]
relational and graph data model at the same time that enables developers to integrate the legacy relational data model and the flexible graph data model in one database. AgensGraph supports ANSI-SQL and openCypher (http://www.opencypher.org). SQL queries and Cypher queries can be integrated into a single query in AgensGraph.
AgensGraph is based on the powerful PostgreSQL RDBMS, and is very robust, fully-featured and ready for enterprise use. AgensGraph is optimized for handling complex connected graph data and provides plenty of powerful database features essential to the enterprise database environment including ACID transactions, multi-version concurrency control, stored procedure, triggers, constraints, sophisticated monitoring and a flexible data model (JSON). Moreover, AgensGraph leverages the rich eco-systems of PostgreSQL and can be extended with many outstanding external modules, like PostGIS.
For more details please see the release notes.
Major Improvements in AgensGraph v2.5.
1. Performance
Partitioning, a unique feature of relational DB, can now be used in AgensGraph as well.
1.1. Large-scale data processing
– With partitioning, large-scale data processing is improved
– Improved performance speed and the convenience of data management
– Hybrid query (Cypher+SQL) performance has been improved in relation to large data processing performance.
1.2. Query Performance
– When querying and aggregating large amounts of data, the performance of the query has been improved by hash join using parallel processing
2. Ease of Use
A stored procedure has been added. The stored procedure can package and store multiple queries into one logic.
2.1. Convenience of Data Management
– The newly added stored procedure eliminates repetitive tasks, thus saving time
– Convenience of expansion and maintenance has significantly improved
3. Algorithms
New graph algorithms are provided in a package.
3.1. Latest Graph Algorithms
– A total of 7 advanced graph algorithms such as centrality, community detection, and similarity, etc are the core of graph analysis and shall be included in the package.
4. High Availability
Information systems with high availability can operate normally for a long period of time without failure.
4.1. Agpool’s High Availability
Updated Agpool to improve high availability
– Load Balancing: when multiple users execute a query at the same time, the query is distributed across multiple servers for processing
– Auto Failover: when the master server fails, the slave server takes over instead
The new version is immediately available for download.
[Less]
|
Posted
about 2 years
ago
Apache AGE Team has released version 0.6.0 of Apache AGE(incubating)
Apache AGE(incubating) is a PostgreSQL extension that provides graph database functionality.
AGE is an acronym for A Graph Extension, and is inspired by Bitnine's fork of
... [More]
PostgreSQL 10, AgensGraph, which is a multi-model database. The goal of the project is to create single storage that can handle both relational and graph model data so that users can use standard ANSI SQL along with openCypher, the Graph query language.
Release Notes For v0.6.0
The release supports the following:
Add VLE SRF (Set Returning Function).
Fix Vertex, Edge, and Path serialization bug (AGE2-307).
Fix CREATE passback bug (AGE2-337).
Fix CREATE transaction block bug (AGE2-345).
Fix parallel build errors.
Fix Travis CI compiler warnings.
Please see the repository for details : https://github.com/apache/incubator-age/releases/tag/v0.6.0
Please feel free to use and send us an inquiry/idea about our project to Eya [email protected] (Apache AGE's active Committer)
Github Issues : https://github.com/apache/incubator-age/issues
[Less]
|
Posted
about 2 years
ago
Apache AGE Team has released version 0.6.0 of Apache AGE(incubating)
Apache AGE(incubating) is a PostgreSQL extension that provides graph database functionality.
AGE is an acronym for A Graph Extension, and is inspired by Bitnine's fork of
... [More]
PostgreSQL 10, AgensGraph, which is a multi-model database. The goal of the project is to create single storage that can handle both relational and graph model data so that users can use standard ANSI SQL along with openCypher, the Graph query language.
Release Notes For v0.6.0
The release supports the following:
Add VLE SRF (Set Returning Function).
Fix Vertex, Edge, and Path serialization bug (AGE2-307).
Fix CREATE passback bug (AGE2-337).
Fix CREATE transaction block bug (AGE2-345).
Fix parallel build errors.
Fix Travis CI compiler warnings.
Please see the repository for details : https://github.com/apache/incubator-age/releases/tag/v0.6.0
Please feel free to use and send us an inquiry/idea about our project to Eya [email protected] (Apache AGE's active Committer)
Github Issues : https://github.com/apache/incubator-age/issues
[Less]
|
Posted
about 2 years
ago
Antananarivo, Madagascar - January 23th, 2022
pgBadger
pgBadger is a PostgreSQL performance analyzer, built for speed with
fully detailed reports based on your PostgreSQL log files.
pgBadger 11.7 was released today, this release of pgBadger fixes
... [More]
some
issues reported by users since past five months as well as some improvements.
Add new option --no-progressbar option to not display it but keep the
other outputs.
Add new option --day-report that can be used to rebuild an HTML report
over the specified day. Like option --month-report but only for a day.
It requires the incremental output directories and the presence of all
necessary binary data files. The value is date in format: YYYY-MM-DD
Improve parsing of Heroku logplex and CloudSQL json logs.
For the complete list of changes, please checkout the release note
on https://github.com/darold/pgbadger/releases/tag/v11.7
Links & Credits
I would like to thank all users who submitted patches and users
who reported bugs and feature requests, they are all cited
the ChangeLog file.
pgBadger is an open project. Any contribution to build a better tool is
welcome. You just have to send your ideas, features requests or patches
using the GitHub tools or directly to [email protected].
Links :
Download: http://pgbadger.darold.net/
Support: use GitHub report tool at https://github.com/darold/pgbadger/issues
or contact [email protected].
For a complete list of commercial support near of your place take a look
at the PostgreSQL Professional Services page, they all do great job and
most of them can help you.
About pgBadger :
pgBagder is a new generation log analyzer for PostgreSQL, created by
Gilles Darold (also author of ora2pg, the powerful migration tool).
pgBadger is a fast and easy tool to analyze your SQL traffic and create
HTML5 reports with dynamics graphs. pgBadger is the perfect tool to
understand the behavior of your PostgreSQL servers and identify which
SQL queries need to be optimized.
Docs, Download & Demo at http://pgbadger.darold.net/
[Less]
|