Two security issues have been fixed in this release which affect users
of specific PostgreSQL features:
CVE-2015-5289: json or jsonb input values constructed from arbitrary
user input can crash the PostgreSQL server and cause a denial of
service.
CVE-2015-5288: The crypt( function included with the optional pgCrypto
extension could be exploited to read a few additional bytes of memory.
No working exploit for this issue has been developed.
This update will also disable SSL renegotiation by default;
previously, it was enabled by default. SSL renegotiation will be
removed entirely in PostgreSQL versions 9.5 and later.
URL: http://www.postgresql.org/about/news/1615/
Security: CVE-2015-5288 CVE-2015-5289
release of PostgreSQL 9.4, the latest version of the world's leading
open source database, is available today. This beta contains previews
of all of the features which will be available in version 9.4, and is
ready for testing by the worldwide PostgreSQL community. Please
download, test, and report what you find.
Major Features
--------------
The new major features available for testing in this beta include:
* JSONB: 9.4 includes the new JSONB "binary JSON" type. This new
storage format for document data is higher-performance, and comes with
indexing, functions and operators for manipulating JSON data.
* Replication: The new Data Change Streaming API allows decoding and
transformation of the replication stream. This lays the foundation
for new replication tools that support high-speed and more flexible
replication and scale-out solutions.
* Materialized Views with "Refresh Concurrently", which permit
fast-response background summary reports for complex data.
* ALTER SYSTEM SET, which enables modifications to postgresql.conf
from the SQL command line and from remote clients, easing
administration tasks.
