# RSQLite 2.2.7 (2021-04-22)
- Remove RStudio Connection pane support due to problems reported by
users (#352).
- Upgrade bundled SQLite to version 3.35.5 (#368).
# RSQLite 2.2.6 (2021-04-11)
- Upgrade bundled SQLite to 3.35.4 (#361).
- Implement RStudio Connection Contract (#352, @edwindj).
- `Dbdatatype()` supports extended types for connections created with
`extended_types = TRUE` (#360, @ablack3).
- `dbWriteTable()` creates tables with extended types for connections
created with `extended_types = TRUE` (#360, @ablack3).
- Remove BH dependency by inlining the header files (#362).
# RSQLite 2.2.5 (2021-03-25)
- Upgrade bundled SQLite to version 3.35.2 (#357).
- If the busy handler fails, the transaction is aborted explicitly
(#348, @gaborcsardi).
# RSQLite 2.2.4 (2021-03-12)
## Features
- Improve concurrency behavior with multiple writers (#280, @gaborcsardi).
- New `sqliteSetBusyHandler()` helps configure what SQLite should do
when the database is locked (#280, @gaborcsardi).
- `dbConnect()` gains an `extended_types` argument that adds support
for date, time and timestamp columns. If a column has a declared
type `DATE`, `TIME` or `TIMESTAMP`, it is returned as `Date`, `hms`
or `POSIXct` value, respectively (#333, @anderic1).
- Upgrade bundled SQLite to version 3.34.1 (#342).
# RSQLite 2.2.3 (2021-01-24)
## Features
- Upgrade bundled SQLite to version 3.34.1 (#342).
- `dbConnect()` gains an `extended_types` argument that adds support
for date, time and timestamp columns. If a column has a declared
type `DATE`, `TIME` or `TIMESTAMP`, it is returned as `Date`, `hms`
or `POSIXct` value, respectively (#333, @anderic1).
# RSQLite 2.2.2 (2021-01-04)
## Features
- Upgrade bundled SQLite to version 3.34 (#337).
## Bug fixes
- `dbWriteTable()` and `dbAppendTable()` use transactions with unique
savepoint IDs (#338).
- Loading extensions works when RSQLite is installed in a path with
non-ASCII characters (#310).
## Internal
- Implement automatic upgrade of bundled SQLite via GitHub Actions (#335).
- Switch to GitHub Actions (#331).
# RSQLite 2.2.1 (2020-09-28)
- Upgrade to SQLite 3.33.0 (#321).
- Use transaction for faster processing in `dbAppendTable()` (#306).
- Strings and blobs now can have a size of up to 2 GB (#314, @shutinet).
- Multipart queries now give a warning (#313).
5.45.0 (2021-06-01)
* Fix handling of NULL values in boolean columns in the ODBC adapter
(jeremyevans) (#1765)
* Add auto_validations_constraint_validations_presence_message plugin for
auto_validations/constraint_validations presence message integration
(jeremyevans)
* Support Dataset#with :materialized option on SQLite 3.35+ for [NOT]
MATERIALIZED (jeremyevans)
* Use ALTER TABLE DROP COLUMN for dropping columns on SQLite 3.35+
(jeremyevans)
Redis 6.2.4
===========
Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. MODERATE otherwise.
Fix integer overflow in STRALGO LCS (CVE-2021-32625)
An integer overflow bug in Redis version 6.0 or newer can be exploited using the
STRALGO LCS command to corrupt the heap and potentially result with remote code
execution. This is a result of an incomplete fix by CVE-2021-29477.
Bug fixes that are only applicable to previous releases of Redis 6.2:
* Fix crash after a diskless replication fork child is terminated
* Fix redis-benchmark crash on unsupported configs
Other bug fixes:
* Fix crash in UNLINK on a stream key with deleted consumer groups
* SINTERSTORE: Add missing keyspace del event when none of the sources exist
* Sentinel: Fix CONFIG SET of empty string sentinel-user/sentinel-pass configs
* Enforce client output buffer soft limit when no traffic
Improvements:
* Hide AUTH passwords in MIGRATE command from slowlog
kb is a text-oriented minimalist command line knowledge base manager.
kb can be considered a quick note collection and access tool oriented
toward software developers, penetration testers, hackers, students
or whoever has to collect and organize notes in a clean way. Although
kb is mainly targeted on text-based note collection, it supports
non-text files as well (e.g., images, pdf, videos and others).
The project was born from the frustration of trying to find a good
way to quickly access my notes, procedures, cheatsheets and lists
(e.g., payloads) but at the same time, keeping them organized. This
is particularly useful for any kind of student. I use it in the
context of penetration testing to organize pentesting procedures,
cheatsheets, payloads, guides and notes.
Packaged by Giuseppe Nebbione and shared via PR pkg/56193.
The defaults are basically based on what FreeBSD/OpenBSD are doing.
MariaDB includes several third-party storage engines (e.g. RocksDB)
which are developed out-of-tree and don't generally have the same
(e.g. portability) guarantees. Keep these disabled by default for now.
bump PKGREVISION.
DB Browser for SQLite 3.12.2
Fix saving the list of extensions in the Preferences dialog
Corrected a typo in the French translation
Updated the included SQLite and SQLCipher libraries to their latest release (SQLite 3.35.5, SQLCipher 4.4.3)
Updated the "public" certificate, used for communicating with DBHub.io anonymously
MariaDB Server is one of the most popular open source relational databases.
It's made by the original developers of MySQL.
MariaDB turns data into structured information in a wide array of applications,
ranging from banking to websites. It is an enhanced, drop-in replacement
for MySQL. MariaDB is used because it is fast, scalable and robust, with a
rich ecosystem of storage engines, plugins and many other tools make it very
versatile for a wide variety of use cases.
MariaDB is developed as open source software and as a relational database
it provides an SQL interface for accessing data. The latest versions of
MariaDB also include GIS and JSON features.
2.1.5 (2021-05-20)
* Fix compilation errors for Amazon Linux 1. Fixes#495.
* Fix segfault for login timeouts
2.1.4 (2021-05-10)
* Improve handling of network related timeouts
* Fix error reporting when preceded by info message
upstream changes:
-----------------
Version 1.0.18
o Update copyright year to 2021
o add_mysql_conn always returns success, except if crashes
o Database is always 'none', as noticed by Dialyzer
o Data is always binary, as noticed by Dialyzer
Version 1.0.17
o Update travis config
Version 1.0.15
o Fix warnings
Version 1.0.14
o Add abilty to use ssl connections
Version 1.0.13
o Update copyright year
Version 1.0.12
o Properly handle decoding of number of returned fields when there is more than 128 of them.
Version 1.0.11
o Handle close even in do_recv, this fixes potential connection being stuck after timeout
Version 1.0.10
o Make socket close always lead to terminating p1_mysql_conn
Version 1.0.9
o Add contribution guide
o Don't log errors on shutdown
Version 1.0.8
o Add support for mysql8 and cache_sha2_password authentication
Version 1.0.7
o Fix connection timeout handling
upstream changes:
-----------------
Version 1.1.11
o Update copyright year to 2021
o recv_byte returns {ok, _} or throws an error, but never returns {error, _}
Version 1.1.10
o Fix Coveralls command call
o Fix Travis setup using Rebar3
Version 1.1.9
o Update copyright to 2020
Version 1.1.8
o Update for hex.pm release
Version 1.1.7
o Add contribution guide
upstream changes:
-----------------
Release 1.1.12
o Add Github Action to release to hex.pm when tagging
o Fix wrong gen_server spec detected by Dialyzer
Release 1.1.11
o Use headers from amalagamation on darwin instead of system one
v0.23.0
Fixes
Avoid TypeError in Transaction.__repr__
Feed memoryview to writelines()
Add sslmode=allow support and fix =prefer retry
Loosen message test in test_invalid_input
Support readonly and deferrable for non-serializable transactions
Fix asyncpg with Py_DEBUG mode
Fix docs/Makefile and docs/_static/theme_overrides.css missing from PyPI package
PostgreSQL 13.3, 12.7, 11.12, 10.17, and 9.6.22 Released!
Posted on 2021-05-13 by PostgreSQL Global Development Group
PostgreSQL Project Security
The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 13.3, 12.7, 11.12, 10.17, and 9.6.22. This release closes three security vulnerabilities and fixes over 45 bugs reported over the last three months.
For the full list of changes, please review the release notes.
Security Issues
CVE-2021-32027: Buffer overrun from integer overflow in array subscripting calculations
Versions Affected: 9.6 - 13. The security team typically does not test unsupported versions, but this problem is quite old.
While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory.
The PostgreSQL project thanks Tom Lane for reporting this problem.
CVE-2021-32028: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
Versions Affected: 9.6 - 13. The security team typically does not test unsupported versions. The feature first appeared in 9.5.
Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas cannot use this attack at will.
The PostgreSQL project thanks Andres Freund for reporting this problem.
CVE-2021-32029: Memory disclosure in partitioned-table UPDATE ... RETURNING
Versions Affected: 11 - 13
Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas typically cannot use this attack at will.
The PostgreSQL project thanks Tom Lane for reporting this problem.
Bug Fixes and Improvements
This update fixes over 45 bugs that were reported in the last several months. Some of these issues only affect version 13, but could also apply to other supported versions.
Some of these fixes include:
Fix potential incorrect computation of UPDATE ... RETURNING outputs for joined, cross-partition updates.
Fix ALTER TABLE ... ALTER CONSTRAINT when used on foreign-key constraints on partitioned tables. The command would fail to adjust the DEFERRABLE and/or INITIALLY DEFERRED properties of the constraints and triggers of leaf partitions, leading to unexpected behavior. After updating to this version, you can execute the ALTER TABLE ... ALTER CONSTRAINT command to fix any misbehaving partitioned tables.
Ensure that when a child table is attached with ALTER TABLE ... INHERIT that generated columns in the parent are generated in the same way in the child.
Forbid marking an identity column as NULL.
Allow ALTER ROLE ... SET/ALTER DATABASE ... SET to set the role, session_authorization, and temp_buffers parameters.
Ensure that REINDEX CONCURRENTLY preserves any statistics target set for the index.
Fix an issue where, in some cases, saving records within AFTER triggers could cause crashes.
Fix how to_char() handles Roman-numeral month format codes with negative intervals.
Fix use of uninitialized value while parsing an \{m,n\} quantifier in a BRE-mode regular expression.
Fix "could not find pathkey item to sort" planner errors that occur in some situations when the sort key involves an aggregate or window function.
Fix issue with BRIN index bitmap scans that could lead to "could not open file" errors.
Fix potentially wrong answers from GIN tsvector index searches when there are many matching records.
Fixes for COMMIT AND CHAIN functionality on both the server and psql.
Avoid incorrect timeline change while recovering uncommitted two-phase transactions from WAL, which could lead to consistency issues and the inability to restart the server.
Ensure thatwal_sync_method is set to fdatasync by default on newer FreeBSD releases.
Disable the vacuum_cleanup_index_scale_factor parameter and storage option.
Fix several memory leaks in the server, including one with SSL/TLS parameter initialization.
Restore the previous behavior of \connect service=XYZ to psql, i.e. disallow environmental variables (e.g. PGPORT) from overriding entries in the service file.
Fix how pg_dump handles generated columns in partitioned tables.
Add additional checks to pg_upgrade for user tables containing non-upgradable data types.
On Windows, initdb now prints instructions about how to start the server with pg_ctl using backslash separators.
Fix pg_waldump to count XACT records correctly when generating per-record statistics.
package is experimental right now - it was confirmed working on NetBSD
and compile on macOS only for now
8.0 brings many improvements over 5.7, following is shortened list, more details
are available on https://dev.mysql.com/doc/refman/8.0/en/mysql-nutshell.html
- transactional data dictionary
- atomic DDL
- integrated upgrade procedure
- security and account management improvements
- resource groups and threads (thread affinity needs some work for NetBSD)
- table encryption management
- loads of innodb enhancements
- default character set utf8mb4
- JSON enhancements
- CTE, Window functions
- lateral derived tables
- reworked regular experssion support
- internal temporary tables
- HASH JOIN optimization
- EXPLAIN ANALYZE
- time zone support for TIMESTAMP and DATETIME
- optimizer hints for FORCE INDEX, IGNORE INDEX
- XML enhancements
- single preparation of statements
- single RIGHT JOIN as LEFT JOIN handling
- derived condition pushdown optimization
Number of features were also deprecated, check the release notes for that
