Download PostgreSQL 9.6.4 / 9.5.8 / 9.4.13 / 9.3.18 / 9.2.22

PostgreSQL is an open source relational database management system, which can be run on various operating systems. This makes it widely applicable in different environments. The developers have released another series of new versions, with 9.6.4, 9.5.8, 9.4.13, 9.3.18 and 9.2.22 as version numbers. Users of older releases are advised to upgrade. The corresponding PostgreSQL announcement looks like this:

2017-08-10 Security Update Release

The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.6.4, 9.5.8, 9.4.13, 9.3.18, and 9.2.22. This release fixes three security issues. It also patches over 50 other bugs reported over the last three months. Users who are affected by the below security issues should update as soon as possible. Users affected by CVE-2017-7547 will need to perform additional steps after upgrading to resolve the issue. Other users should plan to update at the next convenient downtime.

Security Issues

Three security vulnerabilities have been closed by this release:

• CVE-2017-7546: Empty password accepted in some authentication methods
• CVE-2017-7547: The “pg_user_mappings” catalog view discloses passwords to users lacking server privileges
• CVE-2017-7548: lo_put() function ignores ACLs

Bug Fixes and Improvements

This update also fixes a number of bugs reported in the last few months. Some of these issues affect only version 9.6, but many affect all supported versions:

• pg_upgrade: corrected the documentation about the process for upgrading standby servers to ensure the primary and standbys synchronized safely. Also includes a fix to ensure the last WAL record does not have “wal_level = minimum” which would prevent standbys from connecting upon restart
• Fix for issue with a concurrent locking race condition that could cause some of the updates to fail
• Several fixes for low probability data corruption scenarios
• Fix to prevent crash when sorting more than one billion tuples in-memory
• Fix on Windows to retry creating a process if shared memory addresses could not be allocated, typically caused from antivirus software interference
• Fix in libpq to ensure that failed connection attempts using GSS/SASL and SSPI authentication are reset properly
• Fixes for SSL connection handling and logging
• Fix to allow window functions to be used in sub-SELECT statements that are within the arguments of an aggregate function
• Allow parallelism in the query plan when COPY when copying from a query
• Several fixes to ALTER TABLE
• Fix to ensure that ALTER USER … SET and ALTER ROLE … SET accepts the same syntax variants
• Fixes for the statistics collector, ensuring statistics requests made just after a postmaster shutdown request will be written to disk
• Fix possible creation of an invalid WAL segment during standby promotion
• Several walsender / walreceiver fixes, particularly around signal handling and shutdowns / restarts
• Several logic decoding fixes, including removing leakage of small subtransactions to disk
• Allow a CHECK constraints to be initially NOT VALID when executing CREATE FOREIGN TABLE
• Fixes to postgres_fdw for applying changes promptly after ALTER SERVER / ALTER USER MAPPING commands and improving ability to escape from an unresponsive server
• Several fixes for pg_dump and pg_restore, including a fix for pg_dump output to stdout on Windows
• Fix pg_basebackup output to stdout on Windows, similar to the fix for pg_dump
• Fix pg_rewind to correctly handle files exceeding 2GB, though files of such size should rarely appear in a data directory
• Several fixes for building PostgreSQL with Microsoft Visual C (MSVC), primarily around sourcing libraries

EOL Warning for Version 9.2
PostgreSQL version 9.2 will be End-of-Life in September, 2017. The project expects to only release one more update for that version. We urge users to start planning an upgrade to a later version of PostgreSQL as soon as possible. See our Versioning Policy for more information.