E.208. Release 8.0.11

[Note]

Release Date

2007-02-05

This release contains a variety of fixes from 8.0.10, including a security fix. For information about new features in the 8.0 major release, see Section E.219, « Release 8.0 ».

E.208.1. Migration to Version 8.0.11

A dump/restore is not required for those running 8.0.X. However, if you are upgrading from a version earlier than 8.0.6, see Section E.213, « Release 8.0.6 ».

E.208.2. Changes

  • Remove security vulnerabilities that allowed connected users to read backend memory (Tom)

    The vulnerabilities involve suppressing the normal check that a SQL function returns the data type it's declared to, and changing the data type of a table column (CVE-2007-0555, CVE-2007-0556). These errors can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access.

  • Fix rare bug wherein btree index page splits could fail due to choosing an infeasible split point (Heikki Linnakangas)

  • Fix for rare Assert() crash triggered by UNION (Tom)

  • Tighten security of multi-byte character processing for UTF8 sequences over three bytes long (Tom)