Last-minute updates for release notes.

Security: CVE-2019-10129, CVE-2019-10130
author: Tom Lane <tgl@sss.pgh.pa.us> 2019-05-06 12:45:59 -0400
committer: Tom Lane <tgl@sss.pgh.pa.us> 2019-05-06 12:45:59 -0400
commit: ffe69b4afdae8284ad3f0d4c57640f077799cfa9 (patch)
tree: e9daf503738f67333887d4d9a88fb263be3d3cac
parent: 54ff9fa588fb85f3e192bb7fe365d9db2eeed8a9 (diff)
download: postgresql-ffe69b4afdae8284ad3f0d4c57640f077799cfa9.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml
index c55c194266..9bec0bf558 100644
--- a/doc/src/sgml/release-9.4.sgml
+++ b/doc/src/sgml/release-9.4.sgml
@@ -161,6 +161,23 @@
 
     <listitem>
      <para>
+      Check the appropriate user's permissions when enforcing rules about
+      letting a leaky operator see <structname>pg_statistic</structname>
+      data (Dean Rasheed)
+     </para>
+
+     <para>
+      When an underlying table is being accessed via a view, consider the
+      privileges of the view owner while deciding whether leaky operators
+      may be applied to the table's statistics data, rather than the
+      privileges of the user making the query.  This makes the planner's
+      rules about what data is visible match up with the executor's,
+      avoiding unnecessarily-poor plans.
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
       Avoid O(N^2) performance issue when rolling back a transaction that
       created many tables (Tomas Vondra)
      </para>
author	Tom Lane <tgl@sss.pgh.pa.us>	2019-05-06 12:45:59 -0400
committer	Tom Lane <tgl@sss.pgh.pa.us>	2019-05-06 12:45:59 -0400
commit	ffe69b4afdae8284ad3f0d4c57640f077799cfa9 (patch)
tree	e9daf503738f67333887d4d9a88fb263be3d3cac
parent	54ff9fa588fb85f3e192bb7fe365d9db2eeed8a9 (diff)
download	postgresql-ffe69b4afdae8284ad3f0d4c57640f077799cfa9.tar.gz