--- /dev/null
+The PostgreSQL Global Development Group has released an update to all supported
+versions of PostgreSQL, including 14.5, 13.8, 12.12, 11.17, and 10.22, as well
+as the third beta release of PostgreSQL 15. This
+release closes one security vulnerability and fixes over 40 bugs reported over
+the last three months.
+
+For the full list of changes, please review the
+[release notes](https://www.postgresql.org/docs/release/).
+
+PostgreSQL 10 EOL Upcoming
+--------------------------
+
+PostgreSQL 10 will stop receiving fixes on November 10, 2022. If you are
+running PostgreSQL 10 in a production environment, we strongly advise that you
+make plans to upgrade to a newer, supported version of PostgreSQL so you can
+continue to receive bug and security fixes. Please see our
+[versioning policy](https://www.postgresql.org/support/versioning/) for more
+information.
+
+Security Issues
+---------------
+
+### [CVE-2022-2625](https://www.postgresql.org/support/security/CVE-2022-2625/): Extension scripts replace objects not belonging to the extension.
+
+Versions Affected: 10 - 14. The security team typically does not test
+unsupported versions, but this problem is quite old.
+
+Some extensions use `CREATE OR REPLACE` or `CREATE IF NOT EXISTS` commands.
+However, some don't adhere to the documented rule to target only objects known
+to be extension members already. An attack requires permission to create
+non-temporary objects in at least one schema, ability to lure or wait for an
+administrator to create or update an affected extension in that schema, and
+ability to lure or wait for a victim to use the object targeted in
+`CREATE OR REPLACE` or `CREATE IF NOT EXISTS`.
+
+Given all three prerequisites, the attacker can run arbitrary code as the victim
+role, which may be a superuser. Known-affected extensions include both
+PostgreSQL-bundled and non-bundled extensions. PostgreSQL blocks this attack in
+the core server, so there's no need to modify individual extensions.
+
+The PostgreSQL project thanks Sven Klemm for reporting this problem.
+
+A Note on the PostgreSQL 15 Beta
+--------------------------------
+
+This release marks the third beta release of PostgreSQL 15 and puts the
+community one step closer to general availability tentatively around the end of
+the third quarter.
+
+In the spirit of the open source PostgreSQL community, we strongly encourage you
+to test the new features of PostgreSQL 15 on your systems to help us eliminate
+bugs or other issues that may exist. While we do not advise you to run
+PostgreSQL 15 Beta 3 in production environments, we encourage you to find ways
+to run your typical application workloads against this beta release.
+
+Your testing and feedback will help the community ensure that PostgreSQL 15
+upholds our standards of delivering a stable, reliable release of the world's
+most advanced open source relational database. Please read more about our
+[beta testing process](https://www.postgresql.org/developer/beta/) and how you
+can contribute:
+
+ [https://www.postgresql.org/developer/beta/](https://www.postgresql.org/developer/beta/)
+
+You can find information about all of the PostgreSQL 15 features and changes in
+the [release notes](https://www.postgresql.org/docs/15/release-15.html):
+
+ [https://www.postgresql.org/docs/15/release-15.html](https://www.postgresql.org/docs/15/release-15.html)
+
+Bug Fixes and Improvements
+--------------------------
+
+This update fixes over 40 bugs that were reported in the last several months.
+The issues listed below affect PostgreSQL 14. Some of these issues may also
+affect other supported versions of PostgreSQL.
+
+Included in this release:
+
+* Fix replay of [`CREATE DATABASE`](https://www.postgresql.org/docs/current/sql-createdatabase.html)
+write-ahead log (WAL) records on standby servers when encountering a missing
+[tablespace](https://www.postgresql.org/docs/current/manage-ag-tablespaces.html)
+directory.
+* Add support for [tablespaces](https://www.postgresql.org/docs/current/manage-ag-tablespaces.html)
+that are plain directories instead of symbolic links to other directories.
+* Fix permission checks in [`CREATE INDEX`](https://www.postgresql.org/docs/current/sql-createindex.html)
+to use the user's permissions. This fixes broken dump/restore scenarios that
+relied on the behavior prior to the fix for
+[CVE-2022-1552](https://www.postgresql.org/support/security/CVE-2022-1552/).
+* In the extended query protocol, force an immediate commit after
+[`CREATE DATABASE`](https://www.postgresql.org/docs/current/sql-createdatabase.html)
+and other commands that can't run in a transaction block.
+* Fix a race condition around checking transaction visibility that was more
+likely to happen when using synchronous replication.
+* Fix incorrect permission-checking code for
+[extended statistics](https://www.postgresql.org/docs/current/planner-stats.html#PLANNER-STATS-EXTENDED).
+* Fix extended statistics machinery to handle
+[most common value](https://www.postgresql.org/docs/current/planner-stats.html#id-1.5.13.5.4.13)
+([MCV](https://www.postgresql.org/docs/current/planner-stats.html#id-1.5.13.5.4.13))-type
+statistics on boolean-valued expressions.
+* Avoid planner core dump with constant
+[`= ANY(array)`](https://www.postgresql.org/docs/current/functions-subquery.html#FUNCTIONS-SUBQUERY-ANY-SOME)
+clauses when there are
+[MCV-type extended statistics](https://www.postgresql.org/docs/current/planner-stats.html#id-1.5.13.5.4.13)
+on the `array` variable.
+* Allow cancellation of [`ANALYZE`](https://www.postgresql.org/docs/current/sql-analyze.html)
+while it is computing extended statistics.
+* Fix [`ALTER TABLE ... ENABLE/DISABLE TRIGGER`](https://www.postgresql.org/docs/current/sql-altertable.html)
+to handle recursion for triggers on partitioned tables.
+* Reject `ROW()` expressions and functions in `FROM` that have more than 1600
+columns.
+* Fix memory leak in logical replication subscribers.
+* Fix checks in logical replication of replica identity when the target table is
+partitioned.
+* Arrange to clean up after commit-time errors within
+[`SPI_commit()`](https://www.postgresql.org/docs/current/spi-spi-commit.html),
+rather than expecting callers to do that. This includes a fix for the same
+scenario in [PL/Python](https://www.postgresql.org/docs/current/plpython.html),
+which had reported crashes on Python 3.11 and memory leaks on older versions of
+Python 3.
+* Improve handling in `libpq` of idle states in
+[pipeline mode](https://www.postgresql.org/docs/current/libpq-pipeline-mode.html).
+* In the [`psql`](https://www.postgresql.org/docs/current/app-psql.html)
+`\watch` command, echo a newline after cancellation with control-C.
+* Fix [`pg_upgrade`](https://www.postgresql.org/docs/current/pgupgrade.html) to
+detect non-upgradable usages of functions accepting `anyarray` parameters.
+* Several [`postgres_fdw`](https://www.postgresql.org/docs/current/postgres-fdw.html)
+fixes, including prevention of batch insertions when there are
+`WITH CHECK OPTION` constraints present.
+
+For the full list of changes available, please review the
+[release notes](https://www.postgresql.org/docs/release/).
+
+Updating
+--------
+
+All PostgreSQL update releases are cumulative. As with other minor releases,
+users are not required to dump and reload their database or use `pg_upgrade` in
+order to apply this update release; you may simply shutdown PostgreSQL and
+update its binaries.
+
+Users who have skipped one or more update releases may need to run additional,
+post-update steps; please see the release notes for earlier versions for
+details.
+
+For more details, please see the
+[release notes](https://www.postgresql.org/docs/release/).
+
+Updating to PostgreSQL 15 Beta 3
+--------------------------------
+
+To upgrade to PostgreSQL 15 Beta 3 from Beta 2, Beta 1, or an earlier version of
+PostgreSQL, you will need to use a strategy similar to upgrading between
+major versions of PostgreSQL (e.g. `pg_upgrade` or `pg_dump` / `pg_restore`).
+For more information, please visit the documentation section on
+[upgrading](https://www.postgresql.org/docs/15/static/upgrading.html).
+
+Testing for Bugs & Compatibility
+--------------------------------
+
+The stability of each PostgreSQL release greatly depends on you, the community,
+to test the upcoming version with your workloads and testing tools to find bugs
+and regressions before the general availability of PostgreSQL 15. As
+this is a beta release , changes to database behaviors, feature details,
+APIs are still possible. Your feedback and testing will help determine the final
+tweaks on the new features, so please test in the near future. The quality of
+user testing helps determine when we can make a final release.
+
+A list of [open issues](https://wiki.postgresql.org/wiki/PostgreSQL_15_Open_Items)
+is publicly available in the PostgreSQL wiki. You can
+[report bugs](https://www.postgresql.org/account/submitbug/) using this form on
+the PostgreSQL website:
+
+ [https://www.postgresql.org/account/submitbug/](https://www.postgresql.org/account/submitbug/)
+
+Links
+-----
+* [Download](https://www.postgresql.org/download/)
+* [Release Notes](https://www.postgresql.org/docs/release/)
+* [Security](https://www.postgresql.org/support/security/)
+* [Versioning Policy](https://www.postgresql.org/support/versioning/)
+* [Beta Testing Information](https://www.postgresql.org/developer/beta/)
+* [PostgreSQL 15 Beta Release Notes](https://www.postgresql.org/docs/15/release-15.html)
+* [PostgreSQL 15 Open Issues](https://wiki.postgresql.org/wiki/PostgreSQL_15_Open_Items)
+* [Follow @postgresql on Twitter](https://twitter.com/postgresql)
projects / press.git / commitdiff