來自PostgreSQL官方消息：PostgreSQL全球開發組剛剛在5月9日發布目前多個PostgreSQL版本更新，包括： 11.3, 10.8, 9.6.13, 9.5.17,和9.4.22。這次的版本更新主要修復兩個PostgreSQL服務器的安全問題，其中一個是關於PG的Windows安裝程序問題，同時包括最近三個月修復的60多個Bug。

強烈建議使用Windows安裝程序安裝PG的用戶盡快升級，此外任何PostgreSQL 9.5, 9.6, 10,和11也建議盡快升級。

這兩個安全漏洞是：

• CVE-2019-10127 : BigSQL Windows installer does not clear permissive ACL entries
• CVE-2019-10128 : EnterpriseDB Windows installer does not clear permissive ACL entries

其他的Bug 修復和改進包括：

• Several catalog corruption fixes, including one related to running  ALTER TABLE on a partitioned table
• Several fixes for partitioning
• Avoid server crash when an error occurs while trying to persist a cursor query across a transaction commit
• Avoid O(N^2) performance issue when rolling back a transaction that created many tables
• Fix possible “could not access status of transaction” failures in txid_status()
• Fix updatable views to handle explicit DEFAULT items in  INSERT .. VALUES statements where there are multiple VALUES rows
• Fix CREATE VIEW to allow zero-column views
• Add missing support for the  CREATE TABLE IF NOT EXISTS .. AS EXECUTE .. statement
• Ensure that sub-SELECTs appearing in row-level-security policy expressions are executed with the correct user’s permissions
• Accept XML documents as valid values of type xml when xmloption is set to content, as required by SQL:2006 and later
• Fix incompatibility of GIN-index WAL records that were introduced in 11.2, 10.7, 9.6.12, 9.5.16, and 9.4.21 that affected replica servers running these versions reading in changes to GIN indexes from primary servers of older versions
• Several memory leak fixes as well as fixes to management of dynamic shared memory
• Relax panics on fsync and sync_file_range failures for certain cases where a failure indicated “operation not supported”
• Several fixes to the query planner, several of which should lead to planning improvements
• Fix race condition in which a hot-standby postmaster could fail to shut down after receiving a smart-shutdown request
• Several fixes for SCRAM authentication
• Fix handling of  lc_time settings that imply an encoding different from the database’s encoding
• Create the  current_logfiles file with the same permissions as other files in the server’s  data directory
• Several ecpg fixes
• Make  pg_verify_checksums verify that the data directory it’s pointed at is of the right PostgreSQL version
• Several fixes for  contrib/postgres_fdw, including one for remote partitions where an UPDATE could lead to incorrect results or a crash
• Several Windows fixes