On Thu, Aug 6, 2015 at 01:48:26PM -0400, Robert Haas wrote:
> On Thu, Aug 6, 2015 at 10:33 AM, Bruce Momjian <bruce@momjian.us> wrote:
> > On Sun, Jun 14, 2015 at 12:05:54PM +0100, Dean Rasheed wrote:
> >> On 11 June 2015 at 05:15, Bruce Momjian <bruce@momjian.us> wrote:
> >> > I have committed the first draft of the 9.5 release notes. You can view
> >> > the output here:
> >> >
> >> > http://momjian.us/pgsql_docs/release-9-5.html
> >> >
> >>
> >> I think it's worth mentioning
> >> dcbf5948e12aa60b4d6ab65b6445897dfc971e01, probably under "General
> >> Performance". It's an optimisation, and also a user-visible change to
> >> the way LEAKPROOF works. Perhaps something like
> >>
> >> Allow pushdown of non-leakproof functions into security barrier views
> >> if the function is not passed any arguments from the view.
> >>
> >> Previously only functions marked as LEAKPROOF could be pushed down
> >> into security barrier views.
> >
> > Sorry, just looking at this now. Since RLS is new for 9.5, we wouldn't
> > mention the RLS change in the release notes because is is part of the
> > RLS new features, but we could mention the SB change --- the new text
> > would be:
> >
> > Allow non-LEAKPROOF functions to be passed into security barrier views
> > if the function does not reference any table columns (Dean Rasheed)
> >
> > However, this is usually a level of detail that I do not cover in the
> > release notes, so I need someone else to tell me it should be added.
>
> +1 for including it. That's a security-relevant backward incompatibility.
Thanks, done. I was not aware of the complexity of this issue. Applied
patch attached.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +