On Thu, Aug 6, 2015 at 10:33 AM, Bruce Momjian <bruce@momjian.us> wrote:
> On Sun, Jun 14, 2015 at 12:05:54PM +0100, Dean Rasheed wrote:
>> On 11 June 2015 at 05:15, Bruce Momjian <bruce@momjian.us> wrote:
>> > I have committed the first draft of the 9.5 release notes. You can view
>> > the output here:
>> >
>> > http://momjian.us/pgsql_docs/release-9-5.html
>> >
>>
>> I think it's worth mentioning
>> dcbf5948e12aa60b4d6ab65b6445897dfc971e01, probably under "General
>> Performance". It's an optimisation, and also a user-visible change to
>> the way LEAKPROOF works. Perhaps something like
>>
>> Allow pushdown of non-leakproof functions into security barrier views
>> if the function is not passed any arguments from the view.
>>
>> Previously only functions marked as LEAKPROOF could be pushed down
>> into security barrier views.
>
> Sorry, just looking at this now. Since RLS is new for 9.5, we wouldn't
> mention the RLS change in the release notes because is is part of the
> RLS new features, but we could mention the SB change --- the new text
> would be:
>
> Allow non-LEAKPROOF functions to be passed into security barrier views
> if the function does not reference any table columns (Dean Rasheed)
>
> However, this is usually a level of detail that I do not cover in the
> release notes, so I need someone else to tell me it should be added.
+1 for including it. That's a security-relevant backward incompatibility.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
