for provider in settings.OAUTH.keys():
urlpatterns.append(url(r'^login/({0})/$'.format(provider), 'pgweb.account.oauthclient.login_oauth'))
-
return render_to_response('contributors/list.html', {
'contributortypes': contributortypes,
}, NavContext(request, 'community'))
-
class Meta:
model = Product
exclude = ('lastconfirmed', 'approved', )
-
class Meta:
unique_together = ('textid', 'version', 'platform', )
ordering = ('textid', 'name', 'platform', )
-
def ftpbrowser(request, subpath):
if subpath:
# An actual path has been selected. Fancy!
-
+
if subpath.find('..') > -1:
# Just claim it doesn't exist if the user tries to do this
# type of bad thing
# Fetch files
files = [{'name': k, 'mtime': v['d'], 'size': v['s']} for k,v in node.items() if v['t'] == 'f']
-
+
breadcrumbs = []
if subpath:
breadroot = ""
x.endElement('applications')
x.endDocument()
return resp
-
def item_pubdate(self, obj):
return datetime.combine(obj.startdate,time.min)
-
title = models.CharField(max_length=100, null=False, blank=False)
isonline = models.BooleanField(null=False, default=False, verbose_name="Online event")
city = models.CharField(max_length=50, null=False, blank=True)
- state = models.CharField(max_length=50, null=False, blank=True)
+ state = models.CharField(max_length=50, null=False, blank=True)
country = models.ForeignKey(Country, null=True, blank=True)
language = models.ForeignKey(Language, null=True, blank=True, default='eng', help_text="Primary language for event. When multiple languages, specify this in the event description")
-
+
training = models.BooleanField(null=False, blank=False, default=False)
startdate = models.DateField(null=False, blank=False, verbose_name="Start date")
enddate = models.DateField(null=False, blank=False, verbose_name="End date")
-
+
summary = models.TextField(blank=False, null=False, help_text="A short introduction (shown on the events listing page)")
details = models.TextField(blank=False, null=False, help_text="Complete event description")
-
+
send_notification = True
markdown_fields = ('details', 'summary', )
-
+
def purge_urls(self):
yield '/about/event/%s/' % self.pk
yield '/about/events/'
return self.startdate
else:
return "%s – %s" % (self.startdate, self.enddate)
-
+
@property
def locationstring(self):
if self.isonline:
class Meta:
ordering = ('-startdate','-enddate',)
-
def form(request, itemid):
return simple_form(Event, itemid, request, EventForm,
redirect='/account/edit/events/')
-
return render_to_response('featurematrix/featuredetail.html', {
'feature': feature,
}, NavContext(request, 'about'))
-
email = forms.EmailField(max_length=100,required=True,label="Email address")
action = forms.ChoiceField(required=True, choices=(('subscribe','Subscribe'),('unsubscribe','Unsubscribe')))
lists = forms.ModelChoiceField(required=True, queryset=MailingList.objects.filter(active=True), label="Mailinglist")
-
def __unicode__(self):
return self.groupname
-
+
class Meta:
ordering = ('sortkey', )
def __unicode__(self):
return self.listname
-
+
class Meta:
ordering = ('listname', )
'operation': 'Legacy subscription',
'jquery': True,
'form_intro': """
-<b>Note 1:</b> Please ensure you read the <a
+<b>Note 1:</b> Please ensure you read the <a
href="https://wiki.postgresql.org/wiki/Archives_Policy">Archive Policy</a>
before posting to the lists.</p>
-<p><b>Note 2:</b> Please do not subscribe to mailing lists using e-mail
-accounts protected by mail-back anti-spam systems. These are extremely annoying
+<p><b>Note 2:</b> Please do not subscribe to mailing lists using e-mail
+accounts protected by mail-back anti-spam systems. These are extremely annoying
to the list maintainers and other members, and you may be automatically unsubscribed."""
}, NavContext(request, "community"))
if self.cleaned_data.get('pgversion') == '-1':
raise forms.ValidationError('You must select a version')
return self.cleaned_data.get('pgversion')
-
def item_pubdate(self, obj):
return datetime.combine(obj.date,time.min)
-
class Meta:
model = NewsArticle
exclude = ('submitter', 'approved', )
-
yield '/news.rss'
# FIXME: when to expire the front page?
yield '/$'
-
+
def __unicode__(self):
return "%s: %s" % (self.date, self.title)
-
+
def verify_submitter(self, user):
return (len(self.org.managers.filter(pk=user.pk)) == 1)
def form(request, itemid):
return simple_form(NewsArticle, itemid, request, NewsArticleForm,
redirect='/account/edit/news/')
-
class Meta:
model = ProfessionalService
exclude = ('submitter', 'approved', )
-
provides_support = models.BooleanField(null=False, default=False)
provides_hosting = models.BooleanField(null=False, default=False)
interfaces = models.CharField(max_length=512, null=True, blank=True, verbose_name="Interfaces (for hosting)")
-
+
purge_urls = ('/support/professional_', )
-
+
send_notification = True
-
+
def verify_submitter(self, user):
return (len(self.org.managers.filter(pk=user.pk)) == 1)
def __unicode__(self):
return self.org.name
-
+
class Meta:
ordering = ('org__name',)
-
# DB model is a bit funky here, so use the extra-where functionality to filter properly.
# Field names are cleaned up earlier, so it's safe against injections.
services = ProfessionalService.objects.select_related('org').filter(approved=True).extra(where=["region_%s AND provides_%s" % (regionname, what),])
-
+
return render_to_response('profserv/list.html', {
'title': title,
'support': support,
who = models.CharField(max_length=100, null=False, blank=False)
org = models.CharField(max_length=100, null=False, blank=False)
link = models.URLField(null=False, blank=False)
-
+
send_notification = True
purge_urls = ('/about/quotesarchive/', '/$', )
#from django.db import models
-
# Load local settings overrides
from settings_local import *
-
admin.site.register(SponsorType)
admin.site.register(Sponsor)
admin.site.register(Server)
-
def __unicode__(self):
return self.typename
-
+
class Meta:
ordering = ('sortkey', )
-
+
class Sponsor(models.Model):
sponsortype = models.ForeignKey(SponsorType, null=False)
name = models.CharField(max_length=128, null=False, blank=False)
def __unicode__(self):
return self.name
-
+
class Meta:
ordering = ('name', )
os = models.CharField(max_length=32, null=False, blank=False)
location = models.CharField(max_length=128, null=False, blank=False)
usage = models.TextField(null=False, blank=False)
-
+
purge_urls = ('/about/servers/', )
def __unicode__(self):
return self.name
-
+
class Meta:
ordering = ('name', )
-
return render_to_response('sponsors/servers.html', {
'servers': servers,
}, NavContext(request, 'about'))
-
admin.site.register(Survey, SurveyAdmin)
admin.site.register(SurveyLock)
admin.site.register(SurveyAnswer, SurveyAnswerAdmin)
-
class SurveyLock(models.Model):
ipaddr = models.GenericIPAddressField(null=False, blank=False)
time = models.DateTimeField(null=False, auto_now_add=True)
-
varnish_purge("/community/survey/%s/" % surveyid)
return HttpResponseRedirect("/community/survey/%s/" % surveyid)
-
return None
return None # Should never get here, but just in case...
-
elif hasattr(instance, 'verify_submitter'):
if not instance.verify_submitter(request.user):
raise Exception("You are not the owner of this item!")
-
+
if request.method == 'POST':
# Process this form
form = formclass(data=request.POST, instance=instance)
self.startElement(name, {})
self.characters(value)
self.endElement(name)
-
from django.http import HttpResponseRedirect, HttpResponse
from django.conf import settings
-# Use thread local storage to pass the username down.
+# Use thread local storage to pass the username down.
# http://code.djangoproject.com/wiki/CookBookThreadlocalsAndUser
try:
from threading import local, currentThread
have an urgent need to log in.
</p>
{%endblock%}
-
complete these fields, and then try again.
</p>
{%endblock%}
-
{%endfor%}
</table>
{%endblock%}
-
<script type="text/javascript" src="https://www.google.com/recaptcha/api.js?hl=en" async defer></script>
{%endif%}
{%endblock%}
-
{%block contents%}{%endblock%}
</div> <!-- pgContentWrap -->
{%endblock%}
-
<p>All contributors are listed in alphabetical order.
Please report omissions or corrections to the <a href="mailto:webmaster@postgresql.org">webmaster</a>.</p>
{%endblock%}
-
{%endif%}
<a href="{{masterserver}}/redir/{{mirror.id}}/f/{{path}}">ftp</a>
</div>
-
of any of them.</i></p>
{%endblock%}
-
{%load markup%}
{{obj.summary|markdown}}
-
{{feature.featuredescription}}
</p>
{%endblock%}
-
will receive a confirmation email shortly.</p>
{%endblock%}
-
queue.
</p>
{%endblock%}
-
website. We apologise for any formatting issues caused by the migration.</i></p>
{%endif%}
{%endblock%}
-
{%endfor%}
<p><a href="/account/news/new/">Submit news</a></p>
{%endblock%}
-
{%load markup%}
{{obj.content|markdown}}
-
accommodate. There are active PostgreSQL systems in production environments that
manage in excess of 4 terabytes of data. Some general PostgreSQL limits are
included in the table below. </p><div class="informaltable"><a name="table1"></a><table border="0"><colgroup><col /><col /></colgroup><thead><tr><th><span class="bold"><b>Limit</b></span></th><th><span class="bold"><b>Value</b></span></th></tr></thead><tbody><tr><td>Maximum Database Size</td><td>Unlimited</td></tr><tr><td>Maximum Table Size</td><td>32 TB</td></tr><tr><td>Maximum Row Size</td><td>1.6 TB</td></tr><tr><td>Maximum Field Size</td><td>1 GB</td></tr><tr><td>Maximum Rows per Table</td><td>Unlimited</td></tr><tr><td>Maximum Columns per Table</td><td>250 - 1600 depending on column types</td></tr><tr><td>Maximum Indexes per Table</td><td>Unlimited</td></tr></tbody></table></div>
-<p>PostgreSQL has won <a href="/about/quotesarchive">praise from its users</a> and <a href="/about/awards">industry recognition</a>, including the Linux New Media Award for Best Database System and five time winner of the The Linux Journal Editors' Choice Award for best DBMS.
+<p>PostgreSQL has won <a href="/about/quotesarchive">praise from its users</a> and <a href="/about/awards">industry recognition</a>, including the Linux New Media Award for Best Database System and five time winner of the The Linux Journal Editors' Choice Award for best DBMS.
</p>
<h2>Featureful and Standards Compliant</h2><p>PostgreSQL prides itself in standards compliance. Its SQL implementation
Java (JDBC), ODBC, Perl, Python, Ruby, C, C++, PHP, Lisp, Scheme, and Qt just to
name a few.
</p><p>Best of all, PostgreSQL's source code is available under a liberal
-open source license: the <a href="http://www.opensource.org/licenses/postgresql">PostgreSQL License</a>.
+open source license: the <a href="http://www.opensource.org/licenses/postgresql">PostgreSQL License</a>.
This license gives you the freedom to use,
modify and distribute PostgreSQL in any form you like, open or closed
source. Any modifications, enhancements, or changes you make are yours to do
<a name="gui"></a>
<h2>GUI database design and administration tools</h2>
-<p>There are many high-quality GUI Tools available for PostgreSQL from both open source developers and commercial providers. A list is available on our wiki as a <a href="https://wiki.postgresql.org/wiki/Community_Guide_to_PostgreSQL_GUI_Tools">community guide</a> to PostgreSQL GUI Tools.
+<p>There are many high-quality GUI Tools available for PostgreSQL from both open source developers and commercial providers. A list is available on our wiki as a <a href="https://wiki.postgresql.org/wiki/Community_Guide_to_PostgreSQL_GUI_Tools">community guide</a> to PostgreSQL GUI Tools.
<a name="features"></a>
<h2>Technical Features</h2>
</p>
{%endblock%}
-
funds group directly at <a href="mailto:funds-group@postgresql.org">funds-group@postgresql.org</a>.
</p>
-<h2>User Group Liaison</h2>
+<h2>User Group Liaison</h2>
<p>A member of a PostgreSQL User group, looking to start a user group or need resources for a user group. </p>
<p>For press enquiries, please refer to the <a href="/about/press">Press</a> section.
This section includes information on regional contacts as well.</p>
-
+
<h2>Technical Support</h2>
<p>If you are looking for help with PostgreSQL, or this website.</p>
<p><a href="/support">Community support</a></p>
<p>PostgreSQL donations are managed by the <a href="https://wiki.PostgreSQL.org/wiki/SponsorShip">Fund raising Group</a>. The money donated goes to many vital services that the PostgreSQL community needs including advocacy materials, conference expenses, legal expenses, and travel costs.</p>
<h3>Donate by Credit Card (preferred)</h3>
-<p>Donation via credit card is handled through USA ePay using the form below.
+<p>Donation via credit card is handled through USA ePay using the form below.
<!-- begin PaySimple form -->
</p>
<form id="form1" method="post" action="https://www.usaepay.com/interface/epayform/">
-<div class="tblBasic">
+<div class="tblBasic">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr><td class="colFirst" valign="top">
and deposited into the PostgreSQL account at Software in the Public
Interest.<br />
<input name="UMdescription" value="PostgreSQL General Contribution" type="hidden">
- <input name="UMkey" value="faI13GX2IiFk4j415yTWXIGo7i3Hb6M5" type="hidden">
+ <input name="UMkey" value="faI13GX2IiFk4j415yTWXIGo7i3Hb6M5" type="hidden">
<input name="UMcommand" value="sale" type="hidden" />
<input type="submit" class="cp_button_609397530555" tabindex="2" value="Donate via SPI" />
<input name="UMcommand" value="sale" type="hidden" />
<h3>Tax deductibility</h3>
<p>Please be aware that PostgreSQL contributions may or may not be tax exempt. For more information please see the <a href="http://www.spi-inc.org/donations">SPI website</a> and your local tax advisor. If you would like to donate non-monetary items such as computers or other equipment, please contact <a
href="mailto:josh@postgresql.org">Josh Berkus</a>.</p>
-
+
<h2>Infrastructure Donations</h2>
<p>There are many companies that donate <a href="/about/servers">servers.</a></p>
-
+
{%endblock%}
{%block title%}History{%endblock%}
{%block contents%}
<h1>History</h1>
-<p>Given its powerful and advanced features, you may wonder how such a
-valuable piece of software came to be both free and open source. As with
-many other key open source projects, the answer starts at the University of
+<p>Given its powerful and advanced features, you may wonder how such a
+valuable piece of software came to be both free and open source. As with
+many other key open source projects, the answer starts at the University of
California at Berkeley (UCB).</p>
-<p>PostgreSQL, originally called Postgres, was created at
+<p>PostgreSQL, originally called Postgres, was created at
UCB by a computer science professor named Michael Stonebraker,
who went on to become the CTO of Informix Corporation. Stonebraker
started Postgres in 1986 as a followup project to its predecessor, Ingres, now
its current name: PostgreSQL. ("Postgres" is still used as an easy-to-pronounce
nick-name.)</p>
<p>PostgreSQL began at version 6.0, giving credit to its many years of prior
-development. With the help of hundreds of developers from around the world,
-the system was changed and improved in almost every area. Over the next four years
+development. With the help of hundreds of developers from around the world,
+the system was changed and improved in almost every area. Over the next four years
(versions 6.0 - 7.0), major improvements and new features were made such as:
</p>
<div class="itemizedlist"><ul><li><p><tt class="prompt">Multiversion Concurrency Control (MVCC).</tt>
continues to improve in both sophistication and performance, now more than
ever. Version 8.0 is PostgreSQL's long awaited debut into the enterprise
database market, bringing features such as tablespaces, Java stored procedures,
-point in time recovery, and nested transactions (savepoints).
+point in time recovery, and nested transactions (savepoints).
With it came a long awaited feature --- a native Windows port.</p>
<p>
Many organizations, government agencies and companies use PostgreSQL.
</p>
<h2>Why not the GNU General Public License?</h2>
-<p>People often ask why PostgreSQL is not released under the GNU General
-Public License. The simple answer is because we like our license and do not
-want to change it. If you are keen to read more about this topic, then please
+<p>People often ask why PostgreSQL is not released under the GNU General
+Public License. The simple answer is because we like our license and do not
+want to change it. If you are keen to read more about this topic, then please
take a look in the <a href="/list/">Archives</a> at
-any of the many threads on this subject, but please don't start yet another
+any of the many threads on this subject, but please don't start yet another
debate on the subject!
</p>
{%endblock%}
<ul>
<li>Bricolage</li>
<li>Debian</li>
- <li>FreshPorts</li>
+ <li>FreshPorts</li>
<li>FLPR (FreeBsd,LightHttpd,PostgreSQL,Ruby)</li>
<li>GForge</li>
<li>LAMP (Linux/Apache/Middleware(Perl,PHP,Python,Ruby)/PostgreSQL)</li>
<td class="colLast">A Russian community site</td>
</tr>
-<tr class="lastrow">
+<tr class="lastrow">
<td class="colFirst"><a href="http://www.postgresql.org.tr/">TΓΌrkce</a></td>
<td class="colLast">TΓΌrkiye PostgreSQL KullanΔ±cΔ±larΔ± Grubu</td>
</tr>
<h1>Propaganda</h1>
-<p><a href="http://www.templatemonster.com">Template Monster</a>, a graphics and website design company, has provided us with a number of updated PostgreSQL related graphics that you can use on your website. Right click on these images and select "Save As" to save the logo, then link them to the PostgreSQL home page at www.postgresql.org. You can also find more logos for different styles and colors, and the source files for these graphics, on our logo project page at <a href="http://pgfoundry.org/projects/graphics/">http://pgfoundry.org/projects/graphics/</a> in case you want to play around with them and maybe submit your own.
+<p><a href="http://www.templatemonster.com">Template Monster</a>, a graphics and website design company, has provided us with a number of updated PostgreSQL related graphics that you can use on your website. Right click on these images and select "Save As" to save the logo, then link them to the PostgreSQL home page at www.postgresql.org. You can also find more logos for different styles and colors, and the source files for these graphics, on our logo project page at <a href="http://pgfoundry.org/projects/graphics/">http://pgfoundry.org/projects/graphics/</a> in case you want to play around with them and maybe submit your own.
</p>
<table>
<p>A PostgreSQL database developer is someone who is actually working on the project, not someone using it to develop
an application or a website. We don't hire programmers, we reach across the Internet, drawing the best database
-developers in the world to PostgreSQL. Read about the <a href="/community/contributors">people behind PostgreSQL</a> and
-check out the <a href="/files/community/conference06/conference_group.html">group picture</a> from the 2006
-PostgreSQL Anniversary Summit.
+developers in the world to PostgreSQL. Read about the <a href="/community/contributors">people behind PostgreSQL</a> and
+check out the <a href="/files/community/conference06/conference_group.html">group picture</a> from the 2006
+PostgreSQL Anniversary Summit.
</p>
<h2>What will you find here?</h2>
<h2>Google Summer of Code Program</h2>
-<p>The PostgreSQL Project is a proud participant in Google's Summer of Code program. If you are interested in working on a PostgreSQL related project, please check out our <a href="/developer/summerofcode">Summer of Code</a> page.</p>
+<p>The PostgreSQL Project is a proud participant in Google's Summer of Code program. If you are interested in working on a PostgreSQL related project, please check out our <a href="/developer/summerofcode">Summer of Code</a> page.</p>
{%endblock%}
flowchart.</p>
{%endblock%}
-
an open forum, like technical direction and advocacy. Core team members
are appointed by existing core team members.</p>
-<p>The core team members are listed on the
+<p>The core team members are listed on the
<a href="/community/contributors/">Contributor Profiles</a> page.
<p>You can contact the core team by emailing pgsql-core [at] postgresql [dot] org.</p>
<h1>Roadmap</h1>
<p>PostgreSQL is a non-commercial, all volunteer, free software project, and as
-such there is no formal list of feature requirements required for development.
+such there is no formal list of feature requirements required for development.
We really do follow the mantra of letting developers scratch their own itches.
</p>
tentative schedule for this version has a release in the
third quarter of 2018.</p>
-<p>While there are no formal requirements for each PostgreSQL release, there
+<p>While there are no formal requirements for each PostgreSQL release, there
are several places you can look to find out more information on upcoming
features:</p>
<dl>
<li><strong>Bio</strong> - Who are you? What makes you the best person to work on this
project?</li>
-<li><strong>Contact</strong> - How can we contact if we have questions about your project?
+<li><strong>Contact</strong> - How can we contact if we have questions about your project?
Can you supply us with an email/IM/phone method for being contacted, in case of emergency?</li>
</ul>
<li><strong>Bio</strong> - Who are you? What makes you the best person to work on this
project?</li>
-<li><strong>Contact</strong> - How can we contact if we have questions about your project?
+<li><strong>Contact</strong> - How can we contact if we have questions about your project?
Can you supply us with an email/IM/phone method for being contacted, in case of emergency?</li>
</ul>
<li><strong>Bio</strong> - Who are you? What makes you the best person to work on this
project?</li>
-<li><strong>Contact</strong> - How can we contact if we have questions about your project?
+<li><strong>Contact</strong> - How can we contact if we have questions about your project?
Can you supply us with an email/IM/phone method for being contacted, in case of emergency?</li>
</ul>
<li>Document Collection Foreign-data Wrapper</li>
</ul>
-<p>More information on these projects can be found on Google's PostgreSQL SoC pages:
+<p>More information on these projects can be found on Google's PostgreSQL SoC pages:
(
<a href="https://wiki.postgresql.org/wiki/GSoC_2012">2012</a>
| <a href="https://wiki.postgresql.org/wiki/GSoC_2011">2011</a>
<li><strong>Bio</strong> - Who are you? What makes you the best person to work on this
project?</li>
-<li><strong>Contact</strong> - How can we contact if we have questions about your project?
+<li><strong>Contact</strong> - How can we contact if we have questions about your project?
Can you supply us with an email/IM/phone method for being contacted, in case of emergency?</li>
</ul>
<li>Document Collection Foreign-data Wrapper</li>
</ul>
-<p>More information on these projects can be found on Google's PostgreSQL SoC pages:
+<p>More information on these projects can be found on Google's PostgreSQL SoC pages:
(
<a href="https://wiki.postgresql.org/wiki/GSoC_2013">2013</a>
| <a href="https://wiki.postgresql.org/wiki/GSoC_2012">2012</a>
</p>
</div>
{%endblock%}
-
<a href="http://www.bigsql.org/se/">BigSQL</a> provides
a developer friendly bundle of tools for the data guru focused
on analytics. This bundle combines Postgres and Hadoop through the
-<a href="http://www.hadoopfdw.org">HadoopFDW</a> to allow for
-simplified analysis of data using included and integrated analytics
+<a href="http://www.hadoopfdw.org">HadoopFDW</a> to allow for
+simplified analysis of data using included and integrated analytics
tools such as HBase, Hive, Pig, DataFu, Flume, Sqoop and others.
</p>
<h3>Software Catalogue</h3>
-<p>There is much software available that is not bundled with PostgreSQL. The <a href="/download/product-categories">Software
+<p>There is much software available that is not bundled with PostgreSQL. The <a href="/download/product-categories">Software
Catalogue</a> offers a listing of many commercial and Open Source applications, interfaces and extensions to PostgreSQL
that you may find useful.</p>
<h2>FreeBSD Ports</h2>
-<p>PostgreSQL packages are available for FreeBSD from the <a href="http://www.freebsd.org/ports">FreeBSD
+<p>PostgreSQL packages are available for FreeBSD from the <a href="http://www.freebsd.org/ports">FreeBSD
Ports and Packages Collection</a>. Please see the ports documentation for information on how
to install ports.</p>
-<p>A list of <a href="http://www.freebsd.org/cgi/ports.cgi?query=postgresql&stype=name&sektion=databases">PostgreSQL
+<p>A list of <a href="http://www.freebsd.org/cgi/ports.cgi?query=postgresql&stype=name&sektion=databases">PostgreSQL
packages</a> can be found using the Ports Search tool on the FreeBSD website.</p>
{%endblock%}
</p>
<p>
-The latest development version of the documentation is also
+The latest development version of the documentation is also
<a href="/docs/devel/static/index.html">available online</a>.
</p>
<h2>Installers</h2>
<p>
-Installers for Windows and Mac are available <a
+Installers for Windows and Mac are available <a
href="http://www.enterprisedb.com/products-services-training/pgdevdownload">
-here</a> (offsite link). These installers also include pgAdmin and are
+here</a> (offsite link). These installers also include pgAdmin and are
published by EnterpriseDB.
</p>
</p>
<p>
-This distribution includes the PostgreSQL server, a graphical component
-manager, command line and graphical tools for managing databases, plus
+This distribution includes the PostgreSQL server, a graphical component
+manager, command line and graphical tools for managing databases, plus
many open source community components.
</p>
<p>
-Integrated components include web and desktop developer tools, geospatial,
+Integrated components include web and desktop developer tools, geospatial,
provisioning & management, compatibility & migration,
backup/restore, integration with external databases (Cassandra,
Oracle, SQL Server, Hadoop), and procedural languages (Python, Perl, Java, and TCL).
</p>
<p>
-This distribution is a fast, developer-friendly way to get a complete PostgreSQL
-environment installed and running. It uses an open source toolchain to build
-PostgreSQL and extensions, which simplifies cross-platform development of
-extensions.
+This distribution is a fast, developer-friendly way to get a complete PostgreSQL
+environment installed and running. It uses an open source toolchain to build
+PostgreSQL and extensions, which simplifies cross-platform development of
+extensions.
</p>
<p>
<p>Found a bug in PostgreSQL? Please read over our <a href="/docs/current/static/bug-reporting.html">bug reporting guidelines</a>
and then report it using our <a href="/account/submitbug">bug reporting form</a>.</p>
-<p>You can see previous bug reports, and track your own on the <a href="/list/pgsql-bugs/">pgsql-bugs@postgresql.org</a> mailing
-list.</p>
+<p>You can see previous bug reports, and track your own on the <a href="/list/pgsql-bugs/">pgsql-bugs@postgresql.org</a> mailing
+list.</p>
{%endblock%}
<p>
If you wish to report a new security vulnerability in PostgreSQL, please
-send an email to
+send an email to
<a href="mailto:security@postgresql.org">security@postgresql.org</a>.
For reporting non-security bugs, please see the <a href="/account/submitbug">Report a Bug</a> page.
</p>
allowing our users to place their trust in the web sites and applications
built around PostgreSQL. Our approach covers fail-safe configuration options,
a secure and robust database server as well as good integration with other
-security infrastructure software.
+security infrastructure software.
</p>
<p>
PostgreSQL security updates are primarily made available as <a href="/support/versioning">minor version</a>
-upgrades. You are always advised to use the latest minor version available,
+upgrades. You are always advised to use the latest minor version available,
as it will likely also contain other non-security related fixes. All known
security issues are always fixed in the next major release, when it comes out.
</p>
PGDG believes that accuracy, completeness and availability of security
information is essential for our users. We choose to pool all information on
this one page, allowing easy searching for vulnerabilities by a range of
-criteria.
+criteria.
</p>
<p>
The following table lists all known security issues.
Please note that versions prior to 9.3 are no longer
-supported. An archive of vulnerabilities found only in unsupported
+supported. An archive of vulnerabilities found only in unsupported
versions is
<a href="/support/security_archive">on our Security Archive page</a>,
but vulnerability information on those versions is no longer updated,
<td class="colMid">A</td>
<td class="colLast">Interactive installer downloads software over plain HTTP, then executes it</td>
</tr>
-
+
<tr valign="top">
<td class="colFirst"><a href="https://access.redhat.com/security/cve/CVE-2016-5423">CVE-2016-5423</a></td>
<td class="colMid">9.5, 9.4, 9.3, 9.2, 9.1</td>
<td class="colMid">C</td>
<td class="colLast">Unchecked regex can crash the server</td>
</tr>
-
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5289">CVE-2015-5289</a></td>
<td class="colMid">9.4, 9.3</td>
<td class="colMid">B</td>
<td class="colLast">Unchecked JSON input can crash the server</td>
</tr>
-
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5288">CVE-2015-5288</a></td>
<td class="colMid">9.4, 9.3, 9.2, 9.1, 9.0</td>
<td class="colMid">C</td>
<td class="colLast">Memory leak in crypt() function.</td>
</tr>
-
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165">CVE-2015-3165</a></td>
<td class="colMid">9.4, 9.3, 9.2, 9.1, 9.0</td>
<td class="colMid">B</td>
<td class="colLast">Double "free" after authentication timeout</td>
</tr>
-
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166">CVE-2015-3166</a></td>
<td class="colMid">9.4, 9.3, 9.2, 9.1, 9.0</td>
<td class="colMid">D</td>
<td class="colLast">Unanticipated errors from the standard library.</td>
</tr>
-
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167">CVE-2015-3167</a></td>
<td class="colMid">9.4, 9.3, 9.2, 9.1, 9.0</td>
<td class="colMid">C</td>
<td class="colLast">pgcrypto has multiple error messages for decryption with an incorrect key.</td>
</tr>
-
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241">CVE-2015-0241</a></td>
<td class="colMid">9.4, 9.3, 9.2, 9.1, 9.0</td>
<td class="colMid">C</td>
<td class="colLast">Buffer overruns in "to_char" functions.</td>
</tr>
-
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0242">CVE-2015-0242</a></td>
<td class="colMid">9.4, 9.3, 9.2, 9.1, 9.0</td>
<td class="colMid">C</td>
<td class="colLast">Buffer overrun in replacement printf family of functions.</td>
</tr>
-
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243">CVE-2015-0243</a></td>
<td class="colMid">9.4, 9.3, 9.2, 9.1, 9.0</td>
<td class="colMid">C</td>
<td class="colLast">Memory errors in functions in the pgcrypto extension.</td>
</tr>
-
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244">CVE-2015-0244</a></td>
<td class="colMid">9.4, 9.3, 9.2, 9.1, 9.0</td>
<td class="colMid">C</td>
<td class="colLast">An error in extended protocol message reading.</td>
</tr>
-
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161">CVE-2014-8161</a></td>
<td class="colMid">9.4, 9.3, 9.2, 9.1, 9.0</td>
<td class="colMid">core server</td>
<td class="colMid">C</td>
<td class="colLast">Constraint violation errors can cause display of values in columns which the user would not normally have rights to see.</td>
- </tr>
-
+ </tr>
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0067">CVE-2014-0067</a></td>
<td class="colMid">9.4, 9.3, 9.2, 9.1, 9.0</td>
<td class="colFirst">D</td>
<td class="colLast">A vulnerability that is exploitable for denial-of-service, but requiring a valid prior login.</td>
</tr>
-
+
</table>
</div>
<li>v8.4.17</li>
</ul>
-<p>While this FAQ covers the 2013-04-04 PostgreSQL Security Update in general,
-most of its contents focus on the primary security vulnerability patched in the
+<p>While this FAQ covers the 2013-04-04 PostgreSQL Security Update in general,
+most of its contents focus on the primary security vulnerability patched in the
release, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899">
CVE-2013-1899</a>.</p>
<p>There were no known exploits at the time of release.</p>
<h2>Who is particularly vulnerable because of this issue?</h2>
-<p>Any system that allows unrestricted access to the PostgreSQL network port,
-such as users running PostgreSQL on a public cloud, is especially vulnerable.
-Users whose servers are only accessible on protected internal networks, or who
-have effective firewalling or other network access restrictions, are less
+<p>Any system that allows unrestricted access to the PostgreSQL network port,
+such as users running PostgreSQL on a public cloud, is especially vulnerable.
+Users whose servers are only accessible on protected internal networks, or who
+have effective firewalling or other network access restrictions, are less
vulnerable.</p>
-<p>This is a good general rule for database security: do not allow port access
-to the database server from untrusted networks unless it is absolutely
-necessary. This is as true, or more true, of other database systems as it is of
+<p>This is a good general rule for database security: do not allow port access
+to the database server from untrusted networks unless it is absolutely
+necessary. This is as true, or more true, of other database systems as it is of
PostgreSQL.</p>
<h2>What is the nature of the vulnerability?</h2>
-<p>The vulnerability allows users to use a command-line switch for a PostgreSQL
+<p>The vulnerability allows users to use a command-line switch for a PostgreSQL
connection intended for single-user recovery mode while PostgreSQL is running in
normal, multiuser mode. This can be used to harm the server.</p>
<h2>What potential exploits are enabled by this vulnerability?</h2>
<ol>
-<li>Persistent Denial of Service: an unauthenticated attacker may use this
- vulnerability to cause PostgreSQL error messages to be appended to targeted
- files in the PostgreSQL data directory on the server. Files corrupted in
- this way may cause the database server to crash, and to refuse to restart.
- The database server can be fixed either by editing the files and removing
+<li>Persistent Denial of Service: an unauthenticated attacker may use this
+ vulnerability to cause PostgreSQL error messages to be appended to targeted
+ files in the PostgreSQL data directory on the server. Files corrupted in
+ this way may cause the database server to crash, and to refuse to restart.
+ The database server can be fixed either by editing the files and removing
the garbage text, or restoring from backup.</li>
-<li>Configuration Setting Privilege Escalation: in the event that an attacker
- has a legitimate login on the database server, and the server is configured
- such that this user name and the database name are identical (e.g. user
- <i>web</i>, database <i>web</i>), then this vulnerability may be used to
- temporarily set one configuration variable with the privileges of the
+<li>Configuration Setting Privilege Escalation: in the event that an attacker
+ has a legitimate login on the database server, and the server is configured
+ such that this user name and the database name are identical (e.g. user
+ <i>web</i>, database <i>web</i>), then this vulnerability may be used to
+ temporarily set one configuration variable with the privileges of the
superuser.</li>
-<li>Arbitrary Code Execution: if the attacker meets all of the qualifications
- under 2 above, and has the ability to save files to the filesystem as well
- (even to the <i>tmp</i> directory), then they can use the vulnerability to
- load and execute arbitrary C code. SELinux will prevent this specific
+<li>Arbitrary Code Execution: if the attacker meets all of the qualifications
+ under 2 above, and has the ability to save files to the filesystem as well
+ (even to the <i>tmp</i> directory), then they can use the vulnerability to
+ load and execute arbitrary C code. SELinux will prevent this specific
type of exploit.</li>
</ol>
<h2>Which major versions of PostgreSQL are affected?</h2>
<p>Versions 9.0, 9.1 and 9.2.</p>
-<p>Users of version 8.4 are not affected. Users of version 8.3 and earlier are
-not affected by this issue, but are vulnerable to other unpatched security
+<p>Users of version 8.4 are not affected. Users of version 8.3 and earlier are
+not affected by this issue, but are vulnerable to other unpatched security
vulnerabilities, since those versions are EOL.</p>
<h2>How can users protect themselves?</h2>
<ul>
-<li>Download the update release and update all of your servers as soon as
+<li>Download the update release and update all of your servers as soon as
possible.</li>
<li>Ensure that PostgreSQL is not open to connections from untrusted networks.
</li>
-<li>Audit your database users to be certain that all logins require proper
- credentials, and that the only logins which exist are legitimate and in
+<li>Audit your database users to be certain that all logins require proper
+ credentials, and that the only logins which exist are legitimate and in
current use.</li>
</ul>
-<p>Use of advanced security frameworks, such as SELinux with PostgreSQL's
+<p>Use of advanced security frameworks, such as SELinux with PostgreSQL's
SEPostgres extension, also lessen or eliminate the exposure and potential damage
from PostgreSQL security vulnerabilities.</p>
<h2>Who was given access to the information about the vulnerability?</h2>
<p>Specifics about the vulnerability were first disclosed to our security team.
</p>
-<p>The PostgreSQL Global Development Group (PGDG) has had, for several years, a
-policy granting engineers who build PostgreSQL binary packages to be distributed
-to the public (such as RPMs and Windows installers) early access to be able to
-release information and code so that packages can be ready on the official
-release date. This applied to both minor and major releases. Given the
-increasing prevalence of PostgreSQL-as-a-Service (PGaaS) as a distribution
-mechanism, we are revising this policy to accomodate the case of the cloud
+<p>The PostgreSQL Global Development Group (PGDG) has had, for several years, a
+policy granting engineers who build PostgreSQL binary packages to be distributed
+to the public (such as RPMs and Windows installers) early access to be able to
+release information and code so that packages can be ready on the official
+release date. This applied to both minor and major releases. Given the
+increasing prevalence of PostgreSQL-as-a-Service (PGaaS) as a distribution
+mechanism, we are revising this policy to accomodate the case of the cloud
providers. The new policy is still being edited and should be available soon.
</p>
<h2>When was the vulnerability discovered?</h2>
-<p>This vulnerability was first reported to the PostgreSQL Global Development
+<p>This vulnerability was first reported to the PostgreSQL Global Development
Group (PGDG) security team on March 12, 2013.</p>
-<p>We filed for the CVE, with the assistance of the Red Hat security team, on
+<p>We filed for the CVE, with the assistance of the Red Hat security team, on
March 27.</p>
<h2>Who discovered the vulnerability?</h2>
-<p>Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center
+<p>Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center
while conducting a security audit. NTT is a longtime contributor to PostgreSQL.
</p>
<h2>How was the vulnerability reported?</h2>
<p>Kondo-san and Horiguchi-san sent email to security@postgresql.org.</p>
-<h2>As reported by TechCrunch and Hacker News, some entities including cloud
+<h2>As reported by TechCrunch and Hacker News, some entities including cloud
platform provider Heroku were given early access. Why did this occur?</h2>
-<p>Heroku was given access to updated source code which patched the
-vulnerability at the same time as other packagers. Because Heroku was especially
-vulnerable, the PostgreSQL Core Team worked with them -- to secure their
-infrastructure and to use their deployment as a test-bed for the security
-patches. This helped to verify that the security update did not break any
-application functionality. Heroku has a history both of working closely with
-community developers, and of testing experimental features in their PostgreSQL
+<p>Heroku was given access to updated source code which patched the
+vulnerability at the same time as other packagers. Because Heroku was especially
+vulnerable, the PostgreSQL Core Team worked with them -- to secure their
+infrastructure and to use their deployment as a test-bed for the security
+patches. This helped to verify that the security update did not break any
+application functionality. Heroku has a history both of working closely with
+community developers, and of testing experimental features in their PostgreSQL
service.</p>
<h2>Who was given access to the code before the official release?</h2>
-<p>We have two teams that communicate on private lists hosted on the PGDG
+<p>We have two teams that communicate on private lists hosted on the PGDG
infrastructure. Both teams had access to the source code prior to the release of
- any packages for analyzing the security patch and then creating packages for
+ any packages for analyzing the security patch and then creating packages for
distributing PostgreSQL binaries. These are our Security Team and our Packagers
-List. In both cases, these groups had early access in order to participate in
+List. In both cases, these groups had early access in order to participate in
patching the security hole.</p>
-<h2>How can end-users with large deployments or security-sensitive applications
+<h2>How can end-users with large deployments or security-sensitive applications
obtain early access security information?</h2>
-<p>At this time, the PostgreSQL project does not provide users who are not
-directly involved in patching security vulnerabilities or packaging PostgreSQL
-for other users early access to security information, patches, or code. It is
-possible that at some time in the future we may be in a position to offer such
+<p>At this time, the PostgreSQL project does not provide users who are not
+directly involved in patching security vulnerabilities or packaging PostgreSQL
+for other users early access to security information, patches, or code. It is
+possible that at some time in the future we may be in a position to offer such
access, but we are not able to now.</p>
<h2>Was taking the repository private while this security discussion was ongoing
the proper thing to do?</h2>
<p>Given the severity of the vulnerability, the PostgreSQL Core team deliberated
-and determined the security risk posed by having the source code for the fix
-available before the packages were made available outweighed the publicβs
+and determined the security risk posed by having the source code for the fix
+available before the packages were made available outweighed the publicβs
interest in having immediate access.</p>
-<p>Normal procedure for sharing information about security releases is to send
+<p>Normal procedure for sharing information about security releases is to send
an announcement our developer mailing list, pgsql-hackers@postgresql.org, a week
-before a new release. Tom Lane did this. Then, due to the severity of the
-security vulnerability, we also sent an announcement to
-pgsql-announce@postgresql.org and to our RSS News feed on our website homepage.
-We did this because we wanted to give DBAs sufficient time to plan for a
+before a new release. Tom Lane did this. Then, due to the severity of the
+security vulnerability, we also sent an announcement to
+pgsql-announce@postgresql.org and to our RSS News feed on our website homepage.
+We did this because we wanted to give DBAs sufficient time to plan for a
maintenance window to upgrade.</p>
<p>The timing of the announcements and the release was based on the availability
of volunteer packagers and release managers to conduct the release.</p>
<h2>How is the PostgreSQL project organized?</h2>
-<p>PostgreSQL Global Development Group (PGDG) is a volunteer-run, global
+<p>PostgreSQL Global Development Group (PGDG) is a volunteer-run, global
organization. We have a six-person core team, a number of Major Contributors and
-several mailing lists that make up the centralized portion of our community.
+several mailing lists that make up the centralized portion of our community.
<a href="/community/contributors/">See here for details
about contributors</a>.</p>
<p>Membership in both groups is maintained by the Core Team.</p>
<h2>How often does PostgreSQL find new security vulnerabilities?</h2>
-<p>We find zero to seven minor security issues a year. This is the first
-security issue of this magnitude since 2006: the "backslash escape encoding
+<p>We find zero to seven minor security issues a year. This is the first
+security issue of this magnitude since 2006: the "backslash escape encoding
issue", which affected MySQL and a few other database systems as well.</p>
<h2>How was the vulnerability introduced?</h2>
<p>It was created as a side effect of a refactoring effort to make establishing
-new connections to a PostgreSQL server faster, and the associated code more
+new connections to a PostgreSQL server faster, and the associated code more
maintainable.</p>
<h2>Who discovers vulnerabilities in PostgreSQL?</h2>
-<p>We are fortunate to have a large pool of security engineers who test
-PostgreSQL regularly and responsibly report security issues so that they can be
+<p>We are fortunate to have a large pool of security engineers who test
+PostgreSQL regularly and responsibly report security issues so that they can be
fixed. This includes:</p>
<ul>
<li>QA staff at contributing companies like NTT Open Source, EnterpriseDB and
</ul>
<h2>What else is included in this release?</h2>
-<p>This release also updates four other, minor, security issues which are
-detailed on the <a href="/support/security">security
-page</a> and in the release announcement. It includes a number of bug fixes for
-PostgreSQL as well, most notably fixes for two potential data corruption issues
+<p>This release also updates four other, minor, security issues which are
+detailed on the <a href="/support/security">security
+page</a> and in the release announcement. It includes a number of bug fixes for
+PostgreSQL as well, most notably fixes for two potential data corruption issues
with binary replication.</p>
{%endblock%}
-
<h1>Security Information Archive</h1>
<p>
-This page contains a list of vulnerabilities which appear only in versions of PostgreSQL which are
+This page contains a list of vulnerabilities which appear only in versions of PostgreSQL which are
End Of Life and no longer updated, according to our <a href="/support/versioning">version support policy.</a>
-These versions may contain additional vulnerabilities which are listed on the main
+These versions may contain additional vulnerabilities which are listed on the main
<a href="/support/security">security page</a>, as well as vulnerabilities which were discovered
-later and have not been patched in those releases.
+later and have not been patched in those releases.
</p>
<p>
Users still running on unsupported PostgreSQL versions are strongly urged to upgrade
<td class="colMid">C</td>
<td class="colLast">Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file.</td>
</tr>
-
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4015">CVE-2010-4015</a></td>
<td class="colMid">9.0, 8.4, 8.3, 8.2</td>
<td class="colMid">C</td>
<td class="colLast">An authenticated database user can manipulate modules and tied variables in some external procedural languages to execute code with enhanced privileges.<a href="https://wiki.postgresql.org/wiki/20101005securityrelease">Details</a></td>
</tr>
-
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1975">CVE-2010-1975</a></td>
<td class="colMid">8.4, 8.3, 8.2, 8.1, 8.0, 7.4</td>
<td class="colMid">8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25, 7.4.29</td>
<td class="colMid">core server, limited deployments</td>
<td class="colMid">C</td>
- <td class="colLast">A vulnerability in Safe.pm and PL/Perl can allow an authenticated user to run arbitrary Perl code on the database
+ <td class="colLast">A vulnerability in Safe.pm and PL/Perl can allow an authenticated user to run arbitrary Perl code on the database
server if PL/Perl is installed and enabled.</td>
</tr>
{%endfor%}
{%endblock%}
-
projects / pgweb.git / commitdiff