Merge pull request #4761 from EnterpriseDB/release/2023-09-05

Release: 2023-09-05

advocacy_docs/security/advisories/index.mdx

@@ -107,7 +107,7 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1
 <span>
 &nbsp;&nbsp;<a href="cve202341115">Read Advisory</a>
 &nbsp;&nbsp;Updated: </span><span>2023/08/30</span>
-<h4>EDB Postgres Advanced Server (EPAS) permission bypass for materialized views
+<h4>EDB Postgres Advanced Server (EPAS) permission bypass for large objects
 </h4>
 <h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0</h5>
 </summary>

advocacy_docs/security/index.mdx

@@ -110,7 +110,7 @@ An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 1
 <span>
 &nbsp;&nbsp;<a href="advisories/cve202341115">Read Advisory</a>
 &nbsp;&nbsp;Updated: </span><span>2023/08/30</span>
-<h4>EDB Postgres Advanced Server (EPAS) permission bypass for materialized views
+<h4>EDB Postgres Advanced Server (EPAS) permission bypass for large objects
 </h4>
 <h5>All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0</h5>
 </summary>

product_docs/docs/biganimal/release/overview/02_high_availability.mdx

@@ -84,6 +84,8 @@ Distributed high-availability clusters contain one or two data groups. Your data
 
 The witness node/witness group doesn't host data but exists for management purposes, supporting operations that require a consensus, for example, in case of an availability zone failure. 
 
+!!!Note
+   Operations against a distributed high-availability cluster leverage the [EDB Postgres Distributed switchover](/pgd/latest/cli/command_ref/pgd_switchover/) feature which provides sub-second interruptions during planned lifecycle operations.
 
 #### Single data location 
 

product_docs/docs/epas/11/epas_rel_notes/epas11_21_32_rel_notes.mdx

@@ -21,16 +21,16 @@ EDB Postgres Advanced Server 11.21.32 includes the following enhancements and bu
 
 | Type           | Description                                                                                                                          |   Addresses                |
 | -------------- | -------------------------------------------------------------------------------------------------------------------------------------|  --------------------- |
-| Security fix |  EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path. | [CVE-2023-XXXXX-1](/security/advisories/cve2023xxxxx1/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser. | [CVE-2023-XXXXX-2](/security/advisories/cve2023xxxxx2/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory() | [CVE-2023-XXXXX-3](/security/advisories/cve2023xxxxx3/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass | [CVE-2023-XXXXX-4](/security/advisories/cve2023xxxxx4/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for materialized views | [CVE-2023-XXXXX-5](/security/advisories/cve2023xxxxx5/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL | [CVE-2023-XXXXX-6](/security/advisories/cve2023xxxxx6/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for large objects | [CVE-2023-XXXXX-7](/security/advisories/cve2023xxxxx7/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission | [CVE-2023-XXXXX-8](/security/advisories/cve2023xxxxx8/) | 11+
-| Bug fix | Allowed subtypes in INDEX BY clause of the packaged collection. | #1371 | 11+
-| Bug fix | Fixed %type resolution when pointing to a packaged type field. | #1243 | 11+
+| Security fix |  EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path. | [CVE-2023-41117](/security/advisories/cve202341117/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser. | [CVE-2023-41119](/security/advisories/cve202341119/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory() | [CVE-2023-41113](/security/advisories/cve202341113/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass | [CVE-2023-41118](/security/advisories/cve202341118/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for materialized views | [CVE-2023-41116](/security/advisories/cve202341116/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL | [CVE-2023-41114](/security/advisories/cve202341114/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for large objects | [CVE-2023-41115](/security/advisories/cve202341115/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission | [CVE-2023-41120](/security/advisories/cve202341120/) |
+| Bug fix | Allowed subtypes in INDEX BY clause of the packaged collection. | #1371 |
+| Bug fix | Fixed %type resolution when pointing to a packaged type field. | #1243 |
 
 
 !!! Note Addresses

product_docs/docs/epas/12/epas_rel_notes/epas12_16_20_rel_notes.mdx

@@ -21,19 +21,19 @@ EDB Postgres Advanced Server 12.16.20 includes the following enhancements and bu
 
 | Type           | Description                                                                                                                          |   Addresses                |
 | -------------- | -------------------------------------------------------------------------------------------------------------------------------------|  --------------------- |
-| Security fix |  EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path. | [CVE-2023-XXXXX-1](/security/advisories/cve2023xxxxx1/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser. | [CVE-2023-XXXXX-2](/security/advisories/cve2023xxxxx2/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory() | [CVE-2023-XXXXX-3](/security/advisories/cve2023xxxxx3/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass | [CVE-2023-XXXXX-4](/security/advisories/cve2023xxxxx4/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for materialized views | [CVE-2023-XXXXX-5](/security/advisories/cve2023xxxxx5/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL | [CVE-2023-XXXXX-6](/security/advisories/cve2023xxxxx6/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for large objects | [CVE-2023-XXXXX-7](/security/advisories/cve2023xxxxx7/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission | [CVE-2023-XXXXX-8](/security/advisories/cve2023xxxxx8/) | 11+
-| Bug fix | Allowed subtypes in INDEX BY clause of the packaged collection. | #1371 | 11+
-| Bug fix | Fixed %type resolution when pointing to a packaged type field. | #1243 | 11+
-| Bug fix | Profile: Fixed upgrade when `REUSE` constraints were `ENABLED`/`DISABLED`. | #92739 | 11+
-| Bug fix | Set correct collation for packaged cursor parameters. | #92739 | 11+
-| Bug fix | Rolled back autonomous transaction creating pg_temp in case of error. | #91614 | 11+
+| Security fix |  EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path. | [CVE-2023-41117](/security/advisories/cve202341117/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser. | [CVE-2023-41119](/security/advisories/cve202341119/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory() | [CVE-2023-41113](/security/advisories/cve202341113/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass | [CVE-2023-41118](/security/advisories/cve202341118/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for materialized views | [CVE-2023-41116](/security/advisories/cve202341116/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL | [CVE-2023-41114](/security/advisories/cve202341114/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for large objects | [CVE-2023-41115](/security/advisories/cve202341115/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission | [CVE-2023-41120](/security/advisories/cve202341120/) |
+| Bug fix | Allowed subtypes in INDEX BY clause of the packaged collection. | #1371 |
+| Bug fix | Fixed %type resolution when pointing to a packaged type field. | #1243 |
+| Bug fix | Profile: Fixed upgrade when `REUSE` constraints were `ENABLED`/`DISABLED`. | #92739 |
+| Bug fix | Set correct collation for packaged cursor parameters. | #92739 |
+| Bug fix | Rolled back autonomous transaction creating pg_temp in case of error. | #91614 |
 
 
 !!! Note Addresses

product_docs/docs/epas/13/epas_rel_notes/epas13_12_17_rel_notes.mdx

@@ -21,20 +21,20 @@ EDB Postgres Advanced Server 13.12.17 includes the following enhancements and bu
 
 | Type           | Description                                                                                                                          |   Addresses                |
 | -------------- | -------------------------------------------------------------------------------------------------------------------------------------|  --------------------- |
-| Security fix |  EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path. | [CVE-2023-XXXXX-1](/security/advisories/cve2023xxxxx1/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser. | [CVE-2023-XXXXX-2](/security/advisories/cve2023xxxxx2/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory() | [CVE-2023-XXXXX-3](/security/advisories/cve2023xxxxx3/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass | [CVE-2023-XXXXX-4](/security/advisories/cve2023xxxxx4/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for materialized views | [CVE-2023-XXXXX-5](/security/advisories/cve2023xxxxx5/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL | [CVE-2023-XXXXX-6](/security/advisories/cve2023xxxxx6/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for large objects | [CVE-2023-XXXXX-7](/security/advisories/cve2023xxxxx7/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission | [CVE-2023-XXXXX-8](/security/advisories/cve2023xxxxx8/) | 11+
-| Bug fix | Allowed subtypes in INDEX BY clause of the packaged collection. | #1371 | 11+
-| Bug fix | Fixed %type resolution when pointing to a packaged type field. | #1243 | 11+
-| Bug fix | Profile: Fixed upgrade when `REUSE` constraints were `ENABLED`/`DISABLED`. | #92739 | 11+
-| Bug fix | Set correct collation for packaged cursor parameters. | #92739 | 11+
-| Bug fix | Rolled back autonomous transaction creating pg_temp in case of error. | #91614 | 11+
-| Bug fix | Added checks to ensure required WAL logging in EXCHANGE PARTITION command.| | 13+
+| Security fix |  EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path. | [CVE-2023-41117](/security/advisories/cve202341117/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser. | [CVE-2023-41119](/security/advisories/cve202341119/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory() | [CVE-2023-41113](/security/advisories/cve202341113/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass | [CVE-2023-41118](/security/advisories/cve202341118/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for materialized views | [CVE-2023-41116](/security/advisories/cve202341116/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL | [CVE-2023-41114](/security/advisories/cve202341114/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for large objects | [CVE-2023-41115](/security/advisories/cve202341115/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission | [CVE-2023-41120](/security/advisories/cve202341120/) |
+| Bug fix | Allowed subtypes in INDEX BY clause of the packaged collection. | #1371 |
+| Bug fix | Fixed %type resolution when pointing to a packaged type field. | #1243 |
+| Bug fix | Profile: Fixed upgrade when `REUSE` constraints were `ENABLED`/`DISABLED`. | #92739 |
+| Bug fix | Set correct collation for packaged cursor parameters. | #92739 |
+| Bug fix | Rolled back autonomous transaction creating pg_temp in case of error. | #91614 |
+| Bug fix | Added checks to ensure required WAL logging in EXCHANGE PARTITION command.| |
 
 
 

product_docs/docs/epas/14/epas_rel_notes/epas14_9_0_rel_notes.mdx

@@ -21,23 +21,23 @@ EDB Postgres Advanced Server 14.9.0 includes the following enhancements and bug
 
 | Type           | Description                                                                                                                          |   Addresses                |
 | -------------- | -------------------------------------------------------------------------------------------------------------------------------------|  --------------------- |
-| Security fix |  EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path. | [CVE-2023-XXXXX-1](/security/advisories/cve2023xxxxx1/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser. | [CVE-2023-XXXXX-2](/security/advisories/cve2023xxxxx2/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory() | [CVE-2023-XXXXX-3](/security/advisories/cve2023xxxxx3/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass | [CVE-2023-XXXXX-4](/security/advisories/cve2023xxxxx4/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for materialized views | [CVE-2023-XXXXX-5](/security/advisories/cve2023xxxxx5/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL | [CVE-2023-XXXXX-6](/security/advisories/cve2023xxxxx6/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for large objects | [CVE-2023-XXXXX-7](/security/advisories/cve2023xxxxx7/) | 11+
-| Security fix |  EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission | [CVE-2023-XXXXX-8](/security/advisories/cve2023xxxxx8/) | 11+
-| Bug fix | Allowed subtypes in INDEX BY clause of the packaged collection. | #1371 | 11+
-| Bug fix | Fixed %type resolution when pointing to a packaged type field. | #1243 | 11+
-| Bug fix | Profile: Fixed upgrade when `REUSE` constraints were `ENABLED`/`DISABLED`. | #92739 | 11+
-| Bug fix | Set correct collation for packaged cursor parameters. | #92739 | 11+
-| Bug fix | Rolled back autonomous transaction creating pg_temp in case of error. | #91614 | 11+
-| Bug fix | Added checks to ensure required WAL logging in EXCHANGE PARTITION command.| | 13+
-| Bug fix | Dumped/restored the sequences created for GENERATED AS IDENTITY constraint. | #90658 | 14+
-| Bug fix | Skipped updating the last DDL time for the parent table in CREATE INDEX. | #91270 | 14+
-| Bug fix | Removed existing package private procedure or function entries from the edb_last_ddl_time while replacing the package body. | | 14+
+| Security fix |  EDB Postgres Advanced Server (EPAS) SECURITY DEFINER functions and procedures may be hijacked via search_path. | [CVE-2023-41117](/security/advisories/cve202341117/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) dbms_aq helper function may run arbitrary SQL as a superuser. | [CVE-2023-41119](/security/advisories/cve202341119/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory() | [CVE-2023-41113](/security/advisories/cve202341113/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass | [CVE-2023-41118](/security/advisories/cve202341118/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for materialized views | [CVE-2023-41116](/security/advisories/cve202341116/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL | [CVE-2023-41114](/security/advisories/cve202341114/) |
+| Security fix |  EDB Postgres Advanced Server (EPAS) permission bypass for large objects | [CVE-2023-41115](/security/advisories/cve202341115/) | 
+| Security fix |  EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission | [CVE-2023-41120](/security/advisories/cve202341120/) |
+| Bug fix | Allowed subtypes in INDEX BY clause of the packaged collection. | #1371 |
+| Bug fix | Fixed %type resolution when pointing to a packaged type field. | #1243 |
+| Bug fix | Profile: Fixed upgrade when `REUSE` constraints were `ENABLED`/`DISABLED`. | #92739 | 
+| Bug fix | Set correct collation for packaged cursor parameters. | #92739 | 
+| Bug fix | Rolled back autonomous transaction creating pg_temp in case of error. | #91614 | 
+| Bug fix | Added checks to ensure required WAL logging in EXCHANGE PARTITION command.| |
+| Bug fix | Dumped/restored the sequences created for GENERATED AS IDENTITY constraint. | #90658 |
+| Bug fix | Skipped updating the last DDL time for the parent table in CREATE INDEX. | #91270 | 
+| Bug fix | Removed existing package private procedure or function entries from the edb_last_ddl_time while replacing the package body. | |
 
 
 !!! Note Addresses