PostgreSQL has been invited by Google to be part of Google's Summer of Code
2008. They are calling all students, professors and potential mentors to
participate.
For Summer of Code, Google will be paying for student internships to work
on PostgreSQL features and applications. They've put up a list of ideas,
including guidelines for submissions and more. Applications for students
open March 25th, and close March 31, so urge any students you know to get
your applications prepared right away!
-- Ideas and Guidelines:
http://www.postgresql.org/developer/summerofcode
-- Summer of Code FAQ:
http://code.google.com/opensource/gsoc/2008/faqs.html
Friday, March 21, 2008
PostgreSQL Summer of Code 2008
Posted by Denis at 9:56 AM 3 comments
Labels: Google, PostgreSQL, Summer of Code
Thursday, March 20, 2008
Guido van Rossum posted the slides of his PyCon 2008 keynote on python.org
Guido van Rossum posted the slides of his PyCon 2008 keynote on python.org
There's both a PowerPoint and a PDF file.
PS. The Python 3.0 final release is now scheduled for September 3, 2008. See PEP 361.
Posted by Denis at 1:08 PM 0 comments
Labels: PyCon 2008, Python
Monday, February 4, 2008
PostgreSQL 8.3 has been released
Today the PostgreSQL Global Development Group releases the long-awaited
version 8.3 of the most advanced open source database, which cements our
place as the best performing open source database. Among the
performance features you'll be excited about in 8.3 are:
-- Heap Only Tuples
-- BGWriter Autotuning
-- Asynchronous Commit
-- Spread Checkpoints
-- Synchronous Scan
-- "Var-Varlena"
-- L2 Cache Protection
-- Lazy XID
8.3 also has a lot of cool features for PostgreSQL DBAs and developers,
including:
-- SQL/XML
-- CSV Logging
-- MS Visual C++ support
-- ENUMs
-- Integrated Tsearch
-- SSPI & GSSAPI
-- Composite Type Arrays
-- pg_standby
There are many, many other features included in this release. Visit thefeatures list (http://www.postgresql.org/about/press/features83.html)and the features matrix (http://www.postgresql.org/about/featurematrix)for more information, and browse the release notes(http://www.postgresql.org/docs/8.3/static/release-8-3.html) to see themore than 300 patches that went into the release. You can even visit the press page (http://www.postgresql.org/about/press/presskit83.html).
Or just go ahead and download and install 8.3:
-- Source: http://www.postgresql.org/ftp/source/v8.3.0-- Windows Binaries: http://www.postgresql.org/ftp/binary/v8.3.0/win32-- Fedora, Red Hat, Solaris Binaries:http://www.postgresql.org/ftp/binary/v8.3.0
Posted by Denis at 9:24 AM 0 comments
Labels: PostgreSQL
Monday, January 7, 2008
PostgreSQL Global Development Group released updated versions which patch five security vulnerabilities
Today the PostgreSQL Global Development Group is releasing updated
versions which patch five security vulnerabilities. These releases
update all current PostgreSQL versions, including 8.2, 8.1, 8.0, 7.4 and
7.3. They are considered CRITICAL and PostgreSQL DBAs and sysadmins
should install the update as soon as they reasonably can. Our security
team has made all efforts to make these patches backwards-compatible,
and upgrading does not require converting your data files.
Please read the remainder of this message for further important details
and announcements.
Details of Security Fixes
----------------------------
There are five security fixes included in this release. None of these
issues are known to have been exploited in the field; they were
discovered through security analysis.
Index Functions Privilege Escalation (CVE-2007-6600): as a unique
feature, PostgreSQL allows users to create indexes on the results of
user-defined functions, known as "expression indexes". This provided
two vulnerabilities to privilege escalation: (1) index functions were
executed as the superuser and not the table owner during VACUUM and
ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were
permitted within index functions. Both of these holes have now been
closed.
Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067,
CVE-2007-4769): three separate issues in the regular expression
libraries used by PostgreSQL allowed malicious users to initiate a
denial-of-service by passing certain regular expressions in SQL queries.
First, users could create infinite loops using some specific regular
expressions. Second, certain complex regular expressions could consume
excessive amounts of memory. Third, out-of-range backref numbers could
be used to crash the backend. All of these issues have been patched.
DBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined
with local trust or ident authentication could be used by a malicious
user to gain superuser privileges. This issue has been fixed, and does
not affect users who have not installed DBLink (an optional module), or
who are using password authentication for local access. This same
problem was addressed in the previous release cycle (see CVE-2007-3278),
but that patch failed to close all forms of the loophole.
EOL Notices
---------------------
Minor release 7.3.21 for PostgreSQL version 7.3 will be the last update
to the 7.3 branch. As version 7.3 is now over five years old, the
community will no longer release patches for it after today's release.
Users of version 7.3 are encouraged to upgrade to a more current version
as soon as possible, or to seek support from a commercial support vendor
who is willing to continue backpatching for them.
8.1.11 and 8.0.15 are also the last 8.1 and 8.0 update releases for
which the PostgreSQL community will produce binary packages for Windows.
Windows users are encouraged to move to 8.2.6 or later, since there are
Windows-specific fixes in 8.2 that are impractical to back-port. 8.1
and 8.0 updates will continue to be supported on other platforms and in
source form.
Download and Install
------------------------
PostgreSQL minor releases 8.2.6, 8.1.11, 8.0.15, 7.4.19 and 7.3.21 are
available through our FTP mirror network:
-- Source Code: http://www.postgresql.org/ftp/source/
-- Binaries for some platforms: http://www.postgresql.org/ftp/binary/
If you need additional information on the included updates, it's
available in the Release Notes
(http://www.postgresql.org/docs/current/static/release.html). These
upgrades can be copied directly over existing PostgreSQL binaries and do
not require dump-and-reload for any system which has been updated in the
last six months (older versions may require some specific post-update
steps; see the release notes).
As always, PostgreSQL update releases are cumulative. All security
fixes will be included in the upcoming version 8.3 release candidate.
This notice will be posted to the PostgreSQL security page:
http://www.postgresql.org/support/security
Posted by Denis at 8:35 AM 1 comments
Labels: PostgreSQL, Security, SecurityFix
Friday, January 4, 2008
pgAdmin III v1.8.1 released
pgAdmin 1.8.1, the Open Source graphical PostgreSQL administration tool
for Windows, Linux, FreeBSD, Mac OS X and Solaris, now available for
download in source and a variety of binary formats from:
http://www.pgadmin.org/download/
v1.8.1 is primarily a bug fix release, including the following changes:
- Fix a bug that could cause a crash on GTK when closing the query tool
in certain circumstances.
- Avoid a crash if the connection is lost and the Functions node is
refreshed.
- Avoid crashes when working with objects with % characters in the
name.
- Properly reverse-engineer the SQL for indexes with DESC, NULLS FIRST
or NULLS LAST column options.
- Only offer the Jobs node if the user can access the pgagent schema.
- Ensure the 'Create Rule' context menu option is always offered when
appropriate.
- Prevent the user from trying to debug catalog objects.
- Refresh the tree without erroring after creating a new package on
EnterpriseDB.
- Fix a crash that occured if an object called '%' was selected in the
treeview, per Alexander Steffens.
- Fix a line number error in the debugger seen with procedures which
start on the same line as the 'CREATE PROCEDURE foo IS ...' Per report
from Heikki Linnakangas.
- Cleanup the covering index control logic in the Foreign Key dialogue.
- Fix to refresh version string and number, and last OID, per a report
from Alexander Kirpa.
- Disable CREATE FUNCTION etc. under EnterpriseDB packages because they
are created as part of the main package body.
- Fix some broken references to online help pages.
- Don't offer 'Drop Cascaded' unless the user can 'Drop' the object.
- Prevent non-superusers from attempting to use the debugger because the
plugin API won't let them anyway.
- Check that functions exist before debugging or setting global
breakpoints on them. Remove them from the treeview if not.
- Correct the URL for the EDB public synonym help page
- Handle the corner case when a user includes quotes in an object name
(backport of 2007-10-26 fix applied to trunk)
- Fix the debugger's connection class to ensure database names requiring
quotes will work and that is can be used with SSL and Kerberos
connections.
- Allow the length of array-typed columns to be changed (eg. 'character
varying[](100)'), per report from Ferenc Lutischan
- Don't allow the user to direct-debug trigger functions, only global
breakpoints should be used on them (or the trigger itself).
- Don't offer edbspl functions when creating triggers as they should
have inline bodies.
- Don't quote database names that happen to be keywords when starting
the debugger.
- Don't offer package names and system schemas as schemas when creating
public synonyms.
- Fix pgAgent's job query when a host agent is specified so that jobs
don't execute every time round the loop regardless of schedule, per
Brian Kalbfus.
- Add EnterpriseDB's default database (edb) to the Server dialog's
default option.
- Don't allow the user to debug an EnterpriseDB package function or
procedure if the body isn't defined.
- Don't offer the user the chance to create new columns on system
catalogues.
- Fix the debugger to send actual NULL values rather than 'NULL' through
the EnterpriseDB callable statement API. Allow parameter values to be
NULL or empty strings on both PostgreSQL and EnterpriseDB using the
same syntax as the Edit Grid.
- Always open the PostgreSQL Help when selecting that menu option, even
if connected to EnterpriseDB.
- Fix EnterpriseDB public synonym loading so that they aren't considered
system objects.
- Fix path discovery on Unix so standard installs can be relocated
easily.
- Fix character number display in the query tool.
- Use popen() when testing the versions of helper apps on non-windows
platforms to avoid an obscure bug on PPC Macs that could leave
wxExecute hanging indefinitely whilst waiting on a zombie process.
- When creating a new index and specifying both tablespace and fill
factor, make sure the SQL is formulated correctly, per Stefan Wolf
- Fix the locks tab on the server status dialogue so it works correctly
with PostgreSQL 8.3+.
- Properly format the object comments shown in the properties list when
a collection node is selected. Per report from Mike Blackwell.
- Fix a bug preventing the 'on error' flag of a pgAgent job step being
edited, per Jon Roberts.
- Properly escape _'s in queries for schemas, per Derek Fonda.
- Don't try to enable/disable prepared transaction related controls on
pre-8.1 servers, per Karl Zellnig
Posted by Denis at 11:34 AM 0 comments
Labels: pgAdmin III, PostgreSQL
Django Running on Jython
It is true, Django is running on Jython. Check out all the details here: http://zyasoft.com/pythoneering/2008/01/django-on-jython-minding-gap.html
Posted by Denis at 11:30 AM 0 comments
Friday, December 28, 2007
Inaugural Issue Of Postgres Online Magazine Available
The inaugural issue of the Postgres Online Magazine is available. The magazine is available in two formats: HTML and PDF
Here is the table of contents
From the Editors
PostgreSQL The Road Behind and Ahead
What's new and upcoming in PostgreSQL
PostgreSQL 8.3 is just around the Corner
PostgreSQL Q & A
Converting from Unix Timestamp to PostgreSQL Timestamp or Date Beginner
Using Distinct ON to return newest order for each customer Intermediate
How to create an index based on a function Intermediate
Basics
The Anatomy of a PostgreSQL - Part 1 Beginner
How does CLUSTER ON improve index performance Intermediate
PL Programming
Language Architecture in PostgreSQL Intermediate
Using PostgreSQL Contribs
PostGIS for geospatial analysis and mapping Intermediate
Application Development
Database Abstraction with Updateable Views Advanced
Product Showcase
Serendipity Blogging Software
A Product of Paragon Corporation
You can read the magazine here: http://www.postgresonline.com/
Posted by Denis at 9:52 AM 0 comments
Labels: PostgreSQL