From c5edc6c8ff4c2d6f116abbc532b1cd130fcfbc17 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 20 Feb 2026 15:31:08 -0500 Subject: [PATCH] First-draft release notes for 18.3. As usual, the release notes for other branches will be made by cutting these down, but put them up for community review first. --- doc/src/sgml/release-18.sgml | 256 +++++++++++++++++++++++++++++++++++ 1 file changed, 256 insertions(+) diff --git a/doc/src/sgml/release-18.sgml b/doc/src/sgml/release-18.sgml index 923001f0a55..e952716b5eb 100644 --- a/doc/src/sgml/release-18.sgml +++ b/doc/src/sgml/release-18.sgml @@ -1,6 +1,262 @@ + + Release 18.3 + + + Release date: + 2026-02-26 + + + + This release contains a small number of fixes from 18.2. + For information about new features in major release 18, see + . + + + + Migration to Version 18.3 + + + A dump/restore is not required for those running 18.X. + + + + However, if you are upgrading from a version earlier than 18.2, + see . + + + + + Changes + + + + + + + Fix failure after replaying a multixid truncation record from WAL + that was generated by an older minor version (Heikki Linnakangas) + § + + + + Erroneous logic for coping with the way that previous versions + handled multixid wraparound led to replay failure, with messages + like could not access status of transaction. + A typical scenario in which this could occur is a standby server of + the latest minor version consuming WAL from a primary server of an + older version. + + + + + + + Avoid incorrect complaint of invalid encoding + when substring() is applied + to toasted data (Noah Misch) + § + § + § + + + + The fix for CVE-2026-2006 was too aggressive and could raise an + error about an incomplete character in cases that are actually + valid. + + + + + + + Fix oversight in the fix for CVE-2026-2007 (Zsolt Parragi) + § + + + + If the bounds array needed to be expanded, because + the input contained more trigrams than the initial guess, + generate_trgm_only didn't return the modified + array pointer to its caller. That would lead to incorrect output + from strict_word_similarity() and related + functions, or in rare cases a crash. The faulty code is reached if + the input string becomes longer when it's converted to lower case. + The only known instances of that occur when an ICU locale is used + with certain single-byte encodings. + + + + + + + Fix the volatility marking + of json_strip_nulls() + and jsonb_strip_nulls() (Andrew Dunstan) + § + + + + These functions have always been considered immutable, but + refactoring in version 18 accidentally marked them stable instead. + That prevents their use in index expressions and could cause + unnecessary repeat evaluations in queries. This fix corrects the + marking in newly-initialized database clusters (including clusters + that are pg_upgrade'd to 18.3 or later). + However it will not help existing clusters made using 18.0 through + 18.2. + + + + If this mistake affects your usage of these functions, the + recommended fix for an existing cluster is a manual catalog update. + As superuser, perform + +UPDATE pg_catalog.pg_proc SET provolatile = 'i' WHERE oid IN ('3261','3262'); + + in each affected database. Update template0 + and template1 as well, so that databases made in + future will have the fix. + + + + + + + Fix computation of the set of potentially-nulling outer joins for + the output of a LATERAL UNION ALL subquery + (Richard Guo) + § + + + + This error could lead to skipping NOT NULL tests + in the mistaken belief that they were unnecessary, resulting in + wrong query output. + + + + + + + Fix pg_stat_get_backend_wait_event() + and pg_stat_get_backend_wait_event_type() + to report values for auxiliary processes (Heikki Linnakangas) + § + + + + Previously these functions returned NULL for auxiliary processes, + but that's inconsistent with + the pg_stat_activity view. + + + + + + + Fix casting a composite-type variable to a domain type when + returning its value from a PL/pgSQL function (Tom Lane) + § + + + + If the variable's value is NULL, a cache lookup failed for + type 0 error resulted. + + + + + + + Fix potential null pointer dereference + in contrib/hstore's binary input function + (Michael Paquier) + § + + + + hstore's receive function crashed on input containing + duplicate keys. hstore values generated by Postgres + would never contain duplicate keys, so this mistake has gone + unnoticed. The crash could be provoked by malicious or corrupted + data. + + + + + + + + Release 18.2