REL_15_public-v2nm.patch
text/plain
Filename: REL_15_public-v2nm.patch
Type: text/plain
Part: 0
Patch
Format: unified
| File | + | − |
|---|---|---|
| doc/src/sgml/release-15.sgml | 9 | 10 |
Author: Noah Misch <noah@leadboat.com>
Commit: Noah Misch <noah@leadboat.com>
diff --git a/doc/src/sgml/release-15.sgml b/doc/src/sgml/release-15.sgml
index 179ad37..aa02ee9 100644
--- a/doc/src/sgml/release-15.sgml
+++ b/doc/src/sgml/release-15.sgml
@@ -58,16 +58,15 @@ Author: Noah Misch <noah@leadboat.com>
</para>
<para>
- This is a change in the default for newly-created databases in
- existing clusters and for new clusters; <literal>USAGE</literal>
- permissions on the <literal>public</literal> schema has not
- been changed. Databases restored from previous Postgres releases
- will be restored with their current permissions. Users wishing
- to have the former permissions will need to grant
- <literal>CREATE</literal> permission for <literal>PUBLIC</literal>
- on the <literal>public</literal> schema; this change can be made
- on <literal>template1</literal> to cause all new databases
- to have these permissions.
+ The new default is one of the secure schema usage patterns that
+ <xref linkend="ddl-schemas-patterns"/> has recommended since the
+ security release for CVE-2018-1058. Upgrading a cluster or restoring a
+ database dump will preserve existing permissions. This is a change in
+ the default for newly-created databases in existing clusters and for new
+ clusters. In existing databases, especially those having multiple
+ users, consider issuing a <literal>REVOKE</literal> to adopt this new
+ default. (<literal>USAGE</literal> permission on this schema has not
+ changed.)
</para>
</listitem>