Re: PG 16 draft release notes ready

Noah Misch <noah@leadboat.com>

From: Noah Misch <noah@leadboat.com>
To: Bruce Momjian <bruce@momjian.us>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2023-08-05T23:08:47Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Revert MAINTAIN privilege and pg_maintain predefined role.

  2. doc: PG 16 relnotes, remove "Have initdb use ICU by default"

  3. initdb: change default --locale-provider back to libc.

  4. doc: PG 16 relnotes, add author

  5. doc: PG 16 relnotes, move memory item and reword OUTER item

  6. doc: PG 16 relnotes, add memory overhead reduction item

  7. doc: PG 16 relnotes, adjust subscription origin mention

  8. doc: PG 16 relnotes, adjust auto_explain logging item

  9. doc: PG 16 relnotes: adjust outer/full hash join parallelization

  10. doc: PG 16 relnotes, fix duplicate author and commit

  11. doc: PG 16 relnotes, fix "locale" typo and windows locale text

  12. doc: PG 16 relnotes, add author from previous merge

  13. doc: PG 16 relnotes, wording adjustments

  14. doc: PG 16 relnotes, merge and move vector items

  15. doc: PG 16 relnotes, update xid/subxid searches item

  16. doc: PG 16 relnotes, SIMD improvements

  17. doc: PG 16 relnotes, add major features list

  18. doc: PG 16 relnotes, misc merged items and bootstrap detail

  19. doc: PG 16 relnotes, misc. updates

  20. doc: PG 16 relnotes, add commits

  21. Allow logical decoding on standbys

  22. Fix ts_headline() edge cases for empty query and empty search text.

  23. Add a hook for modifying the ldapbind password

  24. Rework design of functions in pg_walinspect

  25. initdb: derive encoding from locale for ICU; similar to libc.

  26. Doc: add XML ID attributes to <sectN> and <varlistentry> tags.

  27. Simplify the implementations of the to_reg* functions.

  28. Rename pg_dissect_walfile_name() to pg_split_walfile_name()

  29. Make materialized views participate in predicate locking

  30. Improve performance of and reduce overheads of memory management

  31. Allow grant-level control of role inheritance behavior.

On Thu, May 18, 2023 at 04:49:47PM -0400, Bruce Momjian wrote:
> 	https://momjian.us/pgsql_docs/release-16.html

> <!--
> Author: Robert Haas <rhaas@postgresql.org>
> 2023-01-10 [cf5eb37c5] Restrict the privileges of CREATEROLE users.
> -->
> 
> <listitem>
> <para>
> Restrict the privileges of CREATEROLE roles (Robert Haas)
> </para>
> 
> <para>
> Previously roles with CREATEROLE privileges could change many aspects of any non-superuser role.  Such changes, including adding members, now require the role requesting the change to have ADMIN OPTION
> permission.
> </para>
> </listitem>
> 
> <!--
> Author: Robert Haas <rhaas@postgresql.org>
> 2023-01-24 [f1358ca52] Adjust interaction of CREATEROLE with role properties.
> -->
> 
> <listitem>
> <para>
> Improve logic of CREATEROLE roles ability to control other roles (Robert Haas)
> </para>
> 
> <para>
> For example, they can change the CREATEDB, REPLICATION, and BYPASSRLS properties only if they also have those permissions.
> </para>
> </listitem>

CREATEROLE is a radically different feature in v16.  In v15-, it was an
almost-superuser.  In v16, informally speaking, it can create and administer
its own collection of roles, but it can't administer roles outside its
collection or grant memberships or permissions not offered to itself.  Hence,
let's move these two into the incompatibilities section.  Let's also merge
them, since f1358ca52 is just doing to clauses like CREATEDB what cf5eb37c5
did to role memberships.

> <!--
> Author: Robert Haas <rhaas@postgresql.org>
> 2022-08-25 [e3ce2de09] Allow grant-level control of role inheritance behavior.
> -->
> 
> <listitem>
> <para>
> Allow GRANT to control role inheritance behavior (Robert Haas)
> </para>
> 
> <para>
> By default, role inheritance is controlled by the inheritance status of the member role.  The new GRANT clauses WITH INHERIT and WITH ADMIN can now override this.
> </para>
> </listitem>
> 
> <!--
> Author: Robert Haas <rhaas@postgresql.org>
> 2023-01-10 [e5b8a4c09] Add new GUC createrole_self_grant.
> Author: Daniel Gustafsson <dgustafsson@postgresql.org>
> 2023-02-22 [e00bc6c92] doc: Add default value of createrole_self_grant
> -->
> 
> <listitem>
> <para>
> Allow roles that create other roles to automatically inherit the new role's rights or SET ROLE to the new role (Robert Haas, Shi Yu)
> </para>
> 
> <para>
> This is controlled by server variable createrole_self_grant.
> </para>
> </listitem>

Similarly, v16 radically changes the CREATE ROLE ... WITH INHERIT clause.  The
clause used to "change the behavior of already-existing grants."  Let's merge
these two and move the combination to the incompatibilities section.

> Remove libpq support for SCM credential authentication (Michael Paquier)

Since the point of removing it is the deep unlikelihood of anyone using it, I
wouldn't list this in "incompatibilities".

> Deprecate createuser option --role (Nathan Bossart)

This is indeed a deprecation, not a removal.  By the definition of
"deprecate", it's not an incompatibility.