PostgreSQL Global Development Team Releases Updates for Supported Versions, Announces PostgreSQL 10 End‑of‑Life, Details CVE‑2022‑2625, and Introduces PostgreSQL 15 Beta 3

The PostgreSQL global development team released updates for all currently supported versions (14.5, 13.8, 12.12, 11.17, 10.22) and the third beta of PostgreSQL 15, closing a security vulnerability and fixing more than 40 bugs reported over the past three months.

PostgreSQL 10 will reach end‑of‑life on 10 November 2022; users running it in production are strongly encouraged to upgrade to a newer, supported version to continue receiving error and security fixes.

The security issue CVE‑2022‑2625 affects versions 10‑14 and allows extension scripts to replace objects that are not part of the extension by using commands such as CREATE OR REPLACE or CREATE IF NOT EXISTS . Exploiting this requires the ability to create a non‑temporary object in at least one schema, enabling an attacker to trigger the vulnerable extension code.

Because the core server blocks this attack, no modification of individual extensions is required; however, the vulnerability could allow an attacker (potentially a superuser) to execute arbitrary code.

PostgreSQL 15 beta 3 marks the third beta release, moving the community toward a general‑availability milestone in the third quarter. Users are encouraged to test new features on this beta but should avoid running it in production environments.

The update also includes numerous bug fixes and improvements, such as:

Fix for replaying CREATE DATABASE WAL on standby when a tablespace directory is missing.

Support for tablespaces that are ordinary directories rather than symbolic links.

Permission‑check fix in CREATE INDEX to use the user's privileges, addressing issues related to CVE‑2022‑1552.

Corrected permission checks in extension statistics code.

Improved handling of most‑common‑value (MCV) statistics for boolean expressions.

Fix for ALTER TABLE ... ENABLE/DISABLE TRIGGER to handle recursive triggers on partitioned tables.

Rejection of ROW() expressions and functions with more than 1600 columns in FROM clauses.

Memory‑leak fix in logical replication subscribers.

Cleanup of commit‑time errors in SPI_commit() , including a fix for Python 3.11 crashes in PL/Python.

Improved idle‑state handling in libpq pipeline mode.

Fix in pg_upgrade to detect non‑upgradable usages of functions accepting anyarray arguments.

Various postgres_fdw fixes, such as preventing bulk inserts when a WITH CHECK OPTION constraint is present.

For more information, see the PostgreSQL beta page ( https://www.postgresql.org/developer/beta/ ) and the PostgreSQL 15 release notes ( https://www.postgresql.org/docs/15/release-15.html ).