1# 4.18.3 (March 9, 2024)
2
3Use spaces instead of parentheses for SQL sanitization.
4
5This still solves the problem of negative numbers creating a line comment, but this avoids breaking edge cases such as
6`set foo to $1` where the substitution is taking place in a location where an arbitrary expression is not allowed.
7
8# 4.18.2 (March 4, 2024)
9
10Fix CVE-2024-27289
11
12SQL injection can occur when all of the following conditions are met:
13
141. The non-default simple protocol is used.
152. A placeholder for a numeric value must be immediately preceded by a minus.
163. There must be a second placeholder for a string value after the first placeholder; both must be on the same line.
174. Both parameter values must be user-controlled.
18
19Thanks to Paul Gerste for reporting this issue.
20
21Fix CVE-2024-27304
22
23SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer
24overflow in the calculated message size can cause the one large message to be sent as multiple messages under the
25attacker's control.
26
27Thanks to Paul Gerste for reporting this issue.
28
29* Fix *dbTx.Exec not checking if it is already closed
30
31# 4.18.1 (February 27, 2023)
32
33* Fix: Support pgx v4 and v5 stdlib in same program (Tomáš Procházka)
34
35# 4.18.0 (February 11, 2023)
36
37* Upgrade pgconn to v1.14.0
38* Upgrade pgproto3 to v2.3.2
39* Upgrade pgtype to v1.14.0
40* Fix query sanitizer when query text contains Unicode replacement character
41* Fix context with value in BeforeConnect (David Harju)
42* Support pgx v4 and v5 stdlib in same program (Vitalii Solodilov)
43
44# 4.17.2 (September 3, 2022)
45
46* Fix panic when logging batch error (Tom Möller)
47
48# 4.17.1 (August 27, 2022)
49
50* Upgrade puddle to v1.3.0 - fixes context failing to cancel Acquire when acquire is creating resource which was introduced in v4.17.0 (James Hartig)
51* Fix atomic alignment on 32-bit platforms
52
53# 4.17.0 (August 6, 2022)
54
55* Upgrade pgconn to v1.13.0
56* Upgrade pgproto3 to v2.3.1
57* Upgrade pgtype to v1.12.0
58* Allow background pool connections to continue even if cause is canceled (James Hartig)
59* Add LoggerFunc (Gabor Szabad)
60* pgxpool: health check should avoid going below minConns (James Hartig)
61* Add pgxpool.Conn.Hijack()
62* Logging improvements (Stepan Rabotkin)
63
64# 4.16.1 (May 7, 2022)
65
66* Upgrade pgconn to v1.12.1
67* Fix explicitly prepared statements with describe statement cache mode
68
69# 4.16.0 (April 21, 2022)
70
71* Upgrade pgconn to v1.12.0
72* Upgrade pgproto3 to v2.3.0
73* Upgrade pgtype to v1.11.0
74* Fix: Do not panic when context cancelled while getting statement from cache.
75* Fix: Less memory pinning from old Rows.
76* Fix: Support '\r' line ending when sanitizing SQL comment.
77* Add pluggable GSSAPI support (Oliver Tan)
78
79# 4.15.0 (February 7, 2022)
80
81* Upgrade to pgconn v1.11.0
82* Upgrade to pgtype v1.10.0
83* Upgrade puddle to v1.2.1
84* Make BatchResults.Close safe to be called multiple times
85
86# 4.14.1 (November 28, 2021)
87
88* Upgrade pgtype to v1.9.1 (fixes unintentional change to timestamp binary decoding)
89* Start pgxpool background health check after initial connections
90
91# 4.14.0 (November 20, 2021)
92
93* Upgrade pgconn to v1.10.1
94* Upgrade pgproto3 to v2.2.0
95* Upgrade pgtype to v1.9.0
96* Upgrade puddle to v1.2.0
97* Add QueryFunc to BatchResults
98* Add context options to zerologadapter (Thomas Frössman)
99* Add zerologadapter.NewContextLogger (urso)
100* Eager initialize minpoolsize on connect (Daniel)
101* Unpin memory used by large queries immediately after use
102
103# 4.13.0 (July 24, 2021)
104
105* Trimmed pseudo-dependencies in Go modules from other packages tests
106* Upgrade pgconn -- context cancellation no longer will return a net.Error
107* Support time durations for simple protocol (Michael Darr)
108
109# 4.12.0 (July 10, 2021)
110
111* ResetSession hook is called before a connection is reused from pool for another query (Dmytro Haranzha)
112* stdlib: Add RandomizeHostOrderFunc (dkinder)
113* stdlib: add OptionBeforeConnect (dkinder)
114* stdlib: Do not reuse ConnConfig strings (Andrew Kimball)
115* stdlib: implement Conn.ResetSession (Jonathan Amsterdam)
116* Upgrade pgconn to v1.9.0
117* Upgrade pgtype to v1.8.0
118
119# 4.11.0 (March 25, 2021)
120
121* Add BeforeConnect callback to pgxpool.Config (Robert Froehlich)
122* Add Ping method to pgxpool.Conn (davidsbond)
123* Added a kitlog level log adapter (Fabrice Aneche)
124* Make ScanArgError public to allow identification of offending column (Pau Sanchez)
125* Add *pgxpool.AcquireFunc
126* Add BeginFunc and BeginTxFunc
127* Add prefer_simple_protocol to connection string
128* Add logging on CopyFrom (Patrick Hemmer)
129* Add comment support when sanitizing SQL queries (Rusakow Andrew)
130* Do not panic on double close of pgxpool.Pool (Matt Schultz)
131* Avoid panic on SendBatch on closed Tx (Matt Schultz)
132* Update pgconn to v1.8.1
133* Update pgtype to v1.7.0
134
135# 4.10.1 (December 19, 2020)
136
137* Fix panic on Query error with nil stmtcache.
138
139# 4.10.0 (December 3, 2020)
140
141* Add CopyFromSlice to simplify CopyFrom usage (Egon Elbre)
142* Remove broken prepared statements from stmtcache (Ethan Pailes)
143* stdlib: consider any Ping error as fatal
144* Update puddle to v1.1.3 - this fixes an issue where concurrent Acquires can hang when a connection cannot be established
145* Update pgtype to v1.6.2
146
147# 4.9.2 (November 3, 2020)
148
149The underlying library updates fix an issue where appending to a scanned slice could corrupt other data.
150
151* Update pgconn to v1.7.2
152* Update pgproto3 to v2.0.6
153
154# 4.9.1 (October 31, 2020)
155
156* Update pgconn to v1.7.1
157* Update pgtype to v1.6.1
158* Fix SendBatch of all prepared statements with statement cache disabled
159
160# 4.9.0 (September 26, 2020)
161
162* pgxpool now waits for connection cleanup to finish before making room in pool for another connection. This prevents temporarily exceeding max pool size.
163* Fix when scanning a column to nil to skip it on the first row but scanning it to a real value on a subsequent row.
164* Fix prefer simple protocol with prepared statements. (Jinzhu)
165* Fix FieldDescriptions not being available on Rows before calling Next the first time.
166* Various minor fixes in updated versions of pgconn, pgtype, and puddle.
167
168# 4.8.1 (July 29, 2020)
169
170* Update pgconn to v1.6.4
171 * Fix deadlock on error after CommandComplete but before ReadyForQuery
172 * Fix panic on parsing DSN with trailing '='
173
174# 4.8.0 (July 22, 2020)
175
176* All argument types supported by native pgx should now also work through database/sql
177* Update pgconn to v1.6.3
178* Update pgtype to v1.4.2
179
180# 4.7.2 (July 14, 2020)
181
182* Improve performance of Columns() (zikaeroh)
183* Fix fatal Commit() failure not being considered fatal
184* Update pgconn to v1.6.2
185* Update pgtype to v1.4.1
186
187# 4.7.1 (June 29, 2020)
188
189* Fix stdlib decoding error with certain order and combination of fields
190
191# 4.7.0 (June 27, 2020)
192
193* Update pgtype to v1.4.0
194* Update pgconn to v1.6.1
195* Update puddle to v1.1.1
196* Fix context propagation with Tx commit and Rollback (georgysavva)
197* Add lazy connect option to pgxpool (georgysavva)
198* Fix connection leak if pgxpool.BeginTx() fail (Jean-Baptiste Bronisz)
199* Add native Go slice support for strings and numbers to simple protocol
200* stdlib add default timeouts for Conn.Close() and Stmt.Close() (georgysavva)
201* Assorted performance improvements especially with large result sets
202* Fix close pool on not lazy connect failure (Yegor Myskin)
203* Add Config copy (georgysavva)
204* Support SendBatch with Simple Protocol (Jordan Lewis)
205* Better error logging on rows close (Igor V. Kozinov)
206* Expose stdlib.Conn.Conn() to enable database/sql.Conn.Raw()
207* Improve unknown type support for database/sql
208* Fix transaction commit failure closing connection
209
210# 4.6.0 (March 30, 2020)
211
212* stdlib: Bail early if preloading rows.Next() results in rows.Err() (Bas van Beek)
213* Sanitize time to microsecond accuracy (Andrew Nicoll)
214* Update pgtype to v1.3.0
215* Update pgconn to v1.5.0
216 * Update golang.org/x/crypto for security fix
217 * Implement "verify-ca" SSL mode
218
219# 4.5.0 (March 7, 2020)
220
221* Update to pgconn v1.4.0
222 * Fixes QueryRow with empty SQL
223 * Adds PostgreSQL service file support
224* Add Len() to *pgx.Batch (WGH)
225* Better logging for individual batch items (Ben Bader)
226
227# 4.4.1 (February 14, 2020)
228
229* Update pgconn to v1.3.2 - better default read buffer size
230* Fix race in CopyFrom
231
232# 4.4.0 (February 5, 2020)
233
234* Update puddle to v1.1.0 - fixes possible deadlock when acquire is cancelled
235* Update pgconn to v1.3.1 - fixes CopyFrom deadlock when multiple NoticeResponse received during copy
236* Update pgtype to v1.2.0
237* Add MaxConnIdleTime to pgxpool (Patrick Ellul)
238* Add MinConns to pgxpool (Patrick Ellul)
239* Fix: stdlib.ReleaseConn closes connections left in invalid state
240
241# 4.3.0 (January 23, 2020)
242
243* Fix Rows.Values panic when unable to decode
244* Add Rows.Values support for unknown types
245* Add DriverContext support for stdlib (Alex Gaynor)
246* Update pgproto3 to v2.0.1 to never return an io.EOF as it would be misinterpreted by database/sql. Instead return io.UnexpectedEOF.
247
248# 4.2.1 (January 13, 2020)
249
250* Update pgconn to v1.2.1 (fixes context cancellation data race introduced in v1.2.0))
251
252# 4.2.0 (January 11, 2020)
253
254* Update pgconn to v1.2.0.
255* Update pgtype to v1.1.0.
256* Return error instead of panic when wrong number of arguments passed to Exec. (malstoun)
257* Fix large objects functionality when PreferSimpleProtocol = true.
258* Restore GetDefaultDriver which existed in v3. (Johan Brandhorst)
259* Add RegisterConnConfig to stdlib which replaces the removed RegisterDriverConfig from v3.
260
261# 4.1.2 (October 22, 2019)
262
263* Fix dbSavepoint.Begin recursive self call
264* Upgrade pgtype to v1.0.2 - fix scan pointer to pointer
265
266# 4.1.1 (October 21, 2019)
267
268* Fix pgxpool Rows.CommandTag() infinite loop / typo
269
270# 4.1.0 (October 12, 2019)
271
272## Potentially Breaking Changes
273
274Technically, two changes are breaking changes, but in practice these are extremely unlikely to break existing code.
275
276* Conn.Begin and Conn.BeginTx return a Tx interface instead of the internal dbTx struct. This is necessary for the Conn.Begin method to signature as other methods that begin a transaction.
277* Add Conn() to Tx interface. This is necessary to allow code using a Tx to access the *Conn (and pgconn.PgConn) on which the Tx is executing.
278
279## Fixes
280
281* Releasing a busy connection closes the connection instead of returning an unusable connection to the pool
282* Do not mutate config.Config.OnNotification in connect
283
284# 4.0.1 (September 19, 2019)
285
286* Fix statement cache cleanup.
287* Corrected daterange OID.
288* Fix Tx when committing or rolling back multiple times in certain cases.
289* Improve documentation.
290
291# 4.0.0 (September 14, 2019)
292
293v4 is a major release with many significant changes some of which are breaking changes. The most significant are
294included below.
295
296* Simplified establishing a connection with a connection string.
297* All potentially blocking operations now require a context.Context. The non-context aware functions have been removed.
298* OIDs are hard-coded for known types. This saves the query on connection.
299* Context cancellations while network activity is in progress is now always fatal. Previously, it was sometimes recoverable. This led to increased complexity in pgx itself and in application code.
300* Go modules are required.
301* Errors are now implemented in the Go 1.13 style.
302* `Rows` and `Tx` are now interfaces.
303* The connection pool as been decoupled from pgx and is now a separate, included package (github.com/jackc/pgx/v4/pgxpool).
304* pgtype has been spun off to a separate package (github.com/jackc/pgtype).
305* pgproto3 has been spun off to a separate package (github.com/jackc/pgproto3/v2).
306* Logical replication support has been spun off to a separate package (github.com/jackc/pglogrepl).
307* Lower level PostgreSQL functionality is now implemented in a separate package (github.com/jackc/pgconn).
308* Tests are now configured with environment variables.
309* Conn has an automatic statement cache by default.
310* Batch interface has been simplified.
311* QueryArgs has been removed.
View as plain text