Releases: tada/pljava
PL/Java 1.5.0 announced; security note.
PL/Java brings functions, triggers, and types in Java. 1.5.0 supports latest PostgreSQL and Java versions with a range of improvements and fixes.
Project site: http://tada.github.io/pljava/
Release notes: http://tada.github.io/pljava/releasenotes.html
Security note:
Several security issues are addressed in PL/Java 1.5.0, as described in the release notes, so sites running earlier versions are encouraged to update. The release notes also describe practical mitigations to reduce risk until an update can be completed.
Platforms:
PL/Java 1.5.0 works with Java 8, 7, or 6 and all 9.x PostgreSQL versions as well as 8.4. To support projects based on older PostgreSQL forks, PL/Java 1.5.0 is also intended to build with 8.3 and 8.2, but has not been tested on those versions.
PL/Java 1.5.0 resolves reported build issues on several platforms, and new sections of the build documentation specifically cover Mac OS X, Solaris, Ubuntu, and Windows (using Visual Studio or MinGW-64). FreeBSD 10.2 or later is expected to work but has not been tested.
Changes:
PL/Java 1.5.0 brings more complete, usable, and documented capability for Java-implemented user-defined base types, composite types, and mirrors of existing PostgreSQL types, an annotation-driven SQL generator reducing the effort of writing deployment SQL by hand, and many smaller improvements and fixes detailed in the release notes. The supplied examples cover many of these features.
Availability:
PL/Java 1.5.0 is available from GitHub as a source release, which builds quickly using Maven:
Release page: https://github.com/tada/pljava/releases/tag/V1_5_0
This wiki page will add links to prebuilt packages that become available:
https://github.com/tada/pljava/wiki/Prebuilt-packages
Many thanks to all the individuals and organizations listed in the release notes under Credits.
Release 1.5.0-BETA3
PL/Java 1.5.0-BETA3 announced.
PL/Java brings functions, triggers, and types in Java. 1.5.0, now in third beta/release candidate, supports latest PostgreSQL and Java versions with a range of improvements and fixes.
Project site: http://tada.github.io/pljava/
Release notes: http://tada.github.io/pljava/releasenotes.html
Although PL/Java has historically used numbered betas and not "RC" releases, this may be considered a 1.5.0 release candidate.
Changes since 1.5.0-BETA2:
- Fix for CVE-2016-2192, which could affect sites that are using PL/Java's type mapping features. (A mitigation before upgrading to 1.5.0 is simply to
REVOKE EXECUTE ... FROM PUBLICon the functionssqlj.add_type_mappingandsqlj.drop_type_mapping, and grant the privilege selectively to users or roles needing it.) - A workaround is documented for faulty builds of OpenJDK 6 and 7 found on Ubuntu
- Fixed: bogus values when using some user-defined types on little-endian hardware
- Fixed: user-defined types failing to be registered depending on the first access in a session
- Fixed:
TupleDescreference leak warnings involving composite user-defined types - Partial support (and a working example) added for user-defined types with type modifiers
- Extensive added documentation on tuning Java VM options, including class data sharing
Please see the release notes for more details and the cumulative list of changes.
Many thanks to all the individuals and organizations listed in the release notes under Credits.
Release 1.5.0-BETA2
PL/Java 1.5.0-BETA2 announced.
PL/Java brings functions, triggers, and types in Java. 1.5.0, now in second beta/release candidate, supports latest PostgreSQL and Java versions with a range of improvements and fixes.
Project site: http://tada.github.io/pljava/
Release notes: http://tada.github.io/pljava/releasenotes.html
Although PL/Java has historically used numbered betas and not "RC" releases, this may be considered a 1.5.0 release candidate.
Changes since 1.5.0-BETA1:
- Microsoft Windows builds are now supported using both the Visual Studio and the MinGW-w64 toolchains.
- Fixed: two build/install issues on Mac OS X El Capitan (issue 94, issue 96)
- Fixed: parameter declaration generated for trigger function (issue 92)
- Fixed: source location missing for some annotation errors (issue 95)
- Fixed:
pljava-apijar missing from installation jar
Please see the release notes for more details and the cumulative list of changes.
Many thanks to all the individuals and organizations listed in the release notes under Credits.
Release 1.5.0-BETA1
PL/Java 1.5.0-BETA1 announced; security note.
PL/Java brings functions, triggers, and types in Java. 1.5.0, now in beta, supports latest PostgreSQL and Java versions with a range of improvements and fixes.
Project site: http://tada.github.io/pljava/
Release notes: http://tada.github.io/pljava/releasenotes.html
Security note:
1.5.0 brings a policy change to a more secure-by-default posture, where the ability to create functions in 'LANGUAGE java' is no longer automatically granted to 'public', but can be selectively granted to roles that will have that responsibility. The change reduces exposure to a known issue present in 1.5.0 and earlier versions, that will be closed in a future release; details are in the release notes.
The new policy will be applied in a new installation; permissions will not be changed in an upgrade, but any site can move to this policy, even before updating to 1.5.0, with REVOKE USAGE ON LANGUAGE java FROM public; followed by explicit GRANT commands for the users/roles expected to create Java functions. Many sites guided by the principle of least privilege may have chosen such a policy already.
MS Windows note:
1.5.0 development snapshots have been repeatedly tested on Windows building with Visual Studio (including the Express and Community editions), and the build documentation covers this combination. Beta testers should find it straightforward.
Resources have not been available to test MinGW-based builds. Beta testers using this combination are encouraged to report build issues they may encounter. (Patches, where possible, would be appreciated also. A likely place to look in case of issues would be the comments above PLJAVADLLEXPORT in Backend.c.)
Many thanks to all the individuals and organizations listed in the release notes under Credits.