Release date: 2025-02-20
This release contains a few fixes from 13.19. For information about new features in major release 13, see Section E.21.
The PostgreSQL community will stop releasing updates for the 13.X release series in November 2025. Users are encouraged to update to a newer release branch soon.
A dump/restore is not required for those running 13.X.
However, if you are upgrading from a version earlier than 13.17, see Section E.4.
Improve behavior of libpq's quoting functions (Andres Freund, Tom Lane) § § §
The changes made for CVE-2025-1094 had one serious oversight: PQescapeLiteral() and PQescapeIdentifier() failed to honor their string length parameter, instead always reading to the input string's trailing null. This resulted in including unwanted text in the output, if the caller intended to truncate the string via the length parameter. With very bad luck it could cause a crash due to reading off the end of memory.
In addition, modify all these quoting functions so that when invalid encoding is detected, an invalid sequence is substituted for just the first byte of the presumed character, not all of it. This reduces the risk of problems if a calling application performs additional processing on the quoted string.
Fix crash involving triggers on partitioned tables that make use of transition tables (Kyotaro Horiguchi) §
If there are both AFTER UPDATE and AFTER DELETE triggers, the need for transition tables was determined incorrectly, leading to a crash during cross-partition updates.