Last-minute updates for release notes.

Security: CVE-2021-3393, CVE-2021-20229

diff --git a/doc/src/sgml/release-11.sgml b/doc/src/sgml/release-11.sgml
index 2f8bb5a5c04465004c433ee5b635f1a2ad27d3c1..c655a7f25dd54b3aec9a40a072a9c826e1212a64 100644 (file)
--- a/doc/src/sgml/release-11.sgml
+++ b/doc/src/sgml/release-11.sgml
@@ -23,7 +23,7 @@
    </para>
 
    <para>
-    However, see the first changelog item below,
+    However, see the second changelog item below,
     which describes cases in which reindexing indexes after the upgrade
     may be advisable.
    </para>
@@ -41,6 +41,30 @@
 
     <listitem>
 <!--
+Author: Heikki Linnakangas <heikki.linnakangas@iki.fi>
+Branch: master [6214e2b22] 2021-02-08 11:01:51 +0200
+Branch: REL_13_STABLE [8e56684d5] 2021-02-08 11:01:55 +0200
+Branch: REL_12_STABLE [f50e88899] 2021-02-08 11:01:55 +0200
+Branch: REL_11_STABLE [cb5868cc1] 2021-02-08 11:01:55 +0200
+-->
+     <para>
+      Fix information leakage in constraint-violation error messages
+      (Heikki Linnakangas)
+     </para>
+
+     <para>
+      If an <command>UPDATE</command> command attempts to move a row to a
+      different partition but finds that it violates some constraint on
+      the new partition, and the columns in that partition are in
+      different physical positions than in the parent table, the error
+      message could reveal the contents of columns that the user does not
+      have <literal>SELECT</literal> privilege on.
+      (CVE-2021-3393)
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
 Author: Noah Misch <noah@leadboat.com>
 Branch: master [8a54e12a3] 2021-01-30 00:00:27 -0800
 Branch: REL_13_STABLE [86a5b309c] 2021-01-30 00:00:42 -0800