relnotes: improve PG 15 schema permission change wording

Reported-by: Noah Misch
Discussion: https://postgr.es/m/20220630050808.GC2257984@rfd.leadboat.com

Backpatch-through: 15 only

diff --git a/doc/src/sgml/release-15.sgml b/doc/src/sgml/release-15.sgml
index 1cf6375ed1d3076ff3e29036d35bb2b1f5c92f34..cebc124ba4e6fe1001606eb02e609d429e9e9994 100644 (file)
--- a/doc/src/sgml/release-15.sgml
+++ b/doc/src/sgml/release-15.sgml
@@ -58,16 +58,20 @@ Author: Noah Misch <noah@leadboat.com>
      </para>
 
      <para>
-      This is a change in the default for newly-created databases in
-      existing clusters and for new clusters;  <literal>USAGE</literal>
-      permissions on the <literal>public</literal> schema has not
-      been changed.  Databases restored from previous Postgres releases
-      will be restored with their current permissions.  Users wishing
-      to have the former permissions will need to grant
-      <literal>CREATE</literal> permission for <literal>PUBLIC</literal>
-      on the <literal>public</literal> schema; this change can be made
-      on <literal>template1</literal> to cause all new databases
-      to have these permissions.
+      The new default is one of the secure schema usage patterns that <xref
+      linkend="ddl-schemas-patterns"/> has recommended since the security
+      release for CVE-2018-1058.  The change applies to newly-created
+      databases in existing clusters and for new clusters.  Upgrading a
+      cluster or restoring a database dump will preserve existing permissions.
+     </para>
+
+     <para>
+      For existing databases, especially those having multiple users,
+      consider revoking <literal>CREATE</literal> permission on
+      the <literal>public</literal> schema to adopt this new default.
+      For new databases having zero need to defend against insider threats,
+      granting <literal>CREATE</literal> permission will yield the behavior
+      of prior releases.
      </para>
     </listitem>